krb5.conf Second domain controller
Michael Wood
esiotrot at gmail.com
Thu Nov 11 14:21:25 MST 2010
Hi
I have copied my reply to samba-technical.
On 11 November 2010 18:17, Konstantin Pobudzey <5836000 at gmail.com> wrote:
[...]
> I did net/vampire with success.
Which version of Samba did you use?
> 1)
> I noticed that second domain controller not listening on port 3268. Is this normal ?
I'm not sure. I have not checked for this in the past when I did a
net vampire and I currently only have one Samba 4 DC.
I see that port is supposed to be for the Global Catalogue. I would
guess that all DCs should listen on this port, but I don't know for
sure.
> (
> /usr/local/samba/private/dns_update_list file suggest to have record for gc service for second domain controller )
Well then I suppose the second one should be listening on that port
too. Did you see anything in the logs about this? What version of
Samba is it?
> 2) Should I add record for dc2 in /etc/krb5.conf on both servers ?
> I suggest
> [realms]
> TEST.LOCAL = {
> kdc = dc1.test.local:88
> kdc = dc2.test.local:88
> admin_server = dc1.test.local:749
> admin_server = dc2.test.local:749
> default_domain = test.local
I don't think this is necessary, because the clients can look up the
information in DNS. (Although the admin server is not in DNS, or at
least not with that port, so not sure what it's for exactly.)
You might need this in your krb5.conf:
[libdefaults]
dns_lookup_realm = true
dns_lookup_kdc = true
default_realm = TEST.LOCAL
Perhaps someone else on the list can clarify.
--
Michael Wood <esiotrot at gmail.com>
More information about the samba-technical
mailing list