[Samba] krb5.conf & kdc=, explicit vs automatic
Michael Tokarev
mjt at tls.msk.ru
Wed Feb 14 07:51:28 UTC 2024
14.02.2024 10:22, Michael Tokarev via samba:
>
> Okay, without any reply from the Samba community, I fixed this one by
> creating a good krb5.conf file and stopping winbind from creating private
> one, by setting `create krb5 conf' to false (this setting wasn't easy to find
> for me, I had to look in sources to find it, despite it is being documented).
Actually this still doesn't work due to a related bug,
https://bugzilla.samba.org/show_bug.cgi?id=15536
So for now, I ended up in a really weird configuration.
This host is running named to provide DNS for the LAN clients.
But due to Bug#15536, wibind does not work. This is why I tried
to explicitly list KDCs in krb5.conf, so winbind does not use
DNS to get the KDC.
So in local resolv.conf, I specify two *windows* nameservers which
use this host as a forwarder. So local programs get DNS info from
a nearby windows nameserver which asks named running on this host
for an answer.
This looks like an idiocy but it at least works :)
I'm looking at running samba in a separate container with its own
resolv.conf pointing at the windows nameservers, so at least all
other programs on the same host can use local named.. :)
FWIW.
/mjt
More information about the samba
mailing list