samba4 joining a domain with /etc/krb5.conf setup

Andrew Bartlett abartlet at samba.org
Tue Apr 20 16:15:35 MDT 2010 

On Tue, 2010-04-20 at 15:25 +0300, Anatoliy Atanasov wrote:
> Hi List,
> 
> Here's the wiki page where the join is described:
> http://wiki.samba.org/index.php/Samba4_joining_a_domain#Getting_ready_for_joining_Samba_as_a_DC_to_an_exiting_domain
> 
> Quote:
> "You should have your existing domain setup correctly as your default realm in /etc/krb5.conf, and you should have these options setup in /etc/krb5.conf:
> 
> [libdefaults]
>  dns_lookup_realm = true
>  dns_lookup_kdc = true
>  ...."
> 
> I compare this with generated krb5.conf file during provision and here it is:
> Generated:
> [libdefaults]
> 	dns_lookup_realm = false
> 	dns_lookup_kdc = false
> 	....
> 
> Yesterday i had a problem with setting up net vampire's realm and changed the settings of /etc/krb5.conf to false and it worked fine. I am not familiar with these parameters, so which settings are correct?

Hmm.  Part of what has happened here is when I put it in the provision I
copied the krb5.conf that the selftest environment used, which must not
do DNS lookups (as we are in 'make test', and the realm isn't real). 

We should make provision generate the first one, but have 'make test'
use the second. 

I'm trialling a patch that makes us much less sensitive to the
system-provided realm.  Try the attached patch and tell me if it helps. 

Andrew Bartlett
-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-s4-gensec-Use-a-different-form-of-name-in-GSSAPI-imp.patch
Type: text/x-patch
Size: 1368 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100421/27fd4d68/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100421/27fd4d68/attachment.pgp>

More information about the samba-technical mailing list