Winbind Kerberos Locator

From SambaWiki
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

With version x of Samba, the system library can use a samba krb5 locator plugin to detect KDCs.

A locator offers to bypass builtin name resolution routines of the kerberos library. By that, a locator plugin can force the kerberos library to use a specific server. Often, in Windows networks, this is exactly what you want to achieve. Very often you want to force the kerberos library to use exactly the same server as the samba binaries (smbd, winbind) do.

Build instructions

There is no need to enable the build of the locator plugin. Samba will automatically build it as long as the system kerberos library has support for locator plugins.

You can check your build output for that while looking for: 

...
checking for krb5/locate_plugin.h   yes
...

After finishing the build process, the locator plugin can be found in $SAMBA_SRC/bin/winbind_krb5_locator.so

Configuration

Once build, the locator needs to be installed into the appropriate plugin directories:

  • Heimdal
  • MIT

Usage

Winbind needs to run for the plugin to work.

Retrieved from "https://wiki.samba.org/index.php?title=Winbind_Kerberos_Locator&oldid=3316"