AS-REQ using SPN
Richard Sharpe
realrichardsharpe at gmail.com
Wed Nov 15 20:29:18 UTC 2017
On Wed, Nov 15, 2017 at 10:53 AM, Rowland Penny via samba-technical <
samba-technical at lists.samba.org> wrote:
> On Wed, 15 Nov 2017 10:42:52 -0800
> Richard Sharpe <realrichardsharpe at gmail.com> wrote:
>
>> On Wed, Nov 15, 2017 at 9:54 AM, Andrew Bartlett via samba-technical
>> <samba-technical at lists.samba.org> wrote:
>> > On Wed, 2017-11-15 at 10:03 +0000, Rowland Penny via samba-technical
>> > wrote:
>> [deletia]
>> >> Hi Ralph, would you like to try that again with the Samba
>> >> recommended krb5.conf ?
>> >>
>> >> Which is:
>> >>
>> >> [libdefaults]
>> >> default_realm = RIVERSIDE.SITE
>> >> dns_lookup_realm = false
>> >> dns_lookup_kdc = true
>> >>
>>
>> Wait. Is this recommended just for Samba as an AD DC or for Samba as a
>> member server or both?
>>
>> AFAIK, you really do not want dns_lookup_realm = false for Samba as a
>> member server, but if I am wrong it would be good to know why.
>>
>
> This is one reason why I am asking questions about this, Samba seems to
> have been recommending the above format for the last 5 years. I
> personally have been using it for all that time and it has always
> worked.
>
> If it is wrong, why is it wrong ?
> Why (If AB is to be believed) do the developers use a different one ?
>
> What should we be using and recommending ?
My only thought at this stage is that since you specify the realm in the
smb.conf perhaps the dns_lookup_realm setting in krb5.conf is simply
irrelevant.
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
More information about the samba-technical
mailing list