samba4 domain problem

Gémes Géza geza at kzsdabas.hu
Sat Apr 20 14:16:58 MDT 2013 

Hi,
> Hi,
>
> As far as I understand if I use as a dns-backend SAMBA_INTERNAL or I don't mention about it it will use samba4's internal DNS server. If I run everything else like BIND9_DLZ or BIND9_FLATFILE option I need to use a bind on the same server as the samba4 dc would be running. For the moment I think the samba's internal stuff would be much simpler since for the moment I want to get used to it and it would not have any extra configuration files.
> Good taking in consideration that I am using google's public dns as a dns server what IP should I put in dns forwarders?
>
> if I start my samba with -i -M single -d2 option I get the following:
>
> # samba -i -M single -d2
> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
> samba version 4.0.5 started.
> Copyright Andrew Tridgell and the Samba Team 1992-2012
> samba: using 'single' process model
> dreplsrv_partition[CN=Configuration,DC=demo,DC=local] loaded
> dreplsrv_partition[CN=Schema,CN=Configuration,DC=demo,DC=local] loaded
> dreplsrv_partition[DC=demo,DC=local] loaded
> dreplsrv_partition[DC=DomainDnsZones,DC=demo,DC=local] loaded
> dreplsrv_partition[DC=ForestDnsZones,DC=demo,DC=local] loaded
> kccsrv_partition[DC=demo,DC=local] loaded
> kccsrv_partition[CN=Configuration,DC=demo,DC=local] loaded
> kccsrv_partition[CN=Schema,CN=Configuration,DC=demo,DC=local] loaded
> kccsrv_partition[DC=DomainDnsZones,DC=demo,DC=local] loaded
> kccsrv_partition[DC=ForestDnsZones,DC=demo,DC=local] loaded
> Loading new DNS update grant rules
> /usr/sbin/smbd: smbd version 4.0.5 started.
> /usr/sbin/smbd: Copyright Andrew Tridgell and the Samba Team 1992-2012
> /usr/sbin/smbd: standard input is not a socket, assuming -D option
> /usr/sbin/smbd: Unable to connect to CUPS server localhost:631 - Connection refused
> /usr/sbin/smbd: failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL
> /usr/sbin/samba_dnsupdate: Traceback (most recent call last):
> /usr/sbin/samba_dnsupdate:   File "/usr/sbin/samba_dnsupdate", line 506, in <module>
> /usr/sbin/samba_dnsupdate:     get_credentials(lp)
> /usr/sbin/samba_dnsupdate:   File "/usr/sbin/samba_dnsupdate", line 119, in get_credentials
> /usr/sbin/samba_dnsupdate:     creds.get_named_ccache(lp, ccachename)
> /usr/sbin/samba_dnsupdate: RuntimeError: kinit for DEM$@DEMO.LOCAL failed (Cannot contact any KDC for requested realm)
> /usr/sbin/samba_dnsupdate:
> ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_ACCESS_DENIED
>
> my smb.conf look like this:
> global]
> 	workgroup = DEMO
> 	realm = demo.local
> 	server role = active directory domain controller
> 	passdb backend = samba_dsdb
> 	dns forwarder = 10.0.0.1
> 	rpc_server:tcpip = no
> 	rpc_daemon:spoolssd = embedded
> 	rpc_server:spoolss = embedded
> 	rpc_server:winreg = embedded
> 	rpc_server:ntsvcs = embedded
> 	rpc_server:eventlog = embedded
> 	rpc_server:srvsvc = embedded
> 	rpc_server:svcctl = embedded
> 	rpc_server:default = external
> 	idmap config * : backend = tdb
> 	map archive = No
> 	map readonly = no
> 	store dos attributes = Yes
> 	vfs objects = dfs_samba4, acl_xattr
>
> [netlogon]
> 	path = /var/lib/samba/sysvol/demo.local/scripts
> 	read only = No
>
> [sysvol]
> 	path = /var/lib/samba/sysvol
> 	read only = No
>
> thanks for you help.
>
> Peter
>
>
>
It seems you are trying to forward dns queries to 10.0.0.1. Do you have 
another dns server listening at that address (btw. what is ip address of 
your samba box?) ? What does your resolv.conf look like? BTW your idmap 
config line is useless on a Samba 4.0.x AD DC.

Regards

Geza Gemes

More information about the samba-technical mailing list