[Samba] external Kerberos and samba4

Frédéric Goudal frederic.goudal at ipb.fr
Wed Jul 2 02:52:21 MDT 2014


Maybe this is an FAQ but I have not really found a clear answer on the web...
I have an already functional kerberos domain.
I want to add a samba4 ad dc that use this existing domain.
Is there anyway to make this setup work ?

What I have tried :
- I have added the administrator at EXAMPLE.COM in my kdc
- In my samba server I have setup the krb5.conf so that I can do a kinit administrator that works
- in the samba dns I have changed all the srv and server names concerning kerberos to the external kerberos server
- in the smb.conf I have removed the kdc as server services

What seems to work :
when I do a samba-tool dns zoneinfo localhost example.com if ask me for DOMAIN\root password... 
If I first do a kinit administrator at EXAMPLE.COM and than the samba-tool command it asks me the administrator at EXAMPLE.COM password
and that works correctly

But I wonder why the samba--tool keeps asking me for the password as the klist gives me a valid krbtgt/EXAMPLE.COM at EXAMPLE.COM

Or maybe I'm totally wrong ?

Maybe I don't do the correct testing ?

Does somebody has some info ? Or link ?

Thanks in advance.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.samba.org/pipermail/samba/attachments/20140702/90f49769/attachment.pgp>

More information about the samba mailing list