Hi Ralf,
Ralf Hornik Mailings wrote:
Rajesh Ghanekar <rajesh_ghane...@symantec.com> wrote:
Hi Ralf,
Thanks for the help. But I was asking if all 4 points mentioned in
my mail
are correct or not, like what if SRV records are not present, etc,
then what
should go in krb5.conf and smb.conf?
Im not clear, what you are asking for. All points 1 - 3 are true.
Point 1 and 3. Have you got a working DNS? So getting kerberos
credendials works without any krb5.conf (testet 1 minute before). (You
only have to attach the kerberos realm when kinit e.g. "kinit
u...@realm.org").
Thanks for the information.
I have some more questions:
- I guess I don't need to do kinit manually if I am using "net ads join"
command, right?
- Does samba use SRV records for anything else other than finding out domain
controller names? If not, I can do away without them by writing manual
entries
in /etc/krb5.conf. I will be using DNS, but no SRV records.
- I found that even when no SRV records are present and wrong (invalid
hosts)
IP addresses configured for domain controllers (in smb.conf and
/etc/krb5.conf),
I am still able to join the domain. I am not sure if there is any
component which
actually does broadcasting and finds out if any domain controller
present using
this fallback method?
Thanks,
Rajesh
If not you have to set krb5.conf like:
[libdefaults]
default_realm = REALM.ORG
[realms]
REALM.ORG = {
kdc = master.realm.org:88
kdc = slave.realm.org:88
admin_server = master.realm.org:749
default_domain = realm.org
}
[domain_realm]
.realm.org = REALM.ORG
realm.org = REALM.ORG
Point 2. This is explained by itself and correct.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
