First Last Prev Next    This bug is not in your last search results.
Bug 49338 - Sync settings in krb5.conf and Samba UCRv
Sync settings in krb5.conf and Samba UCRv
Status: NEW
Product: UCS
Classification: Unclassified
Component: Kerberos
UCS 4.4
Other Linux
: P5 normal (vote)
: ---
Assigned To: UCS maintainers
UCS maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-04-24 07:56 CEST by Christian Völker
Modified: 2019-04-24 07:56 CEST (History)
0 users

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 2: Improvement: Would be a product improvement
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.046
Enterprise Customer affected?: Yes
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Christian Völker univentionstaff 2019-04-24 07:56:54 CEST 
For reasons customers frequently set the following UCRv:
samba/interfaces/bindonly: yes
samba/interfaces: <interfaces/primary>
(instead of default:
samba/interfaces/bindonly: no
samba/interfaces: lo <interfaces/primary>
)

Which means Samba nor Kerberos will listen on localhost (127.0.0.1) interface.

But krb5.conf by default refers to 127.0.0.1:

[realms]
MULTI.UCS = { 
	acl_file = /var/lib/heimdal-kdc/kadmind.acl
	kdc = 127.0.0.1
	admin_server = ucs.multi.ucs
	kpasswd_server = 127.0.0.1
}

MULTI = { 
	kdc = 127.0.0.1
	admin_server = ucs.multi.ucs
	default_domain = multi.ucs
}

When executing ucr commit /etc/krb5.conf we should check if Samba listens on lo and set krb5 settings accordingly.

Or simply make Samba to always listen to lo.

Otherwise Kerberos does not work when Samba is not listening to lo causing major issues on customer sites.
First Last Prev Next    This bug is not in your last search results.