Jump to content
Welcome to our new Citrix community!
  • 0

How to use a custom /etc/krb5.conf file when using Linux VDA none-persistent machines and MCS


MBi

Question

Hello,

 

I need to change the content of  /etc/krb5.conf to make Linux VDA fully working with my environment. The problem is that this file is replaced during the MCS deployement process. Because of this it is useless to make the change in the master image.

How can I workaround this issue? I use CentOS 7.5, the last version of the VDA and SSSD for AD integration.

 

Thanks in advance.

 

 

Link to comment

4 answers to this question

Recommended Posts

  • 0

Not working.

 

I need to add thse 2 lines to krb5.conf :

 

default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5

default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5

 

So I changed /opt/Citrix/VDA/lib64/mcs/ad_join.sh  (section [libdefaults]

 

function conf_sssd_krb5()

{

    log "Debug: Enter function conf_sssd_krb5"

    krbFile="/etc/krb5.conf"

 

    echo "[logging]

    default = FILE:/var/log/krb5libs.log

    kdc = FILE:/var/log/krb5kdc.log

    admin_server = FILE:/var/log/kadmind.log

 

[libdefaults]

    default_ccache_name = FILE:/tmp/krb5cc_%{uid}

    default_realm = $REALM

    default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5

 

    default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5

 

 

 

But when I update the catalogue the krb5.conf file does not contains these 2 lines.

 

 

 

Link to comment
  • 0
18 hours ago, MBi said:

Not working.

 

I need to add thse 2 lines to krb5.conf :

 

default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5

default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5

 

So I changed /opt/Citrix/VDA/lib64/mcs/ad_join.sh  (section [libdefaults]

 

function conf_sssd_krb5()

{

    log "Debug: Enter function conf_sssd_krb5"

    krbFile="/etc/krb5.conf"

 

    echo "[logging]

    default = FILE:/var/log/krb5libs.log

    kdc = FILE:/var/log/krb5kdc.log

    admin_server = FILE:/var/log/kadmind.log

 

[libdefaults]

    default_ccache_name = FILE:/tmp/krb5cc_%{uid}

    default_realm = $REALM

    default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5

 

    default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5

 

 

 

But when I update the catalogue the krb5.conf file does not contains these 2 lines.

 

 

 

 

Since it is just a script ... did you see the log message "Debug: Enter function conf_sssd_krb5" ?

That function is called by the function conf_sssd() ... 

which in turn is called from join_domain_setup_vda() only if $AD_INTEGRATION is not winbind ...

which in turn is called if the parameter to the script is --setup instead of --config

 

 

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...