[Samba] logging lines in krb5.conf
Rowland penny
rpenny at samba.org
Mon Oct 5 18:52:45 UTC 2020
On 05/10/2020 19:29, Jason Keltz via samba wrote:
>
> On 10/5/2020 12:44 PM, Rowland penny via samba wrote:
>> On 05/10/2020 17:27, Jason Keltz via samba wrote:
>>>
>>> Hi Roland,
>>>
>>> I'm glad you brought that up. This is a piece of the puzzle I have
>>> been very confused with. I'm not using the Samba from CentOS/RHEL,
>>> but a custom compiled one (latest 4.11.13). As CentOS uses MIT
>>> Kerberos by default, am I not automatically using MIT Krb5 on the
>>> server in the mode you describe as "Experimental"? Is Samba
>>> re-implenting the Heimdal based Kerberos, or using the system
>>> Kerberos? Do I have a choice? And If my system doesn't use Heimdel
>>> and only has MIT Krb5 libraries, isn't that what would be used?
>>> Here's the ldd on the samba binary...
>>
>> It depends on how you actually built Samba, did you pass
>> '--with-system-mitkrb5 --with-experimental-mit-ad-dc' to configure ?
>>
>> You could try running 'smbd -b | grep HAVE_LIBKADM5SRV_MIT' on the DC
>>
>> Rowland
>
> Hi Rowland,
>
> Our auto build system is compiling with this:
>
> --with-acl-support
> --with-piddir=/run
> --with-configdir=/etc/samba
> --with-statedir=/local/samba/locks
> --with-cachedir=/local/samba/cache
> --with-lockdir=/local/samba/lock
> --with-privatedir=/local/samba/private
> --with-sockets-dir=/run
> --with-privileged-socket-dir=/var/lib
> --with-logfilebase=/local/log
> --with-syslog
>
> However,
>
>> % smbd -b | grep HAVE_LIBKADM5SRV_MIT
>> HAVE_LIBKADM5SRV_MIT
Strange, do you the OS Samba packages installed as well ?
It has been sometime since I tested using MIT as the kdc and you are
supposed to pass '--with-system-mitkrb5 --with-experimental-mit-ad-dc'
to configure, otherwise Heimdal is used. You do not seem to have done
this, but your version of smbd seems to have been built with MIT. How
did you build Samba ? Was it the standard 'configure' (with options as
above), 'make' and 'make install', or do you build packages with a
'spec' file ?
>
> I'd like to believe that the Kerberos implementation with Samba could
> run independent of the O/S one, but I suspect that if you have MIT
> Kerberos, it's going to compile with that?
It is possible to build Samba on Centos using Heimdal (there are a
couple of users that supply rpms or instructions on how to do this, but
only for Centos 7).
Rowland
More information about the samba
mailing list