Hello, I am trying to get samba to use two kerberos realms for authentication at the same time. I am able to use one XOR the other by changing only REALM = .... in smb.conf Is there a way of configuring Samba to try one realm, and then if authentication fails, try the other realm? Thanks! Chad.
On 01/03/16 20:44, Chad William Seys wrote:> Hello, > > I am trying to get samba to use two kerberos realms for authentication at the > same time. > > I am able to use one XOR the other by changing only > REALM = .... > in smb.conf > > Is there a way of configuring Samba to try one realm, and then if > authentication fails, try the other realm? > > > Thanks! > Chad. >Not sure if you can do this, it might help if we can see your smb.conf. I am very sure it won't work if you are running Samba as an AD DC, but as a domain member etc, it might. Rowland
Hi Rowland,
Below is output of testparm. Samba is set up as standalone server.
# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[generic]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
[global]
realm = PHYSICS.WISC.EDU
server string = %h server
server role = standalone server
security = ADS
map to guest = Bad User
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
kerberos method = secrets and keytab
syslog = 0
max log size = 100000
client ldap sasl wrapping = sign
dns proxy = No
panic action = /usr/share/samba/panic-action %d
idmap config * : backend = tdb
[generic]
path = /srv/smb