samba4 domain problem

Keresztes Péter-Zoltán zozo at z0z0.tk
Sat Apr 20 14:21:43 MDT 2013 

Hi, 