[Samba] kerberos configuration in samba

Ralf Hornik Mailings ralf at best.homeunix.org
Tue Dec 15 06:07:59 MST 2009


Rajesh Ghanekar <rajesh_ghanekar at symantec.com> wrote:

>> One idea to make an admin server HA in krb5.conf could be DNS round  
>> robin, as far as multiple admin server are really supported.
>>
>  Does other points (#1 - #3) mentioned in my mail holds true or  
> there is still
> some confusion from my side?

Regarding

http://www.informit.com/guides/content.aspx?g=security&seqNum=37

kerberos libs should use nss (name service switch), but you can easyly  
figure it out by trying. ;-)

When you have a working DNS with SRV records pointing g to your KDC  
you can simply move your krb5.conf and try a kinit to get credendials.  
This should work, when using DNS.

However, you also might want to add some entries to nsswitch.conf like

rpc:       files dns
services:  files dns

or something...




More information about the samba mailing list