[Samba] smbclient and Kerberos
Data Control Systems - Mike Elkevizth
mike at datacontrolsystems.com
Fri Nov 4 21:11:24 UTC 2016
The defaults for dns_lookup_realm and dns_lookup_kdc should be false and
true respectively, but the samba team recommends using them explicitly, so
that's what I do. My /etc/krb5.conf file doesn't include any of the stock
lines included with the package from Ubuntu (which I believe is based on
the MIT version of kerberos). My file includes the four lines in the
previous message and only those four lines. Maybe something in the stock
file causes the problem you're seeing.?
Mike E.
On Fri, Nov 4, 2016 at 5:01 PM, Kevr <kevr at protonmail.com> wrote:
> Hmmmm. I'm using the stock krb5.conf installed by apt-get. So basically
> all I have is the default_realm set to my realm in [libdefaults]. I was
> under the impression that dns_lookup_kdc was true by default. Am I wrong?
>
> Kevin Ratcliffe
>
> Sent from ProtonMail <https://protonmail.ch>
>
>
> -------- Original Message --------
> Subject: Re: [Samba] smbclient and Kerberos
> Local Time: 4 November 2016 8:48 PM
> UTC Time: 4 November 2016 20:48
> From: samba at lists.samba.org
> To: Kevr <kevr at protonmail.com>
> samba at lists.samba.org <samba at lists.samba.org>
>
> Mine seem to work fine also using Ubuntu 16.04.1 on the servers and a
> separate workstation client. My /etc/krb5.conf files on the servers and
> clients are all simply:
>
> [libdefaults]
> default_realm = REALM.EXAMPLE.COM
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
> Mike E.
>
>
> On Fri, Nov 4, 2016 at 4:10 PM, Kevr via samba <samba at lists.samba.org>
> wrote:
>
> > Hi All
> >
> > Is this behaviour expected in smbclient:
> >
> > I have a kerberized Samba server and a share that works as expected on
> > desktop clients, but when I use smbclient with a valid ticket with the -k
> > flag I get a KDC lookup failure
> >
> > kev at client:/home/testuser$ smbclient -k -L //fileserver
> > gss_init_sec_context failed with [ Miscellaneous failure (see text):
> > unable to reach any KDC in realm LAN]
> > SPNEGO(gse_krb5) creating NEG_TOKEN_INIT failed: NT_STATUS_INTERNAL_ERROR
> > session setup failed: NT_STATUS_INTERNAL_ERROR
> >
> > I've noticed that if I configure the KDC server in the [realm] section of
> > my /etc/krb5.conf everything works fine.
> >
> > Does smbclient not use the DNS for KDC lookup?
> >
> > I am using version Version 4.3.11-Ubuntu on Ubuntu 16.04.1
> >
> > Thanks
> >
> >
> >
> > Kevin Ratcliffe
> >
> > Sent from [ProtonMail](https://protonmail.ch)
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
>
More information about the samba
mailing list