[Samba] Need krb5 on Interdomain trust Win2003SP1 - Samba3.0.21?

Simon Leung skmleung at hkucc.hku.hk
Wed Jan 4 06:21:14 GMT 2006 

Hi Geoff,

I've made it. Yes, it is good enough to follow the steps in Ch 12.3.2 ,
anyway, I have attached part of my "krb5.conf" for you as reference:

-----------------starts----------------------------
[libdefaults]
 default_realm = MYDOMAIN.COM
 dns_lookup_realm = true
 dns_lookup_kdc = true
 ticket_lifetime = 24h
 forwardable = yes

[realms]
 MYDOMAIN.COM = {
  kdc = w2k3.mydomain.com
  admin_server = w2k3.mydomain.com
  default_domain = mydomain.com
 }

[domain_realm]
 .mydomain.com = MYDOMAIN.COM
 mydomain.com = MYDOMAIN.COM
---------------end------------------------------------

Then "kinit" and "klist -e" will get what you want.

and now I have a successful interdomain trust between Samba.3.0.21a and
Win2003SP1. 

THX guys do shed light on my problem!!

Best Wishes

Simon

-----Original Message-----
From: samba-bounces+skmleung=hkucc.hku.hk at lists.samba.org
[mailto:samba-bounces+skmleung=hkucc.hku.hk at lists.samba.org] On Behalf Of
Geoffrey Scott
Sent: Wednesday, January 04, 2006 11:10 AM
To: Gerald (Jerry) Carter
Cc: samba at lists.samba.org
Subject: [Samba] Need krb5 on Interdomain trust Win2003SP1 - Samba3.0.21?

SHA1 wrote:
> Simon Leung wrote:
>> 
>> Anyway, my question is beside Winbind, do I need to configure krb5 on 
>> Samba (Domain A) when talking to Win2003SP1 on Domain B?
> 
> Beginning with 3.0.21 if you are talking to AD in anyways (domain 
> member server, domain controller with domain trusts, etc...) you 
> should ensure that you configure with ADS support and correctly 
> configure /etc/krb5.conf.

Hi Jerry
JHT hasn't got any mention of configuring /etc/krb5.conf in "S by example"
chapter 7.3.4 but he has in chapter 12.3.2.  Other docs say only an empty
config file is needed or non at all depending on whether
you are using Heimdal or MIT kerberos.....   

How much info if any should be in /etc/krb5.conf? is the chapter 12 example
enough?:
[libdefaults]
	default_realm = LONDON.ABMAS.BIZ

[realms] 
	LONDON.ABMAS.BIZ = {
	kdc = w2k3s.london.abmas.biz
	}


Sorry to ask a basic question, but if I do an apt-get install samba and
samba-common, will it install all the files needed for ADS domain
membership?  

Regards Geoff Scott


Gerald (Jerry) Carter wrote:
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list