[WHATSNEW] Samba AD with MIT Kerberos + Version change
Rowland Penny
rpenny at samba.org
Wed May 3 09:20:41 UTC 2017
On Wed, 03 May 2017 09:21:38 +0200
Andreas Schneider <asn at samba.org> wrote:
> On Wednesday, 3 May 2017 09:10:10 CEST Rowland Penny via
> samba-technical wrote:
> > On Wed, 03 May 2017 08:30:22 +0200
> >
> > Andreas Schneider <asn at samba.org> wrote:
> > > On Wednesday, 3 May 2017 07:48:34 CEST Rowland Penny wrote:
> > > > On Tue, 2 May 2017 15:39:06 -0600
> > > >
> > > > Jeff Sadowski <jeff.sadowski at gmail.com> wrote:
> > > > > The output says to look
> > > > > here /usr/local/samba/private/krb5.conf from the locations
> > > > > you are looking It looks like you might have missed that.
> > > >
> > > > Nope, that is the standard krb5.conf and I have moved it (as I
> > > > always do) to /etc/krb5.conf, unless I am missing something,
> > > > this is not the kdc.conf
> > >
> > > samba-tool domain provision --help
> > >
> > >
> > > ~snip~
> > >
> > > --kdc-config-dir=KDC-CONFIG-DIR
> > >
> > > Set the MIT KDC config directory
> > > (default='/var/kerberos/krb5kdc')
> > >
> > > ~snip~
> > >
> > > So, by default it creates the file in /var/kerberos/krb5kdc for
> > > me. And that works just fine.
> > >
> > > However, you're right, specifying a location with the option
> > > --kdc-config-dir= doesn't work. You found a bug :)
> >
> > Do you mean the one where it being set to 'kdc_default_config_dir =
> > "None"' in kerberos_implementation.py ?
>
> https://git.samba.org/?p=asn/
> samba.git;a=commitdiff;h=fb4053949e3d4a0c3ab97cc30b5f3bdc53f914ae
>
> should fix the issue with the default config.
>
>
> However python/samba/netcmd/domain.py this reads --kdc-config-dir and
> passes it down to the provision function. Somewhere on the way down
> the stack it is probably lost so that the default location is used :(
>
>
> Andreas
OK, I think I have found out why 'kdc.conf' isn't getting created ;-)
in 'kerberos.py' there is this def:
def make_kdcconf(realm, domain, kdcconfdir, logdir):
if I comment out these lines, it does get created:
if _glue.is_heimdal_built:
return
Is it possible that something is saying that heimdal is built, even
though it isn't ?
I still haven't got anything listening on port 88.
Rowland
More information about the samba-technical
mailing list