I thought it was pretty strange too. Here are the records I used for my DNS:
_kerberos IN TXT "BHBTEST.COM" _kerberos-master._udp IN SRV 0 0 88 kerb1 _kerberos-adm._tcp IN SRV 0 0 749 kerb1 _kpasswd._udp IN SRV 0 0 464 kerb1 _kerberos._udp IN SRV 0 0 88 kerb1 _ldap._tcp.bhbtest.com IN SRV 0 0 389 ldap1 Someone else replied to this thread, thinking that the KDC interfered with "kerberized" daemons running on other machines, namely sshd. I have sshd running on several of my internal servers, including the Samba server. Adding pricipals for these machines alone supposedly should do the trick. This sounds reasonable to me, any thoughts? Either way, I'm almost done configuring a Kerberos/LDAP machine that due to necessity will become a production machine on the network by this time tomorrow. Just to make sure I think I will bring this on-line after normal working hours. -----Original Message----- From: Steve Langasek [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 08, 2002 2:50 PM To: John Green Cc: Kerberos (E-mail) Subject: Re: Windows browse list w/ Kerberos On Thu, Aug 08, 2002 at 02:32:57PM -0700, John Green wrote: > Thanks for the input. I realize that about the Samba version, and > definitely no AD here (I wouldn't want to attempt trying to make Samba the > master browser with a Win2K PDC around, perhaps a hardier soul might), but > the Kerberos machine arriving on the network was definitely the cause; the > Samba machine has been running for over a year, the only problem being the > five minutes the Kerberos machine was on the network. This seems terribly odd to me. Did you do anything wrt configuring Kerberos besides setting up a KDC on the Linux box? I certainly don't understand why the Win2K workstations were even *aware* of the presence of the new Kerberos server, let alone negatively impacted by it. Did you configure SRV records for your domain pointing to the Linux server? And BTW, trying to force Samba 2.2.1 to be a local master browser when there's a Win2K domain controller on the network (it can be done) is a BAD idea. Steve Langasek postmodern programmer ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
