[Samba] some mapping examples for krb5.conf
L.P.H. van Belle
belle at bazuin.nl
Thu Jul 21 10:15:25 UTC 2016
Hai,
I was testing a toshiba printer, added it to the samba 4 domain, ( successfully ).
And mean while i was reading : https://wiki.samba.org/index.php/OpenSSH_Single_sign-on
And I noticed the following settings in the printer. .. anything usefull below ? thats why i post this.
And then im pointing to :
>> auth_to_local = RULE:[1:$0\$1](^REALM\.DOMAIN\.TLD\\.*)s/^REALM\.DOMAIN\.TLD/NTDOMAIN/
>> mappings = NTDOMAIN\\(.*) $1 at REALM.DOMAIN.TLD
>> and the pam / httpd mappings.
I think some of these nice examples/settings can help some people, especialy the mappings.
[libdefaults]
default_realm = REALM.DOMAIN.TLD
default_tgs_enctypes = AES256-CTS-HMAC-SHA1-96 AES128-CTS-HMAC-SHA1-96 RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
default_tkt_enctypes = AES256-CTS-HMAC-SHA1-96 AES128-CTS-HMAC-SHA1-96 RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
preferred_enctypes = AES256-CTS-HMAC-SHA1-96 AES128-CTS-HMAC-SHA1-96 RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
dns_lookup_kdc = true
[domain_realm]
.realm.domain.tld = REALM.DOMAIN.TLD
realm.domain.tld = REALM.DOMAIN.TLD
[realms]
REALM.DOMAIN.TLD = {
auth_to_local = RULE:[1:$0\$1](^REALM\.DOMAIN\.TLD\\.*)s/^REALM\.DOMAIN\.TLD/NTDOMAIN/
auth_to_local = DEFAULT
}
[appdefaults]
pam = {
mappings = NTDOMAIN\\(.*) $1 at REALM.DOMAIN.TLD
forwardable = true
validate = true
}
httpd = {
mappings = NTDOMAIN\\(.*) $1 at REALM.DOMAIN.TLD
reverse_mappings = (.*)@REALM\.DOMAIN\.TLD NTDOMAIN\$1
}
Greetz,
Louis
More information about the samba
mailing list