[Samba] krb5.conf file in /var/lib/samba/smb_krb5; Samba 3..

Hello list,

I've upgraded from Samba 3.0.14a to 3.0.27a (Samba is a domain member of a
W2k3 native AD) and I see that in the /var/lib/samba/smb_krb5 directory a
krb5.conf file is created.
Is this krb5.conf file extracted from my original /etc/krb5.conf? Or is this
file created from the "password server =" entry in my smb.conf file?
My original /etc/krb5.conf contains the DC's in DNS name and the
krb5.conffile in /var/lib/samba/smb_krb5 contains DC's on IP address.

I noticed also that the krb5.conf file in /var/lib/samba/smb_krb5 is only
renewed if /var/lib/samba/gencache.tdb is deleted before winbind is
restarted and it also uses the DC that is configured as primary DC in Sites
and Services in the Active Directory.

Can anyone shed a light how this work?

Thnx,
Alex.

Some info:

/etc/samba/smb.conf
=======

password server = adm02.test.com, adm03.test.com


/etc/krb5.conf
==========

[libdefaults]
default_realm = TEST.COM

[realms]
TEST.COM = {
kdc = adm02.test.com:88
kdc = adm03.test.com:88
kdc = adm01.test.com:88


/etc/hosts
========

192.168.100.100 adm01.test.com
10.0.0.100 adm02.test.com
192.168.100.110 nhadm03.test.com


/var/lib/samba/smb_krb5/krb5.conf.TEST
=============================

[libdefaults]
default_realm = TEST.COM

[realms]
TEST.COM = {
kdc = 192.168.100.110
kdc = 10.0.0.100
}
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

I asked a co-worker who attended the Samba workshop last September to
pose the following question. The answer follows (maybe it will help):

Q1. Will the new (3.0.25b) krb5 code (that creates a
Samba-specific krb5.conf file) be documented somewhere?


A1. Samba does not have documentation about the Samba-specific
krb5.conf that is placed in locking directory. And also, after running
kinit to obtain Kerberos ticket, Samba stores the ticket into memory
tdb, probbaly gencache.tdb. But Samba doesn't provide a tool to allow
users to see which DC Samba is talking to. Currently, we can use klist
to see which domain is being used by Samba.

Obviously this does not answer your question about how it works, but it
might get you closer.

Eric Roseme


Alex de Vaal wrote:
> Hello list,
>
> I've upgraded from Samba 3.0.14a to 3.0.27a (Samba is a domain member of a
> W2k3 native AD) and I see that in the /var/lib/samba/smb_krb5 directory a
> krb5.conf file is created.
> Is this krb5.conf file extracted from my original /etc/krb5.conf? Or is this
> file created from the "password server =" entry in my smb.conf file?
> My original /etc/krb5.conf contains the DC's in DNS name and the
> krb5.conffile in /var/lib/samba/smb_krb5 contains DC's on IP address.
>
> I noticed also that the krb5.conf file in /var/lib/samba/smb_krb5 is only
> renewed if /var/lib/samba/gencache.tdb is deleted before winbind is
> restarted and it also uses the DC that is configured as primary DC in Sites
> and Services in the Active Directory.
>
> Can anyone shed a light how this work?
>
> Thnx,
> Alex.
>
> Some info:
>
> /etc/samba/smb.conf
> =======
>
> password server = adm02.test.com, adm03.test.com
>
>
> /etc/krb5.conf
> ==========
>
> [libdefaults]
> default_realm = TEST.COM
>
> [realms]
> TEST.COM = {
> kdc = adm02.test.com:88
> kdc = adm03.test.com:88
> kdc = adm01.test.com:88
>
>
> /etc/hosts
> ========
>
> 192.168.100.100 adm01.test.com
> 10.0.0.100 adm02.test.com
> 192.168.100.110 nhadm03.test.com
>
>
> /var/lib/samba/smb_krb5/krb5.conf.TEST
> =============================
>
> [libdefaults]
> default_realm = TEST.COM
>
> [realms]
> TEST.COM = {
> kdc = 192.168.100.110
> kdc = 10.0.0.100
> }
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba