From: Robert LeBlanc <[email protected]> To: Matthew J. Salerno <[email protected]> Cc: [email protected]; [email protected] Sent: Fri, October 16, 2009 2:50:59 AM Subject: Re: [Samba] Is it EVER needed to set up kerberos manually if you use samba to join an ADS domain as a domain member?
On Thu, Oct 15, 2009 at 8:29 AM, Matthew J. Salerno <[email protected]> wrote: >I found out that in order for the idmap_ad to be able to pull in the rfc2307 >attributes, you need to have the krb5,conf setup. Auth was working fine, but >without the krb5.conf, that was all that was working. > >http://lists.samba.org/archive/samba/2009-October/151144.html > > > Looking at your post, there doesn't seem to be anything in the krb5.conf file that would make it work. Do you know which setting was the "magic" one? I would be interested to know. We use RID for ID mapping since we only had a few ID hard coded in our AD and it works fine with a minimal krb5.conf file. Robert LeBlanc Life Sciences & Undergraduate Education Computer Support Brigham Young University --------------------------------------------------- If that's the case, then you should probably be falling back on the template settings. template homedir & template shell All I did was configure my krb5.conf based on the hundreds of wiki/howto/faq's and forum posts I read. I'm not sure what the "magic" one is, but I know that it works when I do the kinit. What issues are you having? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
