AS-REQ using SPN
Rowland Penny
rpenny at samba.org
Wed Nov 15 18:53:08 UTC 2017
On Wed, 15 Nov 2017 10:42:52 -0800
Richard Sharpe <realrichardsharpe at gmail.com> wrote:
> On Wed, Nov 15, 2017 at 9:54 AM, Andrew Bartlett via samba-technical
> <samba-technical at lists.samba.org> wrote:
> > On Wed, 2017-11-15 at 10:03 +0000, Rowland Penny via samba-technical
> > wrote:
> [deletia]
> >> Hi Ralph, would you like to try that again with the Samba
> >> recommended krb5.conf ?
> >>
> >> Which is:
> >>
> >> [libdefaults]
> >> default_realm = RIVERSIDE.SITE
> >> dns_lookup_realm = false
> >> dns_lookup_kdc = true
> >>
>
> Wait. Is this recommended just for Samba as an AD DC or for Samba as a
> member server or both?
>
> AFAIK, you really do not want dns_lookup_realm = false for Samba as a
> member server, but if I am wrong it would be good to know why.
>
This is one reason why I am asking questions about this, Samba seems to
have been recommending the above format for the last 5 years. I
personally have been using it for all that time and it has always
worked.
If it is wrong, why is it wrong ?
Why (If AB is to be believed) do the developers use a different one ?
What should we be using and recommending ?
Rowland
More information about the samba-technical
mailing list