RE: [Samba] Need krb5 on Interdomain trust Win2003SP1 - Samba3.0.21?
Hi Geoff,
I've made it. Yes, it is good enough to follow the steps in Ch 12.3.2 ,
anyway, I have attached part of my "krb5.conf" for you as reference:
-starts
[libdefaults]
default_realm = MYDOMAIN.COM
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes
[realms]
MYDOMAIN.COM = {
kdc = w2k3.mydomain.com
admin_server = w2k3.mydomain.com
default_domain = mydomain.com
}
[domain_realm]
.mydomain.com = MYDOMAIN.COM
mydomain.com = MYDOMAIN.COM
---end
Then "kinit" and "klist -e" will get what you want.
and now I have a successful interdomain trust between Samba.3.0.21a and
Win2003SP1.
THX guys do shed light on my problem!!
Best Wishes
Simon
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Geoffrey Scott
Sent: Wednesday, January 04, 2006 11:10 AM
To: Gerald (Jerry) Carter
Cc: samba@lists.samba.org
Subject: [Samba] Need krb5 on Interdomain trust Win2003SP1 - Samba3.0.21?
SHA1 wrote:
> Simon Leung wrote:
>>
>> Anyway, my question is beside Winbind, do I need to configure krb5 on
>> Samba (Domain A) when talking to Win2003SP1 on Domain B?
>
> Beginning with 3.0.21 if you are talking to AD in anyways (domain
> member server, domain controller with domain trusts, etc...) you
> should ensure that you configure with ADS support and correctly
> configure /etc/krb5.conf.
Hi Jerry
JHT hasn't got any mention of configuring /etc/krb5.conf in "S by example"
chapter 7.3.4 but he has in chapter 12.3.2. Other docs say only an empty
config file is needed or non at all depending on whether
you are using Heimdal or MIT kerberos.
How much info if any should be in /etc/krb5.conf? is the chapter 12 example
enough?:
[libdefaults]
default_realm = LONDON.ABMAS.BIZ
[realms]
LONDON.ABMAS.BIZ = {
kdc = w2k3s.london.abmas.biz
}
Sorry to ask a basic question, but if I do an apt-get install samba and
samba-common, will it install all the files needed for ADS domain
membership?
Regards Geoff Scott
Gerald (Jerry) Carter wrote:
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Need krb5 on Interdomain trust Win2003SP1 - Samba3.0.21?
SHA1 wrote:
> Simon Leung wrote:
>>
>> Anyway, my question is beside Winbind, do I need to configure krb5 on
>> Samba (Domain A) when talking to Win2003SP1 on Domain B?
>
> Beginning with 3.0.21 if you are talking to AD in anyways (domain
> member server, domain controller with domain trusts, etc...) you
> should ensure that you configure with ADS support and correctly
> configure /etc/krb5.conf.
Hi Jerry
JHT hasn't got any mention of configuring /etc/krb5.conf in "S by
example" chapter 7.3.4 but he has in chapter 12.3.2. Other docs say
only an empty config file is needed or non at all depending on whether
you are using Heimdal or MIT kerberos.
How much info if any should be in /etc/krb5.conf? is the chapter 12 example
enough?:
[libdefaults]
default_realm = LONDON.ABMAS.BIZ
[realms]
LONDON.ABMAS.BIZ = {
kdc = w2k3s.london.abmas.biz
}
Sorry to ask a basic question, but if I do an apt-get install samba and
samba-common, will it install all the files needed for ADS domain
membership?
Regards Geoff Scott
Gerald (Jerry) Carter wrote:
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Need krb5 on Interdomain trust Win2003SP1 - Samba3.0.21?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Simon Leung wrote: > Hi there, > > I am reading the Samba3-By-Example dated 29Dec2005. I've > found that there's no information on telling how to make > a successful deployment on interdomain trust, but this > is the missing Chapter that I am really looking for. > > Anyway, my question is beside Winbind, do I need to > configure krb5 on Samba (Domain A) when talking to Win2003SP1 > on Domain B? Beginning with 3.0.21 if you are talking to AD in anyways (domain member server, domain controller with domain trusts, etc...) you should ensure that you configure with ADS support and correctly configure /etc/krb5.conf. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org Centeris --- http://www.centeris.com "There's an anonymous coward in all of us." --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDurbSIR7qMdg1EfYRAtx+AKCtpYTDLRRZaPUK6Jb+TYcXIaa1hQCgmi6K 4p+Bm+qY5Yy06Yq6OQWUYkU= =fXKX -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Need krb5 on Interdomain trust Win2003SP1 - Samba3.0.21?
Hi there, I am reading the Samba3-By-Example dated 29Dec2005. I've found that there's no information on telling how to make a successful deployment on interdomain trust, but this is the missing Chapter that I am really looking for. Anyway, my question is beside Winbind, do I need to configure krb5 on Samba (Domain A) when talking to Win2003SP1 on Domain B? Best Wishes and Happy New Year Simon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
