[WHATSNEW] Samba AD with MIT Kerberos + Version change
Andreas Schneider
asn at samba.org
Tue May 2 16:01:01 UTC 2017
On Tuesday, 2 May 2017 17:40:20 CEST Rowland Penny via samba-technical wrote:
> On Tue, 2 May 2017 13:46:46 +0200
>
> L.P.H. van Belle <belle at bazuin.nl> wrote:
> > Hai Rowland.
> >
> > If you want to test with a jessie 1.15.1
> >
> > Get an amd64 build here.
> >
> > http://downloads.van-belle.nl/samba4/jessie-krb5-1.15.1.tar.gz
> > Debs, sources, buildlogs, are all in the tar.gz.
> >
> > And now you can easy reproduce these on you Devuan.
> >
> >
> > Greetz,
> >
> > Louis
>
> OK, things move on, whilst trying to build MIT krb5, I got the above,
> so rather than re-invent the wheel, I have used them, thanks Louis ;-)
>
> I now have a test MIT DC in a VM, but (there is always a but, isn't
> there ;-) ) I cannot kinit. When I try, I get this:
>
> kinit Administrator
> kinit: Cannot contact any KDC for realm 'TEST.TLD' while getting
> initial credentials
The MIT library (kinit) needs to find the KDC. It does this via DNS service
lookup. Samba has its own DNS server so I think your DNS server configured in
/etc/resolv.confis not 127.0.0.1 so it can't find the KDC.
The other option is that in /etc/krb5.conf you specify the kdc ip address for
the realm.
> Am I now supposed to start the MIT kdc ?
Nope.
> If I do try to start it, I get:
>
> service krb5-kdc start
> [....] Starting Kerberos KDC: krb5kdckrb5kdc: cannot initialize realm
> TEST.TLD - see log file for details failed!
>
> and there is this in auth.log:
>
> May 2 16:25:35 devtestdc krb5kdc[7911]: Cannot open DB2 database
> '/var/lib/krb5kdc/principal': No such file or directory - while
> initializing database for realm TEST.TLD
I've provisioned the AD DC with samba-tool which created /var/kerberos/
krb5kdc/kdc.conf for me. It looks like your system has a different kdc.conf.
So you can create it at a special location during provision and set it with
the 'mit kdc config' options.
Andreas
Andreas
More information about the samba-technical
mailing list