On Fri, 2013-11-01 at 10:28 +0000, lux-integ wrote:> Greetings,
>
> I bave a linux-running-computer acting as a KDC. It has :-
> OS--blfs linux gcc-4.8.1 linux-3.10.17, krb5-1.11.2, openldap-2.4.35,
cyrus-
> sasl-2.4.26,bind-9.9.4,ntp4.2.7
>
> my /etc/krb5.conf has :-
>
> [dbmodules]
> openldap_ldapconf = {
> db_library = kldap
> ldap_kerberos_container_dn = cn=krbcontainer,dc=somewhere,dc=com
> ldap_kdc_dn = "cn=kdc-service,dc=somewhere,dc=com"
> # this object needs to have read rights on
> # the realm container and principal subtrees
> ldap_kadmind_dn = "cn=adm-service,dc=somewhere,dc=com"
> # this object needs to have read and write rights on
> # the realm container and principal subtrees
> ldap_service_password_file = /etc/krb5/service.keyfile
> ldap_servers = ldaps://machine1.somewhere.com
> ldaps://machine2.somewhere.com
> ldap_conns_per_server = 5
> }
>
> in otherwords ldap uses krb5 for authentication
> (AND it took me ages to work out and test the krb5.conf and have ldap and
> cyrus and bind all working together )
Indeed, and it is the total pain that this causes that was one of the
many reasons behind producing a integrated service, rather than a set of
components to be configured.
> NOW I want to use the machine as a domain controller and install samba4
> thereon. I learnt that samba4 has a bundled ldap and cant use the ldap
> already installed.
>
> The question is could I still use the /etc/krb5.conf (excerpt thereof
above)
> as is or would there be a conflict with the bundled ldap in samba4
No.
> OR is it possible to configure samba4 to use the ldap already installed?
No.
> OR
Just use:
[libdefaults]
default_realm = SAMBA.EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = true
(and typically nothing else)
> OR
>
> Advice /suggestions will be greately appreciated
I hope this helps,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org