[WHATSNEW] Samba AD with MIT Kerberos + Version change
L.P.H. van Belle
belle at bazuin.nl
Fri May 5 11:39:11 UTC 2017
Now based on this below.
I already created this patch for the debian samba 470 packages.
This works as long as the code can detect : /etc/krb5kdc correctly without --kdc-config-dir= in provisioning,
because most people will us the --kdc-config-dir .
krb5kdc.patch
--- samba-4.7.0.orig/python/samba/provision/kerberos_implementation.py
+++ samba-4.7.0/python/samba/provision/kerberos_implementation.py
@@ -14,5 +14,5 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
-kdb_modules_dir = "/usr/local/samba/lib/krb5/plugins/kdb"
+kdb_modules_dir = "/usr/lib/x86_64-linux-gnu/krb5/plugins/kdb"
kdc_default_config_dir = "None"
+kdc_default_config_dir = "/etc/krb5kdc"
Only this need the correct fix, for that we need the devs..
> Did you also modify python/samba/provision/kerberos.py:29:
> if _glue.is_heimdal_built:
> to
> if _glue.is_heimdal_built():
A small check if i could access the sysvol for example works.
Just simple test, \\IP\
Login prompt, NTUSER\Administrator
And it works.
And i did see that the sysvol rights are ok :-)
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba-technical
> [mailto:samba-technical-bounces at lists.samba.org] Namens
> L.P.H. van Belle via samba-technical
> Verzonden: vrijdag 5 mei 2017 13:27
> Aan: samba-technical at lists.samba.org
> CC: Andreas Schneider
> Onderwerp: RE: [WHATSNEW] Samba AD with MIT Kerberos + Version change
>
> Works here now. ;-)
>
> Made these changes
>
> Did you also modify python/samba/provision/kerberos.py:29:
> if _glue.is_heimdal_built:
> to
> if _glue.is_heimdal_built():
>
> Which fixed the creation off the kdc.conf.
>
>
>
> Next :
> Tried a provisioning 2 ways.
> samba-tool domain provision --use-rfc2307 --server-role=dc
> --domain=NTTEST --kdc-config-dir=/etc/krb5kdc --realm=TEST.DOMAIN.TLD
>
> samba-tool domain provision --use-rfc2307 --server-role=dc
> --domain=NTTEST --kdc-config-dir=/usr/local/samba/etc
> --realm=TEST.DOMAIN.TLD
>
> Both Smb.conf are kdc.conf correct created.
>
> Now the first one is what im testing more..
>
> I did 2 things.
> 1 ) ln -s /usr/local/samba/lib/krb5/plugins/kdb/samba.so
> /usr/lib/x86_64-linux-gnu/krb5/plugins/kdb/samba.so
> 2 ) and added these to lines:
>
> cat /etc/ld.so.conf.d/libc.conf
> # libc default configuration
> /usr/local/lib
> /usr/local/samba/lib <<<<<<
> /usr/local/samba/lib/service <<<<<<
>
>
> And start samba.
> It stops here :
> samba -i
> samba version 4.7.0pre1-GIT-1e7bec4-Debian started.
> Copyright Andrew Tridgell and the Samba Team 1992-2017
> samba: using 'standard' process model
> Attempting to autogenerate TLS self-signed keys for https for
> hostname 'DEBIAN8.test.domain.tld'
> /usr/sbin/krb5kdc: krb5kdc: starting...
> TLS self-signed keys generated OK
> And the low now shows.
>
> cat /usr/local/samba/var/mit_kdc.log
> krb5kdc: Unable to load requested database module 'samba':
> plugin symbol 'kdb_function_table' not found - while
> initializing database for realm TEST.DOMAIN.TLD
> krb5kdc: Unable to load requested database module 'samba':
> plugin symbol 'kdb_function_table' not found - while
> initializing database for realm TEST.DOMAIN.TLD
>
> ^^^^^ previous tests ...
>
> May 05 13:15:09 debian8 krb5kdc[3137](info): setting up network...
> krb5kdc: setsockopt(18,IPV6_V6ONLY,1) worked
> krb5kdc: setsockopt(20,IPV6_V6ONLY,1) worked May 05 13:15:09
> debian8 krb5kdc[3137](info): set up 4 sockets May 05 13:15:09
> debian8 krb5kdc[3137](info): commencing operation (CTRL -C
> here ) May 05 13:17:00 debian8 krb5kdc[3137](info): closing
> down fd 20 May 05 13:17:00 debian8 krb5kdc[3137](info):
> closing down fd 19 May 05 13:17:00 debian8
> krb5kdc[3137](info): closing down fd 18 May 05 13:17:00
> debian8 krb5kdc[3137](info): closing down fd 17 May 05
> 13:17:00 debian8 krb5kdc[3137](info): shutting down
>
> wbinfo -u
> NTTEST\administrator
> NTTEST\guest
> NTTEST\krbtgt
>
>
> And now Samba work now for me.
>
>
> Greetz,
>
> Louis
>
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba-technical
> > [mailto:samba-technical-bounces at lists.samba.org] Namens
> Rowland Penny
> > via samba-technical
> > Verzonden: vrijdag 5 mei 2017 12:53
> > Aan: samba-technical at lists.samba.org
> > Onderwerp: Re: [WHATSNEW] Samba AD with MIT Kerberos +
> Version change
> >
> > On Fri, 05 May 2017 12:27:07 +0200
> > Daniele Dario <d.dario76 at gmail.com> wrote:
> >
> > > What happens if you change
> > > if _glue.is_heimdal_built:
> > > to
> > > if _glue.is_heimdal_built():
> > >
> > > If is_heimdal_built is a method and not a variable this
> > makes a lot of
> > > difference.
> >
> > Yes that worked to get 'kdc.conf' created, but I still get:
> >
> > krb5kdc: Unable to load requested database module 'samba':
> > plugin symbol 'kdb_function_table' not found - while initializing
> > database for realm TESTING.TLD
> >
> > in /usr/local/samba/var/mit_kdc.log
> >
> > Rowland
> >
> >
>
>
>
More information about the samba-technical
mailing list