[Samba] Cannot contact any KDC for requested realm
Rowland Penny
rpenny at samba.org
Thu Jul 19 15:50:12 UTC 2018
On Thu, 19 Jul 2018 17:33:46 +0200
Anton Blau via samba <samba at lists.samba.org> wrote:
> Am 19.07.2018 um 10:03 schrieb Rowland Penny via samba:
> > On Wed, 18 Jul 2018 23:21:41 +0200
> > Anton Blau via samba <samba at lists.samba.org> wrote:
> >
> >> Am 18.07.2018 um 14:17 schrieb Rowland Penny via samba:
> >>
> > It is touched on here:
> >
> > https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Parameter_Explanation
> >
> > It is quite simple, the realm is the DNS domain name in uppercase,
> > so in your case, the DNS domain appears to be 'duck', so the realm
> > must be 'DUCK'
> >
> > You don't appear to have provisioned with the realm 'DUCK', so it
> > will probably be easier to re-provision.
> >
> > Rowland
> >
> >
> Sorry - but I suppose I'm stupid. If I try to re-provision with realm
> "DUCK" I get a new error.
>
> I tried it with realm "DUCK" + domain "DUCK" and "FILE" ->
> provisioning fails.
>
> If I try it with realm "DUCK" + domain "FILE.DUCK" provisioning
> runns, but I got the error
>
> What I am doing wrong?
>
>
>
> root at file:~# rm /etc/samba/smb.conf
> root at file:~# samba-tool domain provision --use-rfc2307 --interactive
> Realm [DUCK]:
> Domain [DUCK]:
> Server Role (dc, member, standalone) [dc]:
> DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE)
> [SAMBA_INTERNAL]:
> DNS forwarder IP address (write 'none' to disable forwarding)
> [192.168.1.254]:
> Administrator password:
> Retype password:
> ERROR(<class 'samba.provision.ProvisioningError'>): Provision failed
> - ProvisioningError: guess_names: Realm 'DUCK' must not be equal to
> short domain name 'DUCK'!
The above shows the problem, you cannot use the realm name for the
netbios domain name (aka workgroup), or to put it another way, your
netbios domain name 'DUCK' cannot be the same as your realm 'DUCK'.
Is your dns domain really just 'duck' ?
If so, I think you need to consider changing it.
I suggest you read this:
https://wiki.samba.org/index.php/Active_Directory_Naming_FAQ
You could use something like 'duck.tld', just don't use the TLD '.local'
Rowland
More information about the samba
mailing list