[Samba] smb.conf realm parameter

Rowland penny rpenny at samba.org
Fri Jul 5 14:34:22 UTC 2019 

On 05/07/2019 15:25, L.P.H. van Belle via samba wrote:
>   
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> Rowland penny via samba
>> Verzonden: vrijdag 5 juli 2019 16:09
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] smb.conf realm parameter
>>
>> On 05/07/2019 14:56, L.P.H. van Belle via samba wrote:
>>>> -----Oorspronkelijk bericht-----
>>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>>>> Rowland penny via samba
>>>> Verzonden: vrijdag 5 juli 2019 15:44
>>>> Aan: samba at lists.samba.org
>>>> Onderwerp: Re: [Samba] smb.conf realm parameter
>>>>
>>>> On 05/07/2019 14:31, L.P.H. van Belle via samba wrote:
>>>>> Rowland,
>>>>>
>>>>> Do you know is samba is changing the smb value here to
>>>> uppercase in the background.
>>>>> ( see:
>> https://web.mit.edu/kerberos/krb5-1.12/doc/admin/realm_config.html )
>>>>> Because if not, i really suggest we follow the
>>>> recommendations here, (uppercase REALM)
>>>>> a mismatch in realm due to upper/lower case is really
>> hard to find..
>>>>> Just saying..
>>>>>
>>>>>
>>>> Yes and worth saying, but I never gave it much thought before, so I
>>>> changed my realm line to:
>>>>
>>>>        realm = samdom.example.com
>>>>
>>>> testparm produced this amongst the output:
>>>>
>>>>        realm = SAMDOM.EXAMPLE.COM
>>>>
>>>> So it looks like Samba does uppercase the realm, but
>>>> interestingly (and
>>>> I have noticed this before) the 'idmap config' lines:
>>>>
>>>>        idmap config SAMDOM
>>>>
>>>> Become:
>>>>
>>>>        idmap config samdom
>>>>
>>>> Rowland
>>>>
>>>>
>>> Ah, you found a "mini" bug then.  ;-)
>>>
>>> SAMDOM is the WORKGROUP name, which should also be in CAPS.
>>> As shown in the naming conventions of MS link.
>>>
>>>
>>> Greetz,
>>>
>>> Louis
>>>
>>>
>> Then it is a very long lived bug ;-)
>>
>> For as long as I have used Samba, testparm has done this and has also
>> always worked correctly.
>>
>> Rowland
>>
> Ow, i expect that there are more of these "mini" bug that are long there.
>
> Im just mentioning it because since everything is tightend up ( security wise ) so if you setup (more) correctly,
> then these small things are the way to avoid possible problems.
>
> That said and that things "always" worked correctly "for you",
> might result differently in a big complex network.
>
> Im pro..  "Setup as it should".
> It makes things more clear to see and helps to reduce chances with problems.
> Invest more time in the setup and it reduces the needed time in supporting/maintaining it.
>
> ;-)

I am not saying that we shouldn't tell people 'you don't need to do this 
or that', I am just saying it like it is.

Yes we should stick to best practise, but don't get bogged down on 
something that isn't likely to cause a problem ;-)

It might help if the OP was to tell us why they asked the question in 
the first place, I feel there is more to this.

Rowland

More information about the samba mailing list