[Samba] external Kerberos and samba4
frederic.goudal at ipb.fr
Wed Jul 2 02:52:21 MDT 2014
Maybe this is an FAQ but I have not really found a clear answer on the web...
I have an already functional kerberos domain.
I want to add a samba4 ad dc that use this existing domain.
Is there anyway to make this setup work ?
What I have tried :
- I have added the administrator at EXAMPLE.COM in my kdc
- In my samba server I have setup the krb5.conf so that I can do a kinit administrator that works
- in the samba dns I have changed all the srv and server names concerning kerberos to the external kerberos server
- in the smb.conf I have removed the kdc as server services
What seems to work :
when I do a samba-tool dns zoneinfo localhost example.com if ask me for DOMAIN\root password...
If I first do a kinit administrator at EXAMPLE.COM and than the samba-tool command it asks me the administrator at EXAMPLE.COM password
and that works correctly
But I wonder why the samba--tool keeps asking me for the password as the klist gives me a valid krbtgt/EXAMPLE.COM at EXAMPLE.COM
Or maybe I'm totally wrong ?
Maybe I don't do the correct testing ?
Does somebody has some info ? Or link ?
Thanks in advance.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the samba