[Samba] krb5.conf file in /var/lib/samba/smb_krb5; Samba 3.0.27a

Eric Roseme eroseme at emonster.rose.hp.com
Wed Feb 27 16:52:55 GMT 2008 

I asked a co-worker who attended the Samba workshop last September to 
pose the following question.  The answer follows (maybe it will help):

Q1.       Will the new (3.0.25b) krb5 code (that creates a 
Samba-specific krb5.conf file) be documented somewhere?


A1.  Samba does not have documentation about the Samba-specific 
krb5.conf that is placed in locking directory. And also, after running 
kinit to obtain Kerberos ticket, Samba stores the ticket into memory 
tdb, probbaly gencache.tdb. But Samba doesn't provide a tool to allow 
users to see which DC Samba is talking to. Currently, we can use klist 
to see which domain is being used by Samba.

Obviously this does not answer your question about how it works, but it 
might get you closer.

Eric Roseme


Alex de Vaal wrote:
> Hello list,
> 
> I've upgraded from Samba 3.0.14a to 3.0.27a (Samba is a domain member of a
> W2k3 native AD) and I see that in the /var/lib/samba/smb_krb5 directory a
> krb5.conf file is created.
> Is this krb5.conf file extracted from my original /etc/krb5.conf? Or is this
> file created from the "password server =" entry in my smb.conf file?
> My original /etc/krb5.conf contains the DC's in DNS name and the
> krb5.conffile in /var/lib/samba/smb_krb5 contains DC's on IP address.
> 
> I noticed also that the krb5.conf file in /var/lib/samba/smb_krb5 is only
> renewed if /var/lib/samba/gencache.tdb is deleted before winbind is
> restarted and it also uses the DC that is configured as primary DC in Sites
> and Services in the Active Directory.
> 
> Can anyone shed a light how this work?
> 
> Thnx,
> Alex.
> 
> Some info:
> 
> /etc/samba/smb.conf
> =======
> 
> password server = adm02.test.com, adm03.test.com
> 
> 
> /etc/krb5.conf
> ==========
> 
> [libdefaults]
>  default_realm = TEST.COM
> 
> [realms]
>  TEST.COM = {
>   kdc = adm02.test.com:88
>   kdc = adm03.test.com:88
>   kdc = adm01.test.com:88
> 
> 
> /etc/hosts
> ========
> 
> 192.168.100.100    adm01.test.com
> 10.0.0.100    adm02.test.com
> 192.168.100.110 nhadm03.test.com
> 
> 
> /var/lib/samba/smb_krb5/krb5.conf.TEST
> =============================
> 
> [libdefaults]
>     default_realm = TEST.COM
> 
> [realms]
>     TEST.COM = {
>         kdc = 192.168.100.110
>     kdc = 10.0.0.100
>     }

More information about the samba mailing list