[Samba] logging lines in krb5.conf
Jason Keltz
jas at eecs.yorku.ca
Mon Oct 5 16:27:48 UTC 2020
On 10/5/2020 12:16 PM, Rowland penny via samba wrote:
> On 05/10/2020 17:01, Jason Keltz via samba wrote:
>> On 10/5/2020 11:58 AM, Rowland penny via samba wrote:
>>
>>> On 05/10/2020 16:30, Jason Keltz via samba wrote:
>>>> Hi.
>>>>
>>>> Using MIT5 backend with Samba..
>>> I hope you mean on the clients, the use of MIT as the kdc on a Samba
>>> DC is experimental and shouldn't be used in production
>> Hi Roland, our environment uses CentOS 7. I don't have much choice
>> but to use this on the server.
>
> In which case you will not be using MIT as the kdc, not unless you
> have ported the Fedora Samba packages to Centos.
>
> Using the MIT client packages with Samba isn't a problem, it is just
> using krb5-kdc that is experimental.
>
>
Hi Roland,
I'm glad you brought that up. This is a piece of the puzzle I have been
very confused with. I'm not using the Samba from CentOS/RHEL, but a
custom compiled one (latest 4.11.13). As CentOS uses MIT Kerberos by
default, am I not automatically using MIT Krb5 on the server in the mode
you describe as "Experimental"? Is Samba re-implenting the Heimdal
based Kerberos, or using the system Kerberos? Do I have a choice? And If
my system doesn't use Heimdel and only has MIT Krb5 libraries, isn't
that what would be used? Here's the ldd on the samba binary...
> % ldd samba
> linux-vdso.so.1 => (0x00007ffded95b000)
> libndr.so.0 => /xsys/pkg/samba-4.11.13/lib/libndr.so.0
> (0x00007ff85d1e7000)
> libevents-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libevents-samba4.so
> (0x00007ff85cfe5000)
> libregistry-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libregistry-samba4.so
> (0x00007ff85cdbc000)
> libldbsamba-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libldbsamba-samba4.so
> (0x00007ff85cb88000)
> libprocess-model-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libprocess-model-samba4.so
> (0x00007ff85c984000)
> libtevent.so.0 =>
> /xsys/pkg/samba-4.11.13/lib/private/libtevent.so.0 (0x00007ff85c76c000)
> libshares-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libshares-samba4.so
> (0x00007ff85c562000)
> libsamba-security-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libsamba-security-samba4.so
> (0x00007ff85c33e000)
> libtalloc.so.2 =>
> /xsys/pkg/samba-4.11.13/lib/private/libtalloc.so.2 (0x00007ff85c134000)
> libldb.so.2 => /xsys/pkg/samba-4.11.13/lib/private/libldb.so.2
> (0x00007ff85bef6000)
> libservice-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libservice-samba4.so
> (0x00007ff85bced000)
> libsamba-hostconfig.so.0 =>
> /xsys/pkg/samba-4.11.13/lib/libsamba-hostconfig.so.0 (0x00007ff85baba000)
> libtdb-wrap-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libtdb-wrap-samba4.so
> (0x00007ff85b8b7000)
> libgensec-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libgensec-samba4.so
> (0x00007ff85b680000)
> libcluster-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libcluster-samba4.so
> (0x00007ff85b47d000)
> libsamba-util.so.0 =>
> /xsys/pkg/samba-4.11.13/lib/libsamba-util.so.0 (0x00007ff85b1fe000)
> libutil-tdb-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libutil-tdb-samba4.so
> (0x00007ff85affa000)
> libcliauth-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libcliauth-samba4.so
> (0x00007ff85ade1000)
> libsamba-errors.so.1 =>
> /xsys/pkg/samba-4.11.13/lib/libsamba-errors.so.1 (0x00007ff85aa8b000)
> libutil-reg-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libutil-reg-samba4.so
> (0x00007ff85a888000)
> libdcerpc.so.0 => /xsys/pkg/samba-4.11.13/lib/libdcerpc.so.0
> (0x00007ff85a64f000)
> libdcerpc-samba-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libdcerpc-samba-samba4.so
> (0x00007ff85a2c2000)
> libtdb.so.1 => /xsys/pkg/samba-4.11.13/lib/private/libtdb.so.1
> (0x00007ff85a0a7000)
> libndr-samba-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libndr-samba-samba4.so
> (0x00007ff859cce000)
> libsamdb-common-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libsamdb-common-samba4.so
