Thursday, September 21, 2006

How to configure /etc/krb5.conf for Samba

Recently I've set up a Samba server to be an AD domain member. A question came up: do I need to configure Kerberos? I am using Fedora Core 5 with MIT Kerberos. The answer can be found in Samba docs, but it is scattered around several unrelated parts of the Official Samba Howto and is not easily accessible. In my experience, the answer is as follows:
  • make sure dns_lookup_kdc = true in [libdefaults] section
  • optionally set default_realm in [libdefaults] section to the DNS name of your AD domain. I have a suspicion that this only provides a default for Kerberos command-line tools and is not important for Samba
So, have in your krb5.conf: [libdefaults] dns_lookup_kdc = true default_realm = YOUR.DOMAIN and don't change anything else.
Post a Comment