Univention Bugzilla – Bug 29291
Samba4 DCs sollten den lokalen KDC verwenden
Last modified: 2013-11-19 06:41:44 CET
In einer Samba4-Umgebung mit Master, Backup und Slave kam es auf dem Master zu Authentifikationsfehlern für den Administrator, weil der Slave keine aktuelle Uhrzeit hatte: root@master1:~# kinit Administrator Administrator@ARUCS31I5.QA's Password: kinit: krb5_get_init_creds: Clock skew too great Ggf. ist es besser auf Samba4 DCs den lokalen KDC zu verwenden: ucr set kerberos/kdc=127.0.0.1 kerberos/defaults/dns_lookup_kdc=no
Vermutlich muss dann auch kerberos/kpasswdserver gesetzt werden, siehe Bug 30839.
We will not ship a UCS 3.1-2 release; the next UCS release will be UCS 3.2. As such, this bug is moved to the new target milestone.
The postinst changes kerberos/kdc in case they still show the original values during update. kerberos/defaults/dns_lookup_kdc is not changed, as the manpage states that this DNS lookup is only the fallback if no KDC is specified explicitely. During join the two variables are unconditionally set to 172.0.0.1. (Maybe better use the fqdn?) Changelog updated.
The postinst changes kerberos/kdc and kerberos/kpasswdserver ...
OK - Update config-registry.replog: 2013-08-05 15:43:45: set kerberos/kdc=127.0.0.1 old:[Previously undefined] 2013-08-05 15:43:45: set kerberos/kpasswdserver=127.0.0.1 old:master.fff.ggg -> ucr get kerberos/kdc 127.0.0.1 -> ucr get kerberos/kpasswdserver 127.0.0.1 OK - New Installation OK - Changelog
UCS 3.2 has been released: http://docs.univention.de/release-notes-3.2-en.html http://docs.univention.de/release-notes-3.2-de.html If this error occurs again, please use "Clone This Bug".