[Samba] Issues demoting a samba DC.

Rowland Penny rpenny at samba.org
Sun Jan 8 17:18:31 UTC 2023



On 08/01/2023 16:54, Michael Tokarev via samba wrote:
> 08.01.2023 19:42, Rowland Penny via samba wrote:
>> Ah, I forgot that you are running your Samba AD DC's in an unsupported 
>> way, for a start you really should only have one realm in krb5.conf on 
>> a DC.
> 
> This is just untrue. It's perfectly okay to have more than one realm there.
> 
>> I cannot help you further with this, an NT4-style DC != an AD DC and 
>> you shouldn't try to run AD anything like NT4
> 
> There's no need to help here, I solved this issue, which was wrong 
> krb5.conf
> (which was created as suggested in the wiki btw, but it does not tell to 
> update
> it when changing list of DCs -- it should be quite obvious thing to do but
> people tend to forget where else they've added their DCs).
> 
> It has nothing to do with NT4-style.

Well no, it doesn't, but it is that style of thinking.

As for what should be in /etc/krb5.conf on a DC, you really only need 
one line, can you guess which ?

Rowland



More information about the samba mailing list