[Samba] Questions regarding ADS
marpon at marpon.com.ar
marpon at marpon.com.ar
Mon Jul 4 20:03:51 GMT 2005
I 've spent the last week troubleshooting a configuration issue regarding
samba not being able to connect to other domains beside the domain of which
it 's a member server (samba 3.0.14a, krb 1.3.6, w2k).
I have some doubts perhaps someone can answer...
Suppose this scenario:
Samba name : SAMBA
Main domain: DOMAINA (domain controller = DCA)
Others domains : DOMAINB, DOMAINC (domain controllers DCB y DCC)
1) When samba tries to connect via kerberos to others domains, which
principal is supposed to use? I 'd think it is SAMBA$@DOMAINA. What I see
is that it first connects via LDAP using this machine account but then
tries to connect via kerberos with DCB$@DOMAINB or DCC$@DOMAINC. Is this
correct or I am not understanding the logfiles correctly?
2) Is wbinfo --set-auth-user still needed? I 'm not using it because I read
somewhere that with 3.0+ is not needed anymore.
3) My krb5.conf doesn 't contain any references to servers. All it contains
is dns_lookup_realm=true, dns_lookup_kdc=true and default_realm=XXXXX. Do I
need anything specific or current krb5 can obtain everything it needs from
the DNS?
4) Do I need to do the ktpass thing at the windows DC? Documentation doesn
't say I should, but I keep reading in the web examples of importing the
data into the keytab.
Thanks. I 've already posted some days my log files trying to find some
specific help but probable my post was too unnecesary complicated. Perhaps
if anyone can answer this more-generic questions I can advance a step in
the resolution of the problem.
Regards,
Martin
--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .
More information about the samba
mailing list