Local KDC and Samba
Steve French
smfrench at gmail.com
Tue Jan 21 05:59:25 UTC 2025
On Mon, Jan 20, 2025 at 2:33 AM Andreas Schneider <asn at samba.org> wrote:
>
> On Monday, 20 January 2025 07:11:30 CET Alexander Bokovoy via samba-technical
> wrote:
> > On Няд, 19 сту 2025, Steve French wrote:
> > > Is there documentation (or example howto, walkthrough etc.) on how to
> > > setup the new Local KDC features of Samba server?
> > >
> > > I wanted to try some experiments with the Linux client to make sure
> > > the new type of krb5 mounts work fine. For the server I am using
> > > current Samba master branch on Ubuntu.
> >
> > There are bits and pieces which aren't merged yet in both MIT Kerberos
> > and Samba.
> >
> > Your best way of testing is by using COPR repository Andreas created for
> > Fedora as it includes prepared packages.
> >
> > See https://gitlab.com/cryptomilk/localkdc and
> > https://copr.fedorainfracloud.org/coprs/asn/localkdc/
> >
> > Andreas gave some insstructions in this comment:
> > https://github.com/SSSD/sssd/issues/7723#issuecomment-2597864370
>
> For using IAKerb you need smbd and smbclient built from:
>
> https://git.samba.org/?p=asn/samba.git;a=shortlog;h=refs/heads/asn-iakerb
>
>
> Edit the smb.conf and add:
>
> include /etc/samba/localkdc.conf
>
> at the end of the [global] section after you ran localkdc-setup!
>
> You can then connect to smbd using the mdns name of the machine
> (<hostname>.local).
>
> Example:
>
> smbclient //samba-iakerb.local//share -Uasn at SAMBA-IAKERB.LOCALKDC.SITE --use-
> kerberos=required
Do you have a sample wireshark trace of SMB3.1.1 connection to Samba
with the new peer-to-peer Kerbeors and/or IAKERB?
--
Thanks,
Steve
More information about the samba-technical
mailing list