On Tue, Aug 23, 2011 at 3:17 PM, Le, Anh <[email protected]> wrote:
> Hi Mauricio,
>
> First of all, thank you for the reply. Secondly, those subdomains are child
> domains of pc.example.com in windows dns. And here is my current krb5.conf
> file. [email protected] is connecting fine. But not the
> [email protected] or [email protected]. These users will be
> prompted for the username and password. By the way we use kerberos with
> winbind.
>
> [libdefaults]
> default_realm = PC.EXAMPLE.COM
> dns_lookup_kdc = true
> verify_ap_req_nofail = false
> clockskew = 300
>
> [realms]
> PC.EXAMPLE.COM = {
> kdc = server1.pc.example.com
> admin_server = server1.pc. example.com
> default_domain = pc. example.com
> }
>
> [domain_realm]
> .kerberos.server = PC. EXAMPLE.COM
> pc. example.com = PC. EXAMPLE.COM
> .pc. example.com = PC. EXAMPLE.COM
.europe.pc.example.com = PC. EXAMPLE.COM
.asia.pc.example.com = PC. EXAMPLE.COM
see if this helps
>
>
> [logging]
> default = FILE:/var/krb5/kdc.log
> kdc = FILE:/var/log/kdc.log
> kdc_rotate = {
>
> # How often to rotate kdc.log. Logs will get rotated no more
> # often than the period, and less often if the KDC is not used
> # frequently.
>
> period = 1d
>
> # how many versions of kdc.log to keep around (kdc.log.0, kdc.log.1, ...)
>
> versions = 10
> }
>
> [appdefaults]
> kinit = {
> renewable = true
> forwardable= true
> }
> gkadmin = {
> help_url =
> http://docs.sun.com:80/ab2/coll.384.1/SEAM/@AB2PageView/1195
> }
> Thanks a lot,
>
> Anh.
>
>
>
> -----Original Message-----
> From: Mauricio Tavares [mailto:[email protected]]
> Sent: Tuesday, August 23, 2011 12:50 PM
> To: [email protected]
> Subject: Re: [Samba] How to configure krb5 for multiple domains or domain and
> its sub-domains
>
> On Aug 23, 2011 11:13 AM, "Le, Anh" <[email protected]> wrote:
>>
>> Hi All,
>>
>> I've configured my samba server (3.5.11) working and joined to my
>> domain
> pc.example.com. Every user of pc.example.com is able to view the shared
> folders and files of my samba server without any problem.
>>
>> However, the users of my sub-domains Europe.pc.example.com and
> Asia.pc.example.com could not connect and view the shared folders of my samba
> server. They were prompted for the passwords and it does not accept their
> passwords when the users entered. I guess it has this problem because my
> current krb5 is only setup for my main domain pc.example.com.
>>
>> I don't know the syntax for the multiple domains or domain and its
> sub-domains of krb5.conf file. It will be very appreciated if anyone can help
> me.
>>
> Are those subdomains as in dns subdomains or samba workgroups/domains?
> Are they all supposed to be in the same kerberos realm?
>
>> Thanks a lot,
>>
>> Anh.
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
