[Samba] Samba-3.0.0rc4/ADS experience (with how-to change suggestion)

John H Terpstra jht at samba.org
Wed Sep 17 17:19:36 GMT 2003 

KEvin,

Thanks for your feedback. I will update the HOWTO pages as suggested.

Cheers,
John T.

On Wed, 17 Sep 2003, Kevin P. Fleming wrote:

> I'm nearly finished setting up a new Samba server in a Win2000 ADS
> domain. So far, things have been going quite well, the combination of
> Samba 3.0.0rc4 (with winbindd), krb5 1.3.1, CUPS 1.1.19, etc. has
> performed admirably and was easy to configure.
>
> I have only three issues to mention:
>
> - the HOWTO collection, in the section talking about joining an ADS
> domain as a member server, does not mention using the "net ads join"
> command, rather it uses "net join". This really should be fixed, "net
> ads join" produces a much better result.
>
> - in the same HOWTO, there is mention of creating a krb5.conf file to
> tell the krb5 libraries where the KDC for the ADS domain is. With MIT
> krb5, this is completely unnecessary, and actually detrimental. All
> ADS domains will automatically create SRV records in the DNS zone
> _kerberos.REALM.NAME for each KDC in the realm. MIT's krb5 libraries
> default to checking for these records, so they will automatically find
> the KDCs. In addition, krb5.conf only allows specifying a _single_
> KDC, even there if there is more than one. Using the DNS lookup allows
> the krb5 libraries to use whichever KDCs are available. I can't speak
> to the Heimdal implementation as I've never seen it, but I'd suggest
> modifying the HOWTO to suggest that the krb5.conf file is strictly
> optional for users using the MIT krb5 libraries.
>
> - when setting up some printers, and using driver upload from a
> Windows 2000 machine (which all worked as expected), I ended up with
> some smbd processes consuming lots and lots of CPU time but not
> accomplishing anything. I haven't been able to reliably reproduce the
> problem, so I guess this report is not very useful...
>
> Otherwise, kudos on a wonderful package. I've been an ardent Samba
> supporter and user for years now, but this was my first experience
> with Samba-3 and ADS. Well done!
>
>

-- 
John H Terpstra
Email: jht at samba.org

More information about the samba mailing list