[Samba] Setting up Samba AD-DC on Debian Stretch made easy.

L.P.H. van Belle belle at bazuin.nl
Mon Sep 11 13:29:20 UTC 2017 

Hai, 

I made the install howto based on the wiki steps, i only changed the order of install on some places.
And found it, not email but wiki. 

https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller 
The part Configuring Kerberos. 
(  cp /usr/local/samba/private/krb5.conf /etc/krb5.conf ) 

Which made me think that the /var/lib/samba/private/krb5.conf isnt used. (anymore)
And so /etc/krb5.conf is the default, ... Wrong thinking?  


Greetz, 

Louis


 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> L.P.H. van Belle via samba
> Verzonden: maandag 11 september 2017 15:20
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Setting up Samba AD-DC on Debian 
> Stretch made easy.
> 
> Hai Rowland, 
> 
> Thank for pointing out the 4.7 part. 
> 
> So, i just remove that part and wait for the offical release 
> of 4.7, but i you have a better text, yes, please :-))
> 
> I did see some email on technical about krb5.conf also, maybe 
> thats only for the "mit" enabled version? 
> I just cant find that email anymore. 
> 
> 
> Greetz, 
> 
> Louis
> 
> 
> 
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland Penny 
> > via samba
> > Verzonden: maandag 11 september 2017 14:49
> > Aan: samba at lists.samba.org
> > Onderwerp: Re: [Samba] Setting up Samba AD-DC on Debian 
> Stretch made 
> > easy.
> > 
> > On Mon, 11 Sep 2017 14:16:02 +0200
> > L.P.H. van Belle <belle at bazuin.nl> wrote:
> > 
> > > Thanx! Fixed. And I think you will even find more. 
> > > ;-)
> > > 
> > 
> > You are correct ;-)
> > 
> > I found this in 'stretch-base-2-samba-minimal-ad.txt'
> > 
> > # In above you see the line : 
> > # A Kerberos configuration suitable for Samba 4 has been 
> generated at 
> > /var/lib/samba/private/krb5.conf # ignore it, we use the 
> > /etc/krb5.conf, and as of samba 4.7.x this is the default.
> > # Note!!  Do not symlink /var/lib/samba/private/krb5.conf to 
> > /etc/krb5.conf.
> > # This wil give problems in the future. 
> > 
> > This is correct, but it is also wrong ;-) It is correct in that you 
> > shouldn't symlink the Samba krb5.conf.
> > It is wrong in stating that using the OS /etc/krb5.conf will be the 
> > default in 4.7
> > 
> > What is happening is that the permissions are being 
> tightened on the 
> > private dir and if you use a symlink, it will not work.
> > 
> > Also a new dir will be created on provisioning using Bind9 (or 
> > upgrading from the internal DNS) 'binddns'
> > 
> > Rowland
> > 
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> > 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list