I have upgraded a Slackware server setup as a Samba AD DC from 14.2 to -current today, and cannot get the Kerberos side of things working for the Samba AD. To begin with, I just can't figure out if the default Samba package is compiled with any form of Kerberos or not? samba -b makes no mention of it either way, and all I can see in samba.SlackBuild is the following line commented out:

I'm pretty sure that the Samba package in 14.2 supported Kerberos out of the box - as far as I can remember. Does anybody know, one way or the other?

According to the Slackware Packages Browser these files are shipped in samba-4.7.5:
/usr/lib64/python2.7/site-packages/samba/provision/kerberos_implementation.py
/usr/lib64/python2.7/site-packages/samba/provision/kerberos.py

I don't know how that works but am assuming that you'd need to have some kerberos implementation to make use of it, maybe python-kerberos for which a SlackBuils is available @ slackbuilds.or bur for Slackware 14.2 and more.

It turns out that, unless Samba is compiled specifically with config options against MIT Kerberos, it includes automatically its own private Heimdal kerberos code to cover kerberos functionality. I think the Python scripts you've highlighted above are used internally by Samba during setting up/migration. Samba itself sets kerberos up automatically during the configuration of an AD DC.

In my case I was chasing up completely the wrong path - it turned out to be the "interfaces = " option in Samba. The old server used eth1 for the LAN interface, while the new server used a bridge on br0 for its LAN interface. For all the other testing commands for Samba I used 'localhost' - which went through the loopback (which Samba was also listening on) - so they all completed fine. But when I tried to test kerberos, it was trying to reach Samba through the LAN IP - because of the kerberos DNS entry. However, Samba wasn't listening on that, as it wasn't configured correctly to listen on the bridge interface.

It only took 8 hours of troubleshooting, taking the whole server apart, recompiling Bind and running every test from Samba wiki to figure the above out - as none of the error messages mentioned anything to do with the interface :-)

As a side note for anybody setting up Samba AD DC on Slackware, although Samba sets up kerberos automatically, if you want to run the kerberos tests from Samba wiki, you will need to install one of the kerberos packages from SlackBuilds.org to get the necessary command line tools (kinit, klist etc.). krb5 works fine for me. That's another tidbit which took me ages to figure out when I first setup a Samba AD DC.

2 members found this post helpful.