Re: [Samba] PAM only and Kerberos...
- Date: Wed, 30 May 2018 11:29:22 -0400
- From: Robert Marcano via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] PAM only and Kerberos...
On 05/30/2018 11:02 AM, Marco Gaiarin via samba wrote:
Mandi! Robert Marcano via samba
In chel di` si favelave...
Yes, check the documentation of krb5.conf.
Ahem, 'apt-get install krb5-doc' misses. ;-)
In summary you will need to
disable dns_canonicalize_hostname dns_lookup_kdc , etc if enabled and set
you admin and kdc hostnames there, something like:
How can i determine kdc and master_kdc values? All DC server are KDC
and the FSMO role are master_kdc?
I wonder if you can choose the master as the more robust (HW and SW) of
your DCs, no idea.
On a non AD Kerberos realm you can get from DNS, For example:
dig +short _kerberos._udp.example.com srv
dig +short _kerberos-master._udp.example.com srv
both values, but the last one doesn't show on my Samba AD domain (single
My installations of Samba as a AD DC are containerized and single server
(for now), so I don't know if _kerberos-master._udp doesn't show because
there is only one DC or if Samba doesn't setup that record.
To unsubscribe from this list go to the following URL and read the