Bug 5237 - The file "krb5.conf.xxx" in some situations incorrectly generated
Summary: The file "krb5.conf.xxx" in some situations incorrectly generated
Status: RESOLVED WORKSFORME
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: winbind (show other bugs)
Version: 3.0.28
Hardware: x86 FreeBSD
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-02-01 11:55 UTC by Alex
Modified: 2017-01-04 15:19 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alex 2008-02-01 11:55:18 UTC
I have autogenerated file:
[libdefaults]
        default_realm = KH.DOMAIN.DOM

[realms]
        KH.DOMAIN.DOM = {
                kdc = 192.168.144.254
        }

But have error:
"ads_connect for domain KH failed: Response too big for UDP, retry with TCP"
and get errors with "wbinfo -g","wbinfo -m"("wbinfo -t" - success)

So, we need change string "kdc = 192.168.144.254" to "kdc = tcp/192.168.144.254".

But we have no possibility to do it ! String without "tcp/" hardcoded at file samba-3.0.28/source/libads/kerberos.c,function "get_kdc_ip_string".
So we need some legitimate way to change string with/without "tcp/".

I have manually changed source (add "tcp/" to kerberos server at function "get_kdc_ip_string"), and have new autogenerated file:
[libdefaults]
        default_realm = KH.DOMAIN.DOM

[realms]
        KH.DOMAIN.DOM = {
                kdc = tcp/192.168.144.254
        }
And all works for me (wbinfo -g","wbinfo -m" - success).
Comment 1 Björn Jacke 2017-01-04 15:19:37 UTC
tcp should not be forced in the krb5.conf file. The library should take care for a retry with TCP in case KRB5KRB_ERR_RESPONSE_TOO_BIG is received, maybe 9 years ago this was not handled right yet. Can you confirm that this is not an issue anymore for your these days?