I can't find my own kdc -- myself?

Mauricio Tavares raubvogel at gmail.com
Mon Jun 20 05:59:48 MDT 2011

	So I installed samba4 in an ubuntu 11.04 box. Let's say I configured
it using provision as follows:

root at sambabox:~# LD_PRELOAD=/usr/lib/libdcerpc.so.0.0.1
/usr/share/samba/setup/provision \
--realm=test.domain.com --domain=DOMAIN --adminpass=Password123 \
--ldapadminpass=Password123 \
--server-role='domain controller'
Looking up IPv4 addresses
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=test,DC=domain,DC=com
Adding configuration container
Setting up sam.ldb schema
Reopening sam.ldb with new schema
Setting up sam.ldb configuration data
Setting up display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up sam.ldb users and groups
Setting up self join
Setting up sam.ldb rootDSE marking as synchronized
A zone reload and thaw was started.
Check the logs to see the result.
See /var/lib/samba/private/named.conf for an example configuration
include file for BIND
and /var/lib/samba/private/named.txt for further documentation
required for secure DNS updates
A Kerberos configuration suitable for Samba 4 has been generated at
Please install the phpLDAPadmin configuration located at
/var/lib/samba/private/phpldapadmin-config.php into
Once the above files are installed, your Samba4 server will be ready to use
Server Role:           domain controller
Hostname:              sambabox
NetBIOS Domain:        DOMAIN
DNS Domain:            test.domain.com
DOMAIN SID:            S-1-5-21-2257259966-3970256540-3902716814
Admin password:        Password123
root at sambabox:~#

I also did make sure bind knew about the configuration file created above,

echo 'include "/var/lib/samba/private/named.conf";" >>

And that seemed to work:

root at sambabox:~# host -t SRV _kerberos._udp.test.domain.com
_kerberos._udp.test.domain.com has SRV record 0 100 88 sambabox.test.domain.com.
root at sambabox:~#

But when I try to create a ticket, I get

root at sambabox:~# kinit administrator
administrator at TEST.DOMAIN.COM's Password:
kinit: krb5_get_init_creds: Server
root at sambabox:~#

And when I go check the samba.log file, I find this

/usr/sbin/samba_dnsupdate: RuntimeError: kinit for
SAMBABOX$@TEST.DOMAIN.COM failed (Server not found in Kerberos
database: Server (krbtgt/TEST.DOMAIN.COM at TEST.DOMAIN.COM) unknown)

Is it me or sambabox does not know where its own kdc -- itself -- is?

More information about the samba-technical mailing list