AS-REQ using SPN
Ralph Böhme
slow at samba.org
Thu Nov 16 08:48:20 UTC 2017
On Wed, Nov 15, 2017 at 06:53:08PM +0000, Rowland Penny via samba-technical wrote:
> On Wed, 15 Nov 2017 10:42:52 -0800
> Richard Sharpe <realrichardsharpe at gmail.com> wrote:
>
> > On Wed, Nov 15, 2017 at 9:54 AM, Andrew Bartlett via samba-technical
> > <samba-technical at lists.samba.org> wrote:
> > > On Wed, 2017-11-15 at 10:03 +0000, Rowland Penny via samba-technical
> > > wrote:
> > [deletia]
> > >> Hi Ralph, would you like to try that again with the Samba
> > >> recommended krb5.conf ?
> > >>
> > >> Which is:
> > >>
> > >> [libdefaults]
> > >> default_realm = RIVERSIDE.SITE
> > >> dns_lookup_realm = false
> > >> dns_lookup_kdc = true
> > >>
> >
> > Wait. Is this recommended just for Samba as an AD DC or for Samba as a
> > member server or both?
> >
> > AFAIK, you really do not want dns_lookup_realm = false for Samba as a
> > member server, but if I am wrong it would be good to know why.
> >
>
> This is one reason why I am asking questions about this, Samba seems to
> have been recommending the above format for the last 5 years. I
> personally have been using it for all that time and it has always
> worked.
>
> If it is wrong, why is it wrong ?
It is correct in most cases.
> Why (If AB is to be believed) do the developers use a different one ?
I use a different one as my DNS server doesn't know about the KDC.
> What should we be using and recommending ?
the above.
-slow
--
Ralph Boehme, Samba Team https://samba.org/
Samba Developer, SerNet GmbH https://sernet.de/en/samba/
More information about the samba-technical
mailing list