[Samba] Is it EVER needed to set up kerberos manually if you use samba to join an ADS domain as a domain member?

Matthew J. Salerno vagabond_king at yahoo.com
Fri Oct 16 06:27:08 MDT 2009


From: Robert LeBlanc <robert at leblancnet.us>
To: Matthew J. Salerno <Vagabond_king at yahoo.com>
Cc: admin at ateamonsite.com; samba at lists.samba.org
Sent: Fri, October 16, 2009 2:50:59 AM
Subject: Re: [Samba] Is it EVER needed to set up kerberos manually if you use  samba to join an ADS domain as a domain member?



On Thu, Oct 15, 2009 at 8:29 AM, Matthew J. Salerno <vagabond_king at yahoo.com> wrote:

 
>I found out that in order for the idmap_ad to be able to pull in the rfc2307 attributes, you need to have the krb5,conf setup.  Auth was working fine, but without the krb5.conf, that was all that was working.
>
>http://lists.samba.org/archive/samba/2009-October/151144.html
>
>
>

Looking at your post, there doesn't seem to be anything in the krb5.conf file that would make it work. Do you know which setting was the "magic" one? I would be interested to know. We use RID for ID mapping since we only had a few ID hard coded in our AD and it works fine with a minimal krb5.conf file.

Robert LeBlanc
Life Sciences & Undergraduate Education Computer Support
Brigham Young University

--------------------------------------------------- 


If that's the case, then you should probably be falling back on the template settings.
template homedir & template shell

All I did was configure my krb5.conf based on the hundreds of
wiki/howto/faq's and forum posts I read.  I'm not sure what the "magic"
one is, but I know that it works when I do the kinit.

What issues are you having?


      


More information about the samba mailing list