[Pkg-samba-maint] Bug#1034417: samba: Samba can no longer authenticate users via Kerberos from a standalone KDC

Andrew Bartlett abartlet at samba.org
Thu Aug 10 08:16:36 BST 2023 

On Thu, 2023-08-10 at 10:03 +0300, Michael Tokarev wrote:
> Control: tag -1 - moreinfo + wontfixControl: severity -1 minor
> 15.04.2023 00:03, Daniel Lakeland wrote:...
> > Hi Michael, my concern is mainly to document the existence of this
> > problem for others who might use this similar config. I'm 100% sure
> > I'm not the only one in the world. There are debian bugs going back
> > a while where others have this kind of set up and had issues. I'll
> > continue to try to figure out the work around, and then document
> > the method I came up with here, and then we can close the bug so
> > it's preserved for others with similar issues?
> 
> It looks like you're one of maybe just a few people in the worldwho
> uses this config with samba and stand-alone ldap and kdc, aftersamba
> made everything to be internal because separate componentswere
> basically unmanageable.
> In order for this bug report to not disturb my workflow (not to
> paymore attention to it every time I look at samba bugs), - since
> itis for documentation purpose only, I'm lowering severity of it
> andadding a "wontfix" tag.
> Thanks,
> /mjt
Per https://lists.samba.org/archive/samba/2023-April/244999.html it
*might* work if the MIT KDC were adjusted not to issue a PAC
https://web.mit.edu/kerberos/krb5-1.20/ suggests disable_pac in the
realm configuration on the KDC.
Andrew Bartlett
-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/Samba Team Member (since 2001) https://samba.orgSamba Team Lead                https://catalyst.net.nz/services/sambaCatalyst.Net Ltd
Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company
Samba Development and Support: https://catalyst.net.nz/services/samba
Catalyst IT - Expert Open Source Solutions
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20230810/fb7632fd/attachment.htm>

More information about the Pkg-samba-maint mailing list