diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2020-02-17 06:03:43 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2020-02-17 17:59:51 +0100 |
| commit | 8ea9f1e02e85e3cc2b4ccda52639e96651d21653 (patch) | |
| tree | dacfd5fff40a77f9335c18e572a6587149bb0abc /source/n/samba/0002-samba-tool-create-working-private-krb5.conf.patch | |
| parent | 6087aff6cae8d8d4c46ce086cb7b70a5af412d2b (diff) | |
| download | current-8ea9f1e02e85e3cc2b4ccda52639e96651d21653.tar.gz current-8ea9f1e02e85e3cc2b4ccda52639e96651d21653.tar.xz | |
Mon Feb 17 06:03:43 UTC 202020200217060343
ap/ksh93-20200131_e4fea8c5-x86_64-1.txz: Upgraded.
ap/zsh-5.8-x86_64-1.txz: Upgraded.
l/brotli-1.0.7-x86_64-1.txz: Added.
l/gmime-3.2.6-x86_64-1.txz: Upgraded.
l/hyphen-2.8.8-x86_64-1.txz: Added.
l/openal-soft-1.20.1-x86_64-1.txz: Upgraded.
Thanks to Skaendo and Willy Sudiarto Raharjo.
l/qt5-webkit-5.212.0_alpha3-x86_64-1.txz: Added.
Thanks to alienBOB.
l/woff2-20180531_a0d0ed7-x86_64-1.txz: Added.
n/bluez-5.53-x86_64-1.txz: Upgraded.
n/mutt-1.13.4-x86_64-1.txz: Upgraded.
n/samba-4.11.6-x86_64-3.txz: Rebuilt.
n/socat-1.7.3.4-x86_64-1.txz: Added.
n/whois-5.5.6-x86_64-1.txz: Upgraded.
testing/packages/PAM/samba-4.11.6-x86_64-3_pam.txz: Rebuilt.
Added patches to fix joining a DC when using krb5. Looks like the patches are
already upstreamed in the latest 4.12.0-rc. Thanks to camerabambai.
Diffstat (limited to 'source/n/samba/0002-samba-tool-create-working-private-krb5.conf.patch')
| -rw-r--r-- | source/n/samba/0002-samba-tool-create-working-private-krb5.conf.patch | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/source/n/samba/0002-samba-tool-create-working-private-krb5.conf.patch b/source/n/samba/0002-samba-tool-create-working-private-krb5.conf.patch new file mode 100644 index 000000000..643d3676d --- /dev/null +++ b/source/n/samba/0002-samba-tool-create-working-private-krb5.conf.patch @@ -0,0 +1,42 @@ +From 5a084994144704a6c146b94f8a22cf57ce08deab Mon Sep 17 00:00:00 2001 +From: Alexander Bokovoy <ab@samba.org> +Date: Mon, 7 Oct 2019 18:24:28 +0300 +Subject: [PATCH] samba-tool: create working private krb5.conf + +DNS update tool uses private krb5.conf which should have enough details +to authenticate with GSS-TSIG when running nsupdate. + +Unfortunately, the configuration we provide is not enough. We set +defaults to not lookup REALM via DNS but at the same time we don't +provide any realm definition. As result, MIT Kerberos cannot actually +find a working realm for Samba AD deployment because it cannot query DNS +for a realm discovery or pick it up from the configuration. + +Extend private krb5.conf with a realm definition that will allow MIT +Kerberos to look up KDC over DNS. + +Signed-off-by: Alexander Bokovoy <ab@samba.org> +Reviewed-by: Andreas Schneider <asn@samba.org> +--- + source4/setup/krb5.conf | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/source4/setup/krb5.conf b/source4/setup/krb5.conf +index b1bf6cf907d..ad6f2818fb5 100644 +--- a/source4/setup/krb5.conf ++++ b/source4/setup/krb5.conf +@@ -2,3 +2,11 @@ + default_realm = ${REALM} + dns_lookup_realm = false + dns_lookup_kdc = true ++ ++[realms] ++${REALM} = { ++ default_domain = ${DNSDOMAIN} ++} ++ ++[domain_realm] ++ ${HOSTNAME} = ${REALM} +-- +2.21.0 + |