Samba, Response too big for UDP, retry with TCP, Kerberos
implementation on FreeBSD
Ginzburg, Oleg
Oleg.Ginzburg at billing.ru
Thu Aug 7 14:12:06 UTC 2008
Hello,
I receive a similar problem in a current configuration (FreeBSD 7.0-Release amd64, samba-3.0.31_1) like this:
http://lists.samba.org/archive/samba/2007-July/133625.html
and most likely I assume problems both in Samba and in realization Kerberos on FreeBSD (IMHO Samba more:)
The problem consists that during the generation phase (libads/kerberos.c:create_local_private_krb5_conf_for_domain) of temporary file /var/db/samba/smb_krb5/krb5.conf.<DOMAIN> is
lost the instruction for transport protocol (if they present in /etc/krb5.conf)
So, temporary workaround for this problem looks like:
1) After unsuccessful execution
$ net ads join ...
Edit a file /var/db/samba/smb_krb5/krb5.conf.<DOMAIN>, having added before server a "tcp/" (of course, only if tcp proto is necessary tcp
also it should be present in/etc/krd5.conf):
--
[realms]
<DOMAIN> = {
kdc = tcp/<IP>
...
}
--
2) Then set forbid modification on a file
chflags schg /var/db/samba/smb_krb5/krb5.conf.<DOMAIN>
3) And trying "net join " again, with ignoring of rename error
(create_local_private_krb5_conf_for_domain: rename of /var/db/samba/smb_tmp_krb5.IQraHE to /var/db/samba/smb_krb5/krb5.conf.<DOMAIN> failed. Errno Operation not permitted..)
Operation must end with success execution.
Question - Whether two (FreeBSD/Samba) problems are valid here?
(Samba generate not corrected file)+(Heimdal Kerberos FreeBSD not trying force a tcp? PS: similar problem are not present in MIT Kerberos (/usr/ports/security/krb5))
--
CJSC "PETER-SERVICE"
============================
Direct: +7 812 3261290 ext. 0423
Tel: +7 812 3261299
Fax: +7 812 3261298
E-mail: Oleg.Ginzburg at billing.ru
URL: http://www.billing.ru
More information about the freebsd-ports
mailing list