Miroirs/slackware-current
1
0
Fork 0
mirror of git://slackware.nl/current.git synced 2025-02-04 20:46:11 +01:00
Code Issues Projects Releases Packages Wiki Activity
slackware-current/source/n/samba/0002-samba-tool-create-working-private-krb5.conf.patch
Patrick J Volkerding 8ea9f1e02e Mon Feb 17 06:03:43 UTC 2020 
ap/ksh93-20200131_e4fea8c5-x86_64-1.txz:  Upgraded.
ap/zsh-5.8-x86_64-1.txz:  Upgraded.
l/brotli-1.0.7-x86_64-1.txz:  Added.
l/gmime-3.2.6-x86_64-1.txz:  Upgraded.
l/hyphen-2.8.8-x86_64-1.txz:  Added.
l/openal-soft-1.20.1-x86_64-1.txz:  Upgraded.
  Thanks to Skaendo and Willy Sudiarto Raharjo.
l/qt5-webkit-5.212.0_alpha3-x86_64-1.txz:  Added.
  Thanks to alienBOB.
l/woff2-20180531_a0d0ed7-x86_64-1.txz:  Added.
n/bluez-5.53-x86_64-1.txz:  Upgraded.
n/mutt-1.13.4-x86_64-1.txz:  Upgraded.
n/samba-4.11.6-x86_64-3.txz:  Rebuilt.
n/socat-1.7.3.4-x86_64-1.txz:  Added.
n/whois-5.5.6-x86_64-1.txz:  Upgraded.
testing/packages/PAM/samba-4.11.6-x86_64-3_pam.txz:  Rebuilt.
  Added patches to fix joining a DC when using krb5. Looks like the patches are
  already upstreamed in the latest 4.12.0-rc. Thanks to camerabambai.
2020-02-17 17:59:51 +01:00

42 lines
1.3 KiB
Diff
Raw Blame History

From 5a084994144704a6c146b94f8a22cf57ce08deab Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <ab@samba.org>
Date: Mon, 7 Oct 2019 18:24:28 +0300
Subject: [PATCH] samba-tool: create working private krb5.conf
DNS update tool uses private krb5.conf which should have enough details
to authenticate with GSS-TSIG when running nsupdate.
Unfortunately, the configuration we provide is not enough. We set
defaults to not lookup REALM via DNS but at the same time we don't
provide any realm definition. As result, MIT Kerberos cannot actually
find a working realm for Samba AD deployment because it cannot query DNS
for a realm discovery or pick it up from the configuration.
Extend private krb5.conf with a realm definition that will allow MIT
Kerberos to look up KDC over DNS.
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---
source4/setup/krb5.conf | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/source4/setup/krb5.conf b/source4/setup/krb5.conf
index b1bf6cf907d..ad6f2818fb5 100644
--- a/source4/setup/krb5.conf
+++ b/source4/setup/krb5.conf
@@ -2,3 +2,11 @@
default_realm = ${REALM}
dns_lookup_realm = false
dns_lookup_kdc = true
+
+[realms]
+${REALM} = {
+ default_domain = ${DNSDOMAIN}
+}
+
+[domain_realm]
+ ${HOSTNAME} = ${REALM}
--
2.21.0
Reference in a new issue View git blame Copy permalink