Re: [Samba] How to configure krb5 for multiple domains or domain and its sub-domains

Tue, 23 Aug 2011 12:18:08 -0700 

Hi Mauricio,

First of all, thank you for the reply. Secondly, those subdomains are child 
domains of pc.example.com in windows dns.  And here is my current krb5.conf 
file.  [email protected] is connecting fine. But not the 
[email protected] or [email protected]. These users will be 
prompted for the username and password. By the way we use kerberos with winbind.

[libdefaults]
        default_realm = PC.EXAMPLE.COM
        dns_lookup_kdc = true
        verify_ap_req_nofail = false
        clockskew = 300

[realms]
        PC.EXAMPLE.COM = {
                kdc = server1.pc.example.com
                admin_server = server1.pc. example.com
                default_domain = pc. example.com
        }

 [domain_realm]
       .kerberos.server = PC. EXAMPLE.COM
       pc. example.com = PC. EXAMPLE.COM
       .pc. example.com = PC. EXAMPLE.COM
        

[logging]
        default = FILE:/var/krb5/kdc.log
        kdc = FILE:/var/log/kdc.log
        kdc_rotate = {

# How often to rotate kdc.log. Logs will get rotated no more
# often than the period, and less often if the KDC is not used
# frequently.

                period = 1d

# how many versions of kdc.log to keep around (kdc.log.0, kdc.log.1, ...)

                versions = 10
        }

[appdefaults]
        kinit = {
                renewable = true
                forwardable= true
        }
        gkadmin = {
                help_url = 
http://docs.sun.com:80/ab2/coll.384.1/SEAM/@AB2PageView/1195
        }
Thanks a lot,

Anh.



-----Original Message-----
From: Mauricio Tavares [mailto:[email protected]] 
Sent: Tuesday, August 23, 2011 12:50 PM
To: [email protected]
Subject: Re: [Samba] How to configure krb5 for multiple domains or domain and 
its sub-domains

On Aug 23, 2011 11:13 AM, "Le, Anh" <[email protected]> wrote:
>
> Hi All,
>
> I've configured my samba server (3.5.11) working and joined to my 
> domain
pc.example.com. Every user of pc.example.com is able to view the shared folders 
and files of my samba server without any problem.
>
> However, the users of my sub-domains Europe.pc.example.com  and
Asia.pc.example.com could not connect and view the shared folders of my samba 
server. They were prompted for the passwords and it does not accept their 
passwords when the users entered. I guess it has this problem because my 
current krb5 is only setup for my main domain pc.example.com.
>
> I don't know the syntax for the multiple domains or domain and its
sub-domains of krb5.conf file. It will be very appreciated if anyone can help 
me.
>
      Are those subdomains as in dns subdomains or samba workgroups/domains?
Are they all supposed to be in the same kerberos realm?

> Thanks a lot,
>
> Anh.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Reply via email to