search for: dns_canonicalize_hostname

In my old Samba/NT/OpenLDAP domains i was used to setup, on some specific hosts/VM, a simple authentication scheme, so i simply create locally (eg 'adduser') some users, and then i setupped only PAM part of ldap. Seems to me now, on Samba/AD, to use Kerberos. And seems also TOO easy! I've simply installed 'libpam-krb5', reply to the debconfig question wit the AD/Kerberos

Mandi! Robert Marcano via samba In chel di` si favelave... > Yes, check the documentation of krb5.conf. Ahem, 'apt-get install krb5-doc' misses. ;-) > In summary you will need to > disable dns_canonicalize_hostname dns_lookup_kdc , etc if enabled and set > you admin and kdc hostnames there, something like: How can i determine kdc and master_kdc values? All DC server are KDC and the FSMO role are master_kdc? -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'...

...> b) i use the same setup in firewalls, that have no knowledge of > internal DNS. There's some way to setup kerberos authentication with > 'no DNS'?! EG, putting some info on /etc/hosts?! > Yes, check the documentation of krb5.conf. In summary you will need to disable dns_canonicalize_hostname dns_lookup_kdc , etc if enabled and set you admin and kdc hostnames there, something like: [realms] EXAMPLE.COM = { kdc = kdc.example.com:88 master_kdc = kdc.example.com:88 admin_server = kadmin.example.com:749 default_domain = example.com .... } > > Thanks. >