Aw: [PATCH] Improve krb5 KDC tests, kdc behaviour

support at remsnet.de support at remsnet.de
Fri Jan 30 03:18:21 MST 2015


Andrew,

may you and garmin add KDC ldap forest srv dns checks , that explicitly run after an  join as an DC had been done please ?

Sample from latest sernet 4.1.x samba :


Server ldap/ADHRST.ADS.SOFTWAREENERGIE.EU at ADS.SOFTWAREENERGIE.EU is not registered with our KDC:  Miscellaneous failure (see text): Server (ldap/ADHRST at ADS.SOFTWAREENERGIE.EU) unknown
SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed: NT_STATUS_INVALID_PARAMETER


An join as DC shuold 

- add dns A entrys
- add dns srv forest entries
- add ldap srv register itsself 
- add IN NS entries , register itsself as NS 

All this missing things affects VPN based AD stabilty. 




--
Mit freundlichen Grüßen / Best Regards

Horst Venzke ; PGP NET : 1024G/082F2E6D ;  http://www.remsnet.de

Legal Notice: This transmittal and/or attachments may be privileged or confidential. It is intended solely for the addressee named above. Any review, dissemination, or copying is strictly prohibited. If you received this transmittal in error, please notify us immediately by reply and immediately delete this message and all its attachments. Thank you.


> Gesendet: Freitag, 30. Januar 2015 um 05:44 Uhr
> Von: "Andrew Bartlett" <abartlet at samba.org>
> An: metze at samba.org
> Cc: samba-technical at lists.samba.org
> Betreff: [PATCH] Improve krb5 KDC tests, kdc behaviour
>
> Metze,
> 
> Attached is some improvements to our KDC test script, and a fix for our
> KDC.  
> 
> I still need to cover the canonicalize case for TGS-REQ, but this needs
> further work (I have to rework the code to use krb5_get_creds).
> 
> Garming has reviewed it, but I wanted to see what you thought about it. 
> 
> Thanks,
> 
> Andrew Bartlett
> -- 
> Andrew Bartlett
> http://samba.org/~abartlet/
> Authentication Developer, Samba Team  http://samba.org
> Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba
> 
> 
> 
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: addressbook.vcf
Type: text/x-vcard
Size: 929 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150130/fbff3cee/attachment.vcf>


More information about the samba-technical mailing list