[Samba] PAM only and Kerberos...
Marco Gaiarin
gaio at sv.lnf.it
Wed Jun 6 08:50:00 UTC 2018
Mandi! Robert Marcano via samba
In chel di` si favelave...
Sorry for the late answer.
> I wonder if you can choose the master as the more robust (HW and SW) of your
> DCs, no idea.
Seems that also the krb5.conf manpage suggest that, eg 'master' is only
a fallback KDC.
> On a non AD Kerberos realm you can get from DNS, For example:
> dig +short _kerberos._udp.example.com srv
> dig +short _kerberos-master._udp.example.com srv
> both values, but the last one doesn't show on my Samba AD domain (single
> server)
> My installations of Samba as a AD DC are containerized and single server
> (for now), so I don't know if _kerberos-master._udp doesn't show because
> there is only one DC or if Samba doesn't setup that record.
I confirm, samba does not setup that record, also on a multi-DC setup:
root at vdcsv1:~# dig +short _kerberos._udp.ad.fvg.lnf.it srv
0 100 88 vdcsv1.ad.fvg.lnf.it.
0 100 88 vdcpp2.ad.fvg.lnf.it.
0 100 88 vdcpp1.ad.fvg.lnf.it.
0 100 88 vdcsv2.ad.fvg.lnf.it.
0 100 88 vdctms1.ad.fvg.lnf.it.
0 100 88 vdcud1.ad.fvg.lnf.it.
root at vdcsv1:~# dig +short _kerberos-master._udp.ad.fvg.lnf.it srv
thanks!
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the samba
mailing list