Univention Bugzilla – Bug 49338
Sync settings in krb5.conf and Samba UCRv
Last modified: 2019-04-24 07:56:54 CEST
For reasons customers frequently set the following UCRv: samba/interfaces/bindonly: yes samba/interfaces: <interfaces/primary> (instead of default: samba/interfaces/bindonly: no samba/interfaces: lo <interfaces/primary> ) Which means Samba nor Kerberos will listen on localhost (127.0.0.1) interface. But krb5.conf by default refers to 127.0.0.1: [realms] MULTI.UCS = { acl_file = /var/lib/heimdal-kdc/kadmind.acl kdc = 127.0.0.1 admin_server = ucs.multi.ucs kpasswd_server = 127.0.0.1 } MULTI = { kdc = 127.0.0.1 admin_server = ucs.multi.ucs default_domain = multi.ucs } When executing ucr commit /etc/krb5.conf we should check if Samba listens on lo and set krb5 settings accordingly. Or simply make Samba to always listen to lo. Otherwise Kerberos does not work when Samba is not listening to lo causing major issues on customer sites.