[Samba] Is it EVER needed to set up kerberos manually if you use samba to join an ADS domain as a domain member?

Robert LeBlanc robert at leblancnet.us
Fri Oct 16 00:50:59 MDT 2009

On Thu, Oct 15, 2009 at 8:29 AM, Matthew J. Salerno <vagabond_king at yahoo.com
> wrote:

> I found out that in order for the idmap_ad to be able to pull in the
> rfc2307 attributes, you need to have the krb5,conf setup.  Auth was working
> fine, but without the krb5.conf, that was all that was working.
> http://lists.samba.org/archive/samba/2009-October/151144.html
Looking at your post, there doesn't seem to be anything in the krb5.conf
file that would make it work. Do you know which setting was the "magic" one?
I would be interested to know. We use RID for ID mapping since we only had a
few ID hard coded in our AD and it works fine with a minimal krb5.conf file.

Robert LeBlanc
Life Sciences & Undergraduate Education Computer Support
Brigham Young University

More information about the samba mailing list