[Samba] samba server with two kerberos realms
Chad William Seys
cwseys at physics.wisc.edu
Tue Mar 1 22:03:32 UTC 2016
I forgot to explicityly mention that with the testparm output I sent
originally I can use smbclient to connect to the samba server with a kerberos
ticket from the PHYSICS.WISC.EDU realm.
If I change REALM = AD.WISC.EDU I can then log in to the samba server with a
kerberos ticket from the AD.WISC.EDU realm.
I'd like to do either or without changing the smb.conf.
On Tuesday, March 01, 2016 15:08:13 Chad William Seys wrote:
> Hi Rowland,
> Below is output of testparm. Samba is set up as standalone server.
> # testparm
> Load smb config files from /etc/samba/smb.conf
> Processing section "[generic]"
> Loaded services file OK.
> Server role: ROLE_DOMAIN_MEMBER
> Press enter to see a dump of your service definitions
> realm = PHYSICS.WISC.EDU
> server string = %h server
> server role = standalone server
> security = ADS
> map to guest = Bad User
> pam password change = Yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> unix password sync = Yes
> kerberos method = secrets and keytab
> syslog = 0
> max log size = 100000
> client ldap sasl wrapping = sign
> dns proxy = No
> panic action = /usr/share/samba/panic-action %d
> idmap config * : backend = tdb
> path = /srv/smb
More information about the samba