Hi Mauricio, It worked. Thanks a lot for your helps. I really appreciate that.
Thanks Anh. -----Original Message----- From: Mauricio Tavares [mailto:[email protected]] Sent: Tuesday, August 23, 2011 4:47 PM To: [email protected] Subject: Re: [Samba] How to configure krb5 for multiple domains or domain and its sub-domains On Tue, Aug 23, 2011 at 3:17 PM, Le, Anh <[email protected]> wrote: > Hi Mauricio, > > First of all, thank you for the reply. Secondly, those subdomains are child > domains of pc.example.com in windows dns. And here is my current krb5.conf > file. [email protected] is connecting fine. But not the > [email protected] or [email protected]. These users will be > prompted for the username and password. By the way we use kerberos with > winbind. > > [libdefaults] > default_realm = PC.EXAMPLE.COM > dns_lookup_kdc = true > verify_ap_req_nofail = false > clockskew = 300 > > [realms] > PC.EXAMPLE.COM = { > kdc = server1.pc.example.com > admin_server = server1.pc. example.com > default_domain = pc. example.com > } > > [domain_realm] > .kerberos.server = PC. EXAMPLE.COM > pc. example.com = PC. EXAMPLE.COM > .pc. example.com = PC. EXAMPLE.COM .europe.pc.example.com = PC. EXAMPLE.COM .asia.pc.example.com = PC. EXAMPLE.COM see if this helps > > > [logging] > default = FILE:/var/krb5/kdc.log > kdc = FILE:/var/log/kdc.log > kdc_rotate = { > > # How often to rotate kdc.log. Logs will get rotated no more # often > than the period, and less often if the KDC is not used # frequently. > > period = 1d > > # how many versions of kdc.log to keep around (kdc.log.0, kdc.log.1, > ...) > > versions = 10 > } > > [appdefaults] > kinit = { > renewable = true > forwardable= true > } > gkadmin = { > help_url = > http://docs.sun.com:80/ab2/coll.384.1/SEAM/@AB2PageView/1195 > } > Thanks a lot, > > Anh. > > > > -----Original Message----- > From: Mauricio Tavares [mailto:[email protected]] > Sent: Tuesday, August 23, 2011 12:50 PM > To: [email protected] > Subject: Re: [Samba] How to configure krb5 for multiple domains or > domain and its sub-domains > > On Aug 23, 2011 11:13 AM, "Le, Anh" <[email protected]> wrote: >> >> Hi All, >> >> I've configured my samba server (3.5.11) working and joined to my >> domain > pc.example.com. Every user of pc.example.com is able to view the shared > folders and files of my samba server without any problem. >> >> However, the users of my sub-domains Europe.pc.example.com and > Asia.pc.example.com could not connect and view the shared folders of my samba > server. They were prompted for the passwords and it does not accept their > passwords when the users entered. I guess it has this problem because my > current krb5 is only setup for my main domain pc.example.com. >> >> I don't know the syntax for the multiple domains or domain and its > sub-domains of krb5.conf file. It will be very appreciated if anyone can help > me. >> > Are those subdomains as in dns subdomains or samba workgroups/domains? > Are they all supposed to be in the same kerberos realm? > >> Thanks a lot, >> >> Anh. >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
