Aw: [PATCH] Improve krb5 KDC tests, kdc behaviour

support at support at
Fri Jan 30 03:18:21 MST 2015


may you and garmin add KDC ldap forest srv dns checks , that explicitly run after an  join as an DC had been done please ?

Sample from latest sernet 4.1.x samba :

Server ldap/ADHRST.ADS.SOFTWAREENERGIE.EU at ADS.SOFTWAREENERGIE.EU is not registered with our KDC:  Miscellaneous failure (see text): Server (ldap/ADHRST at ADS.SOFTWAREENERGIE.EU) unknown

An join as DC shuold 

- add dns A entrys
- add dns srv forest entries
- add ldap srv register itsself 
- add IN NS entries , register itsself as NS 

All this missing things affects VPN based AD stabilty. 

Mit freundlichen Grüßen / Best Regards

Horst Venzke ; PGP NET : 1024G/082F2E6D ;

Legal Notice: This transmittal and/or attachments may be privileged or confidential. It is intended solely for the addressee named above. Any review, dissemination, or copying is strictly prohibited. If you received this transmittal in error, please notify us immediately by reply and immediately delete this message and all its attachments. Thank you.

> Gesendet: Freitag, 30. Januar 2015 um 05:44 Uhr
> Von: "Andrew Bartlett" <abartlet at>
> An: metze at
> Cc: samba-technical at
> Betreff: [PATCH] Improve krb5 KDC tests, kdc behaviour
> Metze,
> Attached is some improvements to our KDC test script, and a fix for our
> KDC.  
> I still need to cover the canonicalize case for TGS-REQ, but this needs
> further work (I have to rework the code to use krb5_get_creds).
> Garming has reviewed it, but I wanted to see what you thought about it. 
> Thanks,
> Andrew Bartlett
> -- 
> Andrew Bartlett
> Authentication Developer, Samba Team
> Samba Developer, Catalyst IT
-------------- next part --------------
A non-text attachment was scrubbed...
Name: addressbook.vcf
Type: text/x-vcard
Size: 929 bytes
Desc: not available
URL: <>

More information about the samba-technical mailing list