[Samba] kerberos configuration in samba
Rob Townley
rob.townley at gmail.com
Tue Dec 15 16:18:01 MST 2009
On Tue, Dec 15, 2009 at 4:48 AM, Rajesh Ghanekar
<rajesh_ghanekar at symantec.com> wrote:
> Hi All,
> I am using samba-3.2.11-0.1.145 in my setup. I have multiple domain
> controllers
> for a domain. I am confused on do I need to edit /etc/krb5.conf or not. I am
> using
> MIT kerberos (krb5-1.4.3-19.34) on SLES10.
>
> Here is what I got from Samba HOWTO:
>
> 1. Adding entries in /etc/krb5.conf for "kdc =", "admin server =" and
> "password server ="
> is only necessary if SRV records are not there in DNS server. If SRV
> records are there,
> no need to configure /etc/krb5.conf.
>
> 2. /etc/samba/smb.conf should contain the list of domain controllers in
> "password server =" line
> (space separated) or can contain *, which will get the list from DNS SRV
> records.
>
> 3. If SRV records are not present (may be I migrated my DNS server to linux
> box), then
> I need to manually enter "kdc =", etc, lines in /etc/krb5.conf.
Why not put put the SRV records into your own Linux DNS?
>
> 4. I can have multiple "kdc = " entries in /etc/krb5.conf, if I need to
> manually configure
> /etc/krb5.conf, but only single "admin server =" and "password server ="
> line.
> How does this /etc/krb5.conf entry for admin server and password server
> becomes
> HA if the machine specified in admin server and password server goes down?
>
> Any help appreciated.
>
> Thanks,
> Rajesh
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list