Re: [Samba] Setting up Samba AD-DC on Debian Stretch made easy.

On Mon, 11 Sep 2017 15:29:20 +0200
"L.P.H. van Belle via samba" <samba@xxxxxxxxxxxxxxx> wrote:

> Hai, 
> I made the install howto based on the wiki steps, i only changed the
> order of install on some places. And found it, not email but wiki. 
> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller 
> The part Configuring Kerberos. 
> (  cp /usr/local/samba/private/krb5.conf /etc/krb5.conf ) 
> Which made me think that the /var/lib/samba/private/krb5.conf isnt
> used. (anymore) And so /etc/krb5.conf is the default, ... Wrong
> thinking?  

Yes ;-)

I have always copied the krb5.conf, but if you did symlink it, this
would work because the permissions allowed it. From 4.7.0 the
permissions will be tightened and only a limited number of accounts (or
maybe only root) will be allowed access into the dir, so using a symlink
will not work anymore.


