RE: [Samba] Need krb5 on Interdomain trust Win2003SP1 - Samba3.0.21?
Hi Geoff, I've made it. Yes, it is good enough to follow the steps in Ch 12.3.2 , anyway, I have attached part of my "krb5.conf" for you as reference: -starts [libdefaults] default_realm = MYDOMAIN.COM dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h forwardable = yes [realms] MYDOMAIN.COM = { kdc = w2k3.mydomain.com admin_server = w2k3.mydomain.com default_domain = mydomain.com } [domain_realm] .mydomain.com = MYDOMAIN.COM mydomain.com = MYDOMAIN.COM ---end Then "kinit" and "klist -e" will get what you want. and now I have a successful interdomain trust between Samba.3.0.21a and Win2003SP1. THX guys do shed light on my problem!! Best Wishes Simon -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Geoffrey Scott Sent: Wednesday, January 04, 2006 11:10 AM To: Gerald (Jerry) Carter Cc: samba@lists.samba.org Subject: [Samba] Need krb5 on Interdomain trust Win2003SP1 - Samba3.0.21? SHA1 wrote: > Simon Leung wrote: >> >> Anyway, my question is beside Winbind, do I need to configure krb5 on >> Samba (Domain A) when talking to Win2003SP1 on Domain B? > > Beginning with 3.0.21 if you are talking to AD in anyways (domain > member server, domain controller with domain trusts, etc...) you > should ensure that you configure with ADS support and correctly > configure /etc/krb5.conf. Hi Jerry JHT hasn't got any mention of configuring /etc/krb5.conf in "S by example" chapter 7.3.4 but he has in chapter 12.3.2. Other docs say only an empty config file is needed or non at all depending on whether you are using Heimdal or MIT kerberos. How much info if any should be in /etc/krb5.conf? is the chapter 12 example enough?: [libdefaults] default_realm = LONDON.ABMAS.BIZ [realms] LONDON.ABMAS.BIZ = { kdc = w2k3s.london.abmas.biz } Sorry to ask a basic question, but if I do an apt-get install samba and samba-common, will it install all the files needed for ADS domain membership? Regards Geoff Scott Gerald (Jerry) Carter wrote: -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Need krb5 on Interdomain trust Win2003SP1 - Samba3.0.21?
SHA1 wrote: > Simon Leung wrote: >> >> Anyway, my question is beside Winbind, do I need to configure krb5 on >> Samba (Domain A) when talking to Win2003SP1 on Domain B? > > Beginning with 3.0.21 if you are talking to AD in anyways (domain > member server, domain controller with domain trusts, etc...) you > should ensure that you configure with ADS support and correctly > configure /etc/krb5.conf. Hi Jerry JHT hasn't got any mention of configuring /etc/krb5.conf in "S by example" chapter 7.3.4 but he has in chapter 12.3.2. Other docs say only an empty config file is needed or non at all depending on whether you are using Heimdal or MIT kerberos. How much info if any should be in /etc/krb5.conf? is the chapter 12 example enough?: [libdefaults] default_realm = LONDON.ABMAS.BIZ [realms] LONDON.ABMAS.BIZ = { kdc = w2k3s.london.abmas.biz } Sorry to ask a basic question, but if I do an apt-get install samba and samba-common, will it install all the files needed for ADS domain membership? Regards Geoff Scott Gerald (Jerry) Carter wrote: -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Need krb5 on Interdomain trust Win2003SP1 - Samba3.0.21?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Simon Leung wrote: > Hi there, > > I am reading the Samba3-By-Example dated 29Dec2005. I've > found that there's no information on telling how to make > a successful deployment on interdomain trust, but this > is the missing Chapter that I am really looking for. > > Anyway, my question is beside Winbind, do I need to > configure krb5 on Samba (Domain A) when talking to Win2003SP1 > on Domain B? Beginning with 3.0.21 if you are talking to AD in anyways (domain member server, domain controller with domain trusts, etc...) you should ensure that you configure with ADS support and correctly configure /etc/krb5.conf. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org Centeris --- http://www.centeris.com "There's an anonymous coward in all of us." --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDurbSIR7qMdg1EfYRAtx+AKCtpYTDLRRZaPUK6Jb+TYcXIaa1hQCgmi6K 4p+Bm+qY5Yy06Yq6OQWUYkU= =fXKX -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Need krb5 on Interdomain trust Win2003SP1 - Samba3.0.21?
Hi there, I am reading the Samba3-By-Example dated 29Dec2005. I've found that there's no information on telling how to make a successful deployment on interdomain trust, but this is the missing Chapter that I am really looking for. Anyway, my question is beside Winbind, do I need to configure krb5 on Samba (Domain A) when talking to Win2003SP1 on Domain B? Best Wishes and Happy New Year Simon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba