[Samba] winbind_krb5_locator usage

Felix Matouschek felix.matouschek at vipco.de
Fri Aug 14 06:58:19 UTC 2015


Hello,

i investigated further and found out that other member servers do honor their AD sites.

It is just that one machine that has both KDCs in it's "/var/cache/samba/smb_krb5 exists/ krb5.conf.INTRANET".

I'm a bit puzzled... the smb.conf on this machine and on a machine that works is 100% identical, only netbios names differ.

Is there another way to control this behaviour?

Greetings,
Felix

-----Ursprüngliche Nachricht-----
Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von Felix Matouschek
Gesendet: Donnerstag, 13. August 2015 13:14
An: samba at lists.samba.org
Betreff: [Samba] winbind_krb5_locator usage

Hi Rowland,

/var/run/samba/smb_krb5 does not exist.

However /var/cache/samba/smb_krb5 exists, there is a file named "krb5.conf.INTRANET".

Contents:

[libdefaults]
        default_realm = INTRANET.VIPCO.DE
        default_tgs_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 RC4-HMAC DES-CBC-CRC DES-CBC-MD5
        default_tkt_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 RC4-HMAC DES-CBC-CRC DES-CBC-MD5
        preferred_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 RC4-HMAC DES-CBC-CRC DES-CBC-MD5

[realms]
        INTRANET.VIPCO.DE = {
                kdc = 192.168.0.197
        kdc = 192.168.122.1
        }

Doesn't that mean 192.168.0.197 is the primary kdc? 192.168.122.1 should be primary kdc for that machine.

Greetings,
Felix

-----Ursprüngliche Nachricht-----
Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von Rowland Penny
Gesendet: Donnerstag, 13. August 2015 12:57
An: samba at lists.samba.org
Betreff: Re: [Samba] winbind_krb5_locator usage

On 13/08/15 10:47, Felix Matouschek wrote:
> Hello,
>   
> I have different Sites in my domain and want the different members to use the respective domain controller of their site.
>   
> I can't get this to work right. I have a member that is in site B but executing "net ads info" outputs the DC of site A as active.
>   
> I read about enabling "winbind_krb5_locator", but it is already located in "/usr/lib/x86_64-linux-gnu/krb5/plugins/krb5/".
>   
> Winbind also does not generate a krb5.conf, even with the option "create krb5 conf" explicitly set to yes.

Have you tried looking in /var/run/samba/smb_krb5 on the member server ?

Rowland

>   
> I am using SerNet Samba 4.2.3 as DC and Member.
>   
> Any suggestions?
>   
> Greetings,
> Felix


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba




More information about the samba mailing list