Recently I've set up a Samba server to be an AD domain member. A question came up: do I need to configure Kerberos? I am using Fedora Core 5 with MIT Kerberos. The answer can be found in Samba docs, but it is scattered around several unrelated parts of the Official Samba Howto and is not easily accessible. In my experience, the answer is as follows:
- make sure
dns_lookup_kdc = true in [libdefaults] section
- optionally set
default_realm in [libdefaults] section to the DNS name of your AD domain. I have a suspicion that this only provides a default for Kerberos command-line tools and is not important for Samba
So, have in your krb5.conf:
[libdefaults]
dns_lookup_kdc = true
default_realm = YOUR.DOMAIN
and don't change anything else.
1 comment:
hi
this note is so so useful for me
tanx for sharing your exprience
Good Luck
Post a Comment