Kenneth Marshall wrote:
We had a similar problem with 3.0.7 where hostname based authentication failed, but IP based succeeded. The problem was an incorrect krb5.conf file in our case. The specific lines that were missing were (from the HowTo):
[domain_realms] .kerberos.server = YOUR.KERBEROS.REALM
For whatever reason, the earlier version managed to work without those lines. Just another data point.
--Ken
I tried that, no dice.
Since you guys and gals are looking after it, I'll just sit tight for the next rev to be patched.
Here is my krb5.conf:
=krb5.conf=
[libdefaults]
default_realm = SAMBA.LOCAL
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
permitted_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true[login]
krb4_convert = true
krb4_get_tickets = true[realms]
SAMBA.LOCAL = {
kdc = 66.70.73.150
admin_server = 66.70.73.150
default_domain = SAMBA.local
}[domain_realm]
.SAMBA.local = SAMBA.LOCAL
a-whistler.SAMBA.local = SAMBA.LOCAL
.SAMBA.org = SAMBA.LOCAL
a-whistler.SAMBA.org = SAMBA.LOCAL
=/end=
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
