[Samba] kerberos configuration in samba
Rajesh Ghanekar
rajesh_ghanekar at symantec.com
Tue Dec 15 03:48:15 MST 2009
Hi All,
I am using samba-3.2.11-0.1.145 in my setup. I have multiple domain
controllers
for a domain. I am confused on do I need to edit /etc/krb5.conf or not.
I am using
MIT kerberos (krb5-1.4.3-19.34) on SLES10.
Here is what I got from Samba HOWTO:
1. Adding entries in /etc/krb5.conf for "kdc =", "admin server =" and
"password server ="
is only necessary if SRV records are not there in DNS server. If SRV
records are there,
no need to configure /etc/krb5.conf.
2. /etc/samba/smb.conf should contain the list of domain controllers in
"password server =" line
(space separated) or can contain *, which will get the list from DNS SRV
records.
3. If SRV records are not present (may be I migrated my DNS server to
linux box), then
I need to manually enter "kdc =", etc, lines in /etc/krb5.conf.
4. I can have multiple "kdc = " entries in /etc/krb5.conf, if I need to
manually configure
/etc/krb5.conf, but only single "admin server =" and "password server ="
line.
How does this /etc/krb5.conf entry for admin server and password server
becomes
HA if the machine specified in admin server and password server goes down?
Any help appreciated.
Thanks,
Rajesh
More information about the samba
mailing list