[Samba] PAM only and Kerberos...
Robert Marcano
robert at marcanoonline.com
Wed May 30 15:29:22 UTC 2018
On 05/30/2018 11:02 AM, Marco Gaiarin via samba wrote:
> Mandi! Robert Marcano via samba
> In chel di` si favelave...
>
>> Yes, check the documentation of krb5.conf.
>
> Ahem, 'apt-get install krb5-doc' misses. ;-)
>
>> In summary you will need to
>> disable dns_canonicalize_hostname dns_lookup_kdc , etc if enabled and set
>> you admin and kdc hostnames there, something like:
>
> How can i determine kdc and master_kdc values? All DC server are KDC
> and the FSMO role are master_kdc?
>
I wonder if you can choose the master as the more robust (HW and SW) of
your DCs, no idea.
On a non AD Kerberos realm you can get from DNS, For example:
dig +short _kerberos._udp.example.com srv
dig +short _kerberos-master._udp.example.com srv
both values, but the last one doesn't show on my Samba AD domain (single
server)
My installations of Samba as a AD DC are containerized and single server
(for now), so I don't know if _kerberos-master._udp doesn't show because
there is only one DC or if Samba doesn't setup that record.
More information about the samba
mailing list