Re: [Samba] krb5.conf file in /var/lib/samba/smb_krb5; Samba 3.0.27a

Thu, 28 Feb 2008 08:37:02 -0800 

Hi Alex,
The reason that I was looking at this was because although I had MD5 configured in /etc/krb5.conf, Wireshark showed that the AS-REQ/REP, TGS-REQ/REP, and the "SMB Session Setup AndX Request" and Response were all in RC4. I could not figure out why until I found the Samba krb5.conf. So it appears that Samba supersedes the /etc/krb5.conf enctype and uses RC4. 

Eric

Alex de Vaal wrote:

Hello Eric,

Thnx for your answer, now I know I couldn't find anything about the
subject... ;-)
Before I asked the question about the krb5.conf file in
/var/lib/samba/smb_krb5 I searched all Samba documentation and googled
around, but I didn't find an answer that satisfied me.
I already noticed that this file has a link with the gencache.tdb file, I
played around with this in my test environment (remove the files and start
the daemons and look what is in it with a binary editor).

I'd like to understand what the file does, because my Samba domain members
in the live environment have no DC's in the same IP net, they are all behind
routers. So I want to know how this works, before I use Samba 3.0.27a in my
live AD environment.

BTW; you can see with "netstat -na | grep 445" to which DC the Samba server
is talking to...

Regards,
Alex.



On Wed, Feb 27, 2008 at 5:52 PM, Eric Roseme <[EMAIL PROTECTED]>
wrote:


I asked a co-worker who attended the Samba workshop last September to
pose the following question.  The answer follows (maybe it will help):

Q1.       Will the new (3.0.25b) krb5 code (that creates a
Samba-specific krb5.conf file) be documented somewhere?


A1.  Samba does not have documentation about the Samba-specific
krb5.conf that is placed in locking directory. And also, after running
kinit to obtain Kerberos ticket, Samba stores the ticket into memory
tdb, probbaly gencache.tdb. But Samba doesn't provide a tool to allow
users to see which DC Samba is talking to. Currently, we can use klist
to see which domain is being used by Samba.

Obviously this does not answer your question about how it works, but it
might get you closer.

Eric Roseme


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba






















					Reply via email to