[WHATSNEW] Samba AD with MIT Kerberos + Version change

L.P.H. van Belle belle at bazuin.nl
Fri May 5 11:39:11 UTC 2017 

Now based on this below. 

I already created this patch for the debian samba 470 packages.
This works as long as the code can detect : /etc/krb5kdc correctly without --kdc-config-dir= in provisioning,
because most people will us the --kdc-config-dir .

krb5kdc.patch
--- samba-4.7.0.orig/python/samba/provision/kerberos_implementation.py
+++ samba-4.7.0/python/samba/provision/kerberos_implementation.py
@@ -14,5 +14,5 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
-kdb_modules_dir = "/usr/local/samba/lib/krb5/plugins/kdb"
+kdb_modules_dir = "/usr/lib/x86_64-linux-gnu/krb5/plugins/kdb"
 kdc_default_config_dir = "None"
+kdc_default_config_dir = "/etc/krb5kdc"


Only this need the correct fix, for that we need the devs..  

> Did you also modify python/samba/provision/kerberos.py:29:
>   if _glue.is_heimdal_built:
> to
>   if _glue.is_heimdal_built():

A small check if i could access the sysvol for example works. 
Just simple test, \\IP\ 
Login prompt, NTUSER\Administrator 
And it works. 

And i did see that the sysvol rights are ok :-) 

Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba-technical 
> [mailto:samba-technical-bounces at lists.samba.org] Namens 
> L.P.H. van Belle via samba-technical
> Verzonden: vrijdag 5 mei 2017 13:27
> Aan: samba-technical at lists.samba.org
> CC: Andreas Schneider
> Onderwerp: RE: [WHATSNEW] Samba AD with MIT Kerberos + Version change
> 
> Works here now.  ;-) 
> 
> Made these changes 
> 
> Did you also modify python/samba/provision/kerberos.py:29:
>   if _glue.is_heimdal_built:
> to
>   if _glue.is_heimdal_built():
> 
> Which fixed the creation off the kdc.conf. 
> 
> 
> 
> Next : 
> Tried a provisioning 2 ways.
> samba-tool domain provision --use-rfc2307 --server-role=dc 
> --domain=NTTEST --kdc-config-dir=/etc/krb5kdc --realm=TEST.DOMAIN.TLD
> 
> samba-tool domain provision --use-rfc2307 --server-role=dc 
> --domain=NTTEST --kdc-config-dir=/usr/local/samba/etc 
> --realm=TEST.DOMAIN.TLD
> 
> Both Smb.conf are kdc.conf correct created. 
> 
> Now the first one is what im testing more.. 
> 
> I did 2 things. 
> 1 ) ln -s /usr/local/samba/lib/krb5/plugins/kdb/samba.so 
> /usr/lib/x86_64-linux-gnu/krb5/plugins/kdb/samba.so
> 2 ) and added these to lines:
> 
>  cat /etc/ld.so.conf.d/libc.conf
> # libc default configuration
> /usr/local/lib
> /usr/local/samba/lib			<<<<<<	
> /usr/local/samba/lib/service		<<<<<<
> 
> 
> And start samba. 
> It stops here : 
>  samba -i
> samba version 4.7.0pre1-GIT-1e7bec4-Debian started.
> Copyright Andrew Tridgell and the Samba Team 1992-2017
> samba: using 'standard' process model
> Attempting to autogenerate TLS self-signed keys for https for 
> hostname 'DEBIAN8.test.domain.tld'
> /usr/sbin/krb5kdc: krb5kdc: starting...
> TLS self-signed keys generated OK
> And the low now shows.
> 
> cat /usr/local/samba/var/mit_kdc.log
> krb5kdc: Unable to load requested database module 'samba': 
> plugin symbol 'kdb_function_table' not found - while 
> initializing database for realm TEST.DOMAIN.TLD
> krb5kdc: Unable to load requested database module 'samba': 
> plugin symbol 'kdb_function_table' not found - while 
> initializing database for realm TEST.DOMAIN.TLD
> 
> ^^^^^ previous tests ... 
> 
> May 05 13:15:09 debian8 krb5kdc[3137](info): setting up network...
> krb5kdc: setsockopt(18,IPV6_V6ONLY,1) worked
> krb5kdc: setsockopt(20,IPV6_V6ONLY,1) worked May 05 13:15:09 
> debian8 krb5kdc[3137](info): set up 4 sockets May 05 13:15:09 
> debian8 krb5kdc[3137](info): commencing operation (CTRL -C 
> here ) May 05 13:17:00 debian8 krb5kdc[3137](info): closing 
> down fd 20 May 05 13:17:00 debian8 krb5kdc[3137](info): 
> closing down fd 19 May 05 13:17:00 debian8 
> krb5kdc[3137](info): closing down fd 18 May 05 13:17:00 
> debian8 krb5kdc[3137](info): closing down fd 17 May 05 
> 13:17:00 debian8 krb5kdc[3137](info): shutting down
> 
> wbinfo -u
> NTTEST\administrator
> NTTEST\guest
> NTTEST\krbtgt
> 
> 
> And now Samba work now for me.
> 
> 
> Greetz, 
> 
> Louis
> 
> 
> 
> > -----Oorspronkelijk bericht-----
> > Van: samba-technical
> > [mailto:samba-technical-bounces at lists.samba.org] Namens 
> Rowland Penny 
> > via samba-technical
> > Verzonden: vrijdag 5 mei 2017 12:53
> > Aan: samba-technical at lists.samba.org
> > Onderwerp: Re: [WHATSNEW] Samba AD with MIT Kerberos + 
> Version change
> > 
> > On Fri, 05 May 2017 12:27:07 +0200
> > Daniele Dario <d.dario76 at gmail.com> wrote:
> > 
> > > What happens if you change
> > >   if _glue.is_heimdal_built:
> > > to
> > >   if _glue.is_heimdal_built():
> > > 
> > > If is_heimdal_built is a method and not a variable this
> > makes a lot of
> > > difference.
> > 
> > Yes that worked to get 'kdc.conf' created, but I still get:
> > 
> > krb5kdc: Unable to load requested database module 'samba': 
> > plugin symbol 'kdb_function_table' not found - while initializing 
> > database for realm TESTING.TLD
> > 
> > in /usr/local/samba/var/mit_kdc.log
> > 
> > Rowland
> > 
> > 
> 
> 
>

More information about the samba-technical mailing list