[Samba] Upgrading to AD

Ron Murray rjmx at rjmx.net
Wed May 12 01:02:47 UTC 2021

I've been running Samba at home now for at least 20 years. With the
discovery that Windows 10 won't do NT4 networks, I figured that I might
as well upgrade to AD, since Samba can now be an AD domain controller.

I've been running (MIT) Kerberos for almost that long as well (it's
handy for authenticating to servers), and at first I was discouraged by
Samba's insistence on Heimdal Kerberos. Eventually, I switched, and got
that (mostly) working.

Then I started to install Samba AD, and discovered that Samba seems to
have an inbuilt KDC. Is this correct? Should I be running Samba's
inbuilt Kerberos instead? I can't find anything in the documentation
mentioning using a pre-existing Kerberos.

Anyway, I limped along, installed as best I could, disabled Samba's kdc
in smb.conf, but my heimdal-kdc .log keeps giving errors like 

Looking for ENC-TS pa-data -- COMPUTER$@EXAMPLE.COM

where "COMPUTER" is my KDC/AD controller.

Perhaps I missed something in the instructions, because there's
obviously no such entry in my Kerberos database. Is this because I
should be using Samba's KDC, or is it something else?



Ron Murray <rjmx at rjmx.net>
PGP Fingerprint: 4D99 70E3 2317 334B 141E 7B63 12F7 E865 B5E2 E761

More information about the samba mailing list