Web lists-archives.com

Re: [Samba] PAM only and Kerberos...

Mandi! Robert Marcano via samba
  In chel di` si favelave...

Sorry for the late answer.

> I wonder if you can choose the master as the more robust (HW and SW) of your
> DCs, no idea.

Seems that also the krb5.conf manpage suggest that, eg 'master' is only
a fallback KDC.

> On a non AD Kerberos realm you can get from DNS, For example:
>   dig +short _kerberos._udp.example.com srv
>   dig +short _kerberos-master._udp.example.com srv
> both values, but the last one doesn't show on my Samba AD domain (single
> server)
> My installations of Samba as a AD DC are containerized and single server
> (for now), so I don't know if _kerberos-master._udp doesn't show because
> there is only one DC or if Samba doesn't setup that record.

I confirm, samba does not setup that record, also on a multi-DC setup:

 root@vdcsv1:~# dig +short _kerberos._udp.ad.fvg.lnf.it srv
 0 100 88 vdcsv1.ad.fvg.lnf.it.
 0 100 88 vdcpp2.ad.fvg.lnf.it.
 0 100 88 vdcpp1.ad.fvg.lnf.it.
 0 100 88 vdcsv2.ad.fvg.lnf.it.
 0 100 88 vdctms1.ad.fvg.lnf.it.
 0 100 88 vdcud1.ad.fvg.lnf.it.
 root@vdcsv1:~# dig +short _kerberos-master._udp.ad.fvg.lnf.it srv


dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba