Hello all,
I use UCS in up2date Version 5.2-3 errata291 with two Domainservers, some managed nodes and some Ubuntu Clients.
- Primary Directory Node
- Secondary Directory Node
- Ubuntu Clients 24.04 LTS
Kerberos Auth, Pam_mount is working fine. But if the PDN fails, auth is not possible any more with Kerberos from the clients. I imagine that would have worked before… but maybe I’m wrong.
My krb5.conf looks this:
[libdefaults]
default_realm = TUX.LAN
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
allow_weak_crypto=false
rdns = false
[realms]
TUX.LAN = {
kdc = dc1.tux.lan dc2.tux.lan
admin_server = dc1.tux.lan
kpasswd_server = dc1.tux.lan
}
Adding dc2 to the config anywhere does not change anything:
[realms]
TUX.LAN = {
kdc = dc1.tux.lan dc2.tux.lan
admin_server = dc1.tux.lan dc2.tux.lan
kpasswd_server = dc1.tux.lan dc2.tux.lan
}
But what works is when I replace dc1 with dc2. DC1 was offline during the tests, of course.
[realms]
TUX.LAN = {
kdc = dc2.tux.lan
admin_server = dc2.tux.lan
kpasswd_server = dc2.tux.lan
}
In the docs i didn’t find a example for this case:
https://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/krb5_conf.html
Does anyone know the correct syntax?
