[Samba] Questions regarding ADS

Mon Jul 4 20:03:51 GMT 2005

I 've spent the last week troubleshooting a configuration issue regarding
samba not being able to connect to other domains beside the domain of which
it 's a member server (samba 3.0.14a, krb 1.3.6, w2k). 

I have some doubts perhaps someone can answer...

Suppose this scenario: 

Samba name : SAMBA
Main domain: DOMAINA (domain controller = DCA)
Others domains : DOMAINB, DOMAINC (domain controllers DCB y DCC)

1) When samba tries to connect via kerberos to others domains, which
principal is supposed to use? I 'd think it is SAMBA$@DOMAINA. What I see
is that it first connects via LDAP using this machine account but then
tries to connect via kerberos with DCB$@DOMAINB or DCC$@DOMAINC. Is this
correct or I am not understanding the logfiles correctly?

2) Is wbinfo --set-auth-user still needed? I 'm not using it because I read
somewhere that with 3.0+ is not needed anymore. 

3) My krb5.conf doesn 't contain any references to servers. All it contains
is dns_lookup_realm=true, dns_lookup_kdc=true and default_realm=XXXXX. Do I
need anything specific or current krb5 can obtain everything it needs from
the DNS?

4) Do I need to do the ktpass thing at the windows DC? Documentation doesn
't say I should, but I keep reading in the web examples of importing the
data into the keytab. 

Thanks. I 've already posted some days my log files trying to find some
specific help but probable my post was too unnecesary complicated. Perhaps
if anyone can answer this more-generic questions I can advance a step in
the resolution of the problem. 

Regards, 

Martin 

--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .