Hi. Using MIT5 backend with Samba.. I'm wondering if anyone can provide some insight into the "logging" lines in krb5.conf.? By default, they don't exist. I've seen mention of adding these lines: [logging] ?default = FILE:/var/log/krb5libs.log ?kdc = FILE:/var/log/krb5kdc.log ?admin_server = FILE:/var/log/kadmind.log As far as I can tell, the "admin_server" lines don't apply to Samba because the DC doesn't seem to be running anything on the admin port (I think). Should these lines be on all the Linux AD clients, or does it only make sense to put these on the server? Am I modifying /etc/krb5.conf on the server, or in the samba dir private/krb5.conf? I added to /etc/krb5.conf on the server but the log files aren't being created.? I tried to stop and start the server process and it didn't make a difference. I assumed that after running kinit, or SSHing from one system to another, I'd see lines show up in those logs (at least the kdc one). Thanks for any suggestions. Jason.
On 05/10/2020 16:30, Jason Keltz via samba wrote:> Hi. > > Using MIT5 backend with Samba..I hope you mean on the clients, the use of MIT as the kdc on a Samba DC is experimental and shouldn't be used in production> > I'm wondering if anyone can provide some insight into the "logging" > lines in krb5.conf.? By default, they don't exist. > > I've seen mention of adding these lines: > > [logging] > ?default = FILE:/var/log/krb5libs.log > ?kdc = FILE:/var/log/krb5kdc.log > ?admin_server = FILE:/var/log/kadmind.log > > As far as I can tell, the "admin_server" lines don't apply to Samba > because the DC doesn't seem to be running anything on the admin port > (I think). > > Should these lines be on all the Linux AD clients, or does it only > make sense to put these on the server?It doesn't make sense to put them anywhere, they don't seem to do anything Rowland
On 10/5/2020 11:58 AM, Rowland penny via samba wrote:> On 05/10/2020 16:30, Jason Keltz via samba wrote: >> Hi. >> >> Using MIT5 backend with Samba.. > I hope you mean on the clients, the use of MIT as the kdc on a Samba > DC is experimental and shouldn't be used in productionHi Roland, our environment uses CentOS 7.? I don't have much choice but to use this on the server.>> >> I'm wondering if anyone can provide some insight into the "logging" >> lines in krb5.conf.? By default, they don't exist. >> >> I've seen mention of adding these lines: >> >> [logging] >> ?default = FILE:/var/log/krb5libs.log >> ?kdc = FILE:/var/log/krb5kdc.log >> ?admin_server = FILE:/var/log/kadmind.log >> >> As far as I can tell, the "admin_server" lines don't apply to Samba >> because the DC doesn't seem to be running anything on the admin port >> (I think). >> >> Should these lines be on all the Linux AD clients, or does it only >> make sense to put these on the server? > It doesn't make sense to put them anywhere, they don't seem to do > anythingOk.? Thanks. It seems I see them being added in so many online tutorials. Jason.