[Samba] Connections to Samba fail when "includedir" is set in krb5.conf (e. g. after RHEL 7.2 to 7.3 update)

Marc Muehlfeld mmuehlfeld at samba.org
Thu Dec 29 23:44:08 UTC 2016

Am 29.12.2016 um 23:29 schrieb Rowland Penny via samba:
>> You can set up a domain member without configuring Kerberos in
>> krb5.conf. That's what is currently described on the Wiki page and the
>> procedure works. However, in this case you're not able to use Kerberos
>> stuff, such as kinit.
> No you cannot, a lot of problems are caused by
> mis-configured /etc/krb5.conf files, as you have found out yourself.

Sure, you can. I ran several domain members in production in the past
without touching the default krb5.conf and never had any kind of problems.

What problems are you talking about exactly? Can you please give some
examples what problems user will encounter if they don't configure
krb5.conf and use the defaults?

>> I add a new section to the page tomorrow describing the Kerberos
>> configuration on the domain member.
> Don't bother, I have already done it.

Can you add some more details? I think is helps the reader to tell why
to do things. For example what you achieve by setting this up and what
problems you get if you use the default krb5.conf.


More information about the samba mailing list