> (0x00007ff859a9b000)
> libsamba-modules-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libsamba-modules-samba4.so
> (0x00007ff859897000)
> libsamba-sockets-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libsamba-sockets-samba4.so
> (0x00007ff85967c000)
> libreplace-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libreplace-samba4.so
> (0x00007ff859479000)
> libsamba-credentials.so.0 =>
> /xsys/pkg/samba-4.11.13/lib/libsamba-credentials.so.0 (0x00007ff859263000)
> libsamdb.so.0 => /xsys/pkg/samba-4.11.13/lib/libsamdb.so.0
> (0x00007ff859047000)
> libMESSAGING-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libMESSAGING-samba4.so
> (0x00007ff858e3d000)
> libauth4-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libauth4-samba4.so
> (0x00007ff858c23000)
> libtevent-util.so.0 =>
> /xsys/pkg/samba-4.11.13/lib/libtevent-util.so.0 (0x00007ff858a1e000)
> libndr-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libndr-samba4.so (0x00007ff8585ec000)
> libgssapi-samba4.so.2 =>
> /xsys/pkg/samba-4.11.13/lib/private/libgssapi-samba4.so.2
> (0x00007ff8583af000)
> libnpa-tstream-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libnpa-tstream-samba4.so
> (0x00007ff8581a5000)
> libserver-role-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libserver-role-samba4.so
> (0x00007ff857fa2000)
> libsamba-debug-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libsamba-debug-samba4.so
> (0x00007ff857d99000)
> libauthkrb5-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libauthkrb5-samba4.so
> (0x00007ff857b7e000)
> libasn1util-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libasn1util-samba4.so
> (0x00007ff857977000)
> libcom_err-samba4.so.0 =>
> /xsys/pkg/samba-4.11.13/lib/private/libcom_err-samba4.so.0
> (0x00007ff857774000)
> libwbclient.so.0 =>
> /xsys/pkg/samba-4.11.13/lib/libwbclient.so.0 (0x00007ff857562000)
> libdbwrap-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libdbwrap-samba4.so
> (0x00007ff857355000)
> libgenrand-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libgenrand-samba4.so
> (0x00007ff857153000)
> libsocket-blocking-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libsocket-blocking-samba4.so
> (0x00007ff856f51000)
> libutil-setid-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libutil-setid-samba4.so
> (0x00007ff856d4f000)
> libsys-rw-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libsys-rw-samba4.so
> (0x00007ff856b4c000)
> libtime-basic-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libtime-basic-samba4.so
> (0x00007ff85694a000)
> libndr-nbt.so.0 => /xsys/pkg/samba-4.11.13/lib/libndr-nbt.so.0
> (0x00007ff856714000)
> libkrb5samba-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libkrb5samba-samba4.so
> (0x00007ff856506000)
> libdcerpc-binding.so.0 =>
> /xsys/pkg/samba-4.11.13/lib/libdcerpc-binding.so.0 (0x00007ff8562db000)
> libroken-samba4.so.19 =>
> /xsys/pkg/samba-4.11.13/lib/private/libroken-samba4.so.19
> (0x00007ff8560cb000)
> libcli-smb-common-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libcli-smb-common-samba4.so
> (0x00007ff855e8e000)
> libcli-nbt-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libcli-nbt-samba4.so
> (0x00007ff855c82000)
> libsmbclient-raw-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libsmbclient-raw-samba4.so
> (0x00007ff855a34000)
> libnetif-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libnetif-samba4.so
> (0x00007ff85582f000)
> libaddns-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libaddns-samba4.so
> (0x00007ff855622000)
> libhttp-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libhttp-samba4.so (0x00007ff855418000)
> libcli-cldap-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libcli-cldap-samba4.so
> (0x00007ff85520e000)
> libndr-standard.so.0 =>
> /xsys/pkg/samba-4.11.13/lib/libndr-standard.so.0 (0x00007ff854b2f000)
> libndr-krb5pac.so.0 =>
> /xsys/pkg/samba-4.11.13/lib/libndr-krb5pac.so.0 (0x00007ff85491e000)
> libflag-mapping-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libflag-mapping-samba4.so
> (0x00007ff85471b000)
> libcli-ldap-common-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libcli-ldap-common-samba4.so
> (0x00007ff854511000)
> libinterfaces-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libinterfaces-samba4.so
> (0x00007ff85430d000)
> libiov-buf-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libiov-buf-samba4.so
> (0x00007ff85410b000)
> libkrb5-samba4.so.26 =>
> /xsys/pkg/samba-4.11.13/lib/private/libkrb5-samba4.so.26
> (0x00007ff853e8a000)
> libtalloc-report-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libtalloc-report-samba4.so
> (0x00007ff853c87000)
> libmessages-util-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libmessages-util-samba4.so
> (0x00007ff853a85000)
> libserver-id-db-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libserver-id-db-samba4.so
> (0x00007ff853881000)
> libdcerpc-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libdcerpc-samba4.so
> (0x00007ff853669000)
> libauth-unix-token-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libauth-unix-token-samba4.so
> (0x00007ff853465000)
> libLIBWBCLIENT-OLD-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libLIBWBCLIENT-OLD-samba4.so
> (0x00007ff85325f000)
> libasn1-samba4.so.8 =>
> /xsys/pkg/samba-4.11.13/lib/private/libasn1-samba4.so.8
> (0x00007ff852fb8000)
> libwind-samba4.so.0 =>
> /xsys/pkg/samba-4.11.13/lib/private/libwind-samba4.so.0
> (0x00007ff852d8f000)
> libhcrypto-samba4.so.5 =>
> /xsys/pkg/samba-4.11.13/lib/private/libhcrypto-samba4.so.5
> (0x00007ff852b49000)
> libcommon-auth-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libcommon-auth-samba4.so
> (0x00007ff85293a000)
> libwinbind-client-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libwinbind-client-samba4.so
> (0x00007ff852736000)
> libsmb-transport-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libsmb-transport-samba4.so
> (0x00007ff852530000)
> libclidns-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libclidns-samba4.so
> (0x00007ff85232a000)
> libsamba3-util-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libsamba3-util-samba4.so
> (0x00007ff85211d000)
> libmessages-dgm-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libmessages-dgm-samba4.so
> (0x00007ff851f0f000)
> libsmbconf.so.0 => /xsys/pkg/samba-4.11.13/lib/libsmbconf.so.0
> (0x00007ff851c76000)
> libCHARSET3-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libCHARSET3-samba4.so
> (0x00007ff851a72000)
> libsamba-cluster-support-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libsamba-cluster-support-samba4.so
> (0x00007ff85186f000)
> libcli-ldap-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libcli-ldap-samba4.so
> (0x00007ff851659000)
> libhx509-samba4.so.5 =>
> /xsys/pkg/samba-4.11.13/lib/private/libhx509-samba4.so.5
> (0x00007ff851406000)
> libheimbase-samba4.so.1 =>
> /xsys/pkg/samba-4.11.13/lib/private/libheimbase-samba4.so.1
> (0x00007ff851201000)
> libMESSAGING-SEND-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libMESSAGING-SEND-samba4.so
> (0x00007ff850ffe000)
> libmsghdr-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libmsghdr-samba4.so
> (0x00007ff850dfb000)
> libsmbd-shim-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libsmbd-shim-samba4.so
> (0x00007ff850bf8000)
> libpam.so.0 => /lib64/libpam.so.0 (0x00007ff8509e9000)
> libnsl.so.1 => /lib64/libnsl.so.1 (0x00007ff8507cf000)
> libresolv.so.2 => /lib64/libresolv.so.2 (0x00007ff8505b5000)
> libutil.so.1 => /lib64/libutil.so.1 (0x00007ff8503b2000)
> libz.so.1 => /xsys/lib64/libz.so.1 (0x00007ff850197000)
> libcap.so.2 => /lib64/libcap.so.2 (0x00007ff84ff92000)
> libldap-2.4.so.2 => /lib64/libldap-2.4.so.2 (0x00007ff84fd3d000)
> liblber-2.4.so.2 => /lib64/liblber-2.4.so.2 (0x00007ff84fb2e000)
> libcups.so.2 => /lib64/libcups.so.2 (0x00007ff84f8c5000)
> libjansson.so.4 => /lib64/libjansson.so.4 (0x00007ff84f6b8000)
> libgnutls.so.30 => /xsys/lib64/libgnutls.so.30
> (0x00007ff84f37c000)
> libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007ff84f145000)
> libdl.so.2 => /lib64/libdl.so.2 (0x00007ff84ef41000)
> libiconv.so.2 => /xsys/lib64/libiconv.so.2 (0x00007ff84ec5b000)
> libsystemd-journal.so.0 => /lib64/libsystemd-journal.so.0
> (0x00007ff84ea36000)
> libsystemd-daemon.so.0 => /lib64/libsystemd-daemon.so.0
> (0x00007ff84e82f000)
> libpopt.so.0 => /lib64/libpopt.so.0 (0x00007ff84e625000)
> libpthread.so.0 => /lib64/libpthread.so.0 (0x00007ff84e409000)
> libpython3.8.so.1.0 => /xsys/lib64/libpython3.8.so.1.0
> (0x00007ff84de6d000)
> libm.so.6 => /lib64/libm.so.6 (0x00007ff84db6b000)
> libc.so.6 => /lib64/libc.so.6 (0x00007ff84d79d000)
> /lib64/ld-linux-x86-64.so.2 (0x00007ff85d60e000)
> libaudit.so.1 => /lib64/libaudit.so.1 (0x00007ff84d574000)
> libattr.so.1 => /lib64/libattr.so.1 (0x00007ff84d36f000)
> libsasl2.so.3 => /lib64/libsasl2.so.3 (0x00007ff84d152000)
> libssl.so.10 => /lib64/libssl.so.10 (0x00007ff84cee0000)
> libcrypto.so.10 => /lib64/libcrypto.so.10 (0x00007ff84ca7d000)
> libssl3.so => /lib64/libssl3.so (0x00007ff84c824000)
> libsmime3.so => /lib64/libsmime3.so (0x00007ff84c5fc000)
> libnss3.so => /lib64/libnss3.so (0x00007ff84c2cd000)
> libnssutil3.so => /lib64/libnssutil3.so (0x00007ff84c09d000)
> libplds4.so => /lib64/libplds4.so (0x00007ff84be99000)
> libplc4.so => /lib64/libplc4.so (0x00007ff84bc94000)
> libnspr4.so => /lib64/libnspr4.so (0x00007ff84ba56000)
> libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2
> (0x00007ff84b809000)
> libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007ff84b520000)
> libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007ff84b2ed000)
> libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007ff84b0e9000)
> libavahi-common.so.3 => /lib64/libavahi-common.so.3
> (0x00007ff84aedc000)
> libavahi-client.so.3 => /lib64/libavahi-client.so.3
> (0x00007ff84accb000)
> libp11-kit.so.0 => /lib64/libp11-kit.so.0 (0x00007ff84a99c000)
> libtasn1.so.6 => /xsys/lib64/libtasn1.so.6 (0x00007ff84a785000)
> libnettle.so.6 => /xsys/lib64/libnettle.so.6 (0x00007ff84a542000)
> libhogweed.so.4 => /xsys/lib64/libhogweed.so.4
> (0x00007ff84a305000)
> libgmp.so.10 => /xsys/lib64/libgmp.so.10 (0x00007ff84a08f000)
> libfreebl3.so => /lib64/libfreebl3.so (0x00007ff849e8c000)
> libselinux.so.1 => /lib64/libselinux.so.1 (0x00007ff849c65000)
> liblzma.so.5 => /lib64/liblzma.so.5 (0x00007ff849a3f000)
> liblz4.so.1 => /lib64/liblz4.so.1 (0x00007ff84982a000)
> libgcrypt.so.11 => /lib64/libgcrypt.so.11 (0x00007ff8495a9000)
> libgpg-error.so.0 => /lib64/libgpg-error.so.0 (0x00007ff8493a4000)
> librt.so.1 => /lib64/librt.so.1 (0x00007ff84919c000)
> libdw.so.1 => /lib64/libdw.so.1 (0x00007ff848f4b000)
> libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007ff848d35000)
> libcap-ng.so.0 => /lib64/libcap-ng.so.0 (0x00007ff848b2f000)
> libkrb5support.so.0 => /lib64/libkrb5support.so.0
> (0x00007ff84891f000)
> libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007ff84871b000)
> libdbus-1.so.3 => /lib64/libdbus-1.so.3 (0x00007ff8484cb000)
> libffi.so.6 => /lib64/libffi.so.6 (0x00007ff8482c3000)
> libpcre.so.1 => /xsys/lib64/libpcre.so.1 (0x00007ff8480a5000)
> libelf.so.1 => /lib64/libelf.so.1 (0x00007ff847e8d000)
> libbz2.so.1 => /lib64/libbz2.so.1 (0x00007ff847c7d000)
> libsystemd.so.0 => /lib64/libsystemd.so.0 (0x00007ff847a4c000)
So many dependencies.... But when looking for just krb...
> libauthkrb5-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libauthkrb5-samba4.so
> (0x00007f61da46f000)
> libkrb5samba-samba4.so =>
> /xsys/pkg/samba-4.11.13/lib/private/libkrb5samba-samba4.so
> (0x00007f61d8df7000)
> libndr-krb5pac.so.0 =>
> /xsys/pkg/samba-4.11.13/lib/libndr-krb5pac.so.0 (0x00007f61d720f000)
> libkrb5-samba4.so.26 =>
> /xsys/pkg/samba-4.11.13/lib/private/libkrb5-samba4.so.26
> (0x00007f61d677b000)
> libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2
> (0x00007f61ce0fa000)
> libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007f61cde11000)
> libkrb5support.so.0 => /lib64/libkrb5support.so.0
> (0x00007f61cb210000)
Thank you!
Jason.
More information about the samba
mailing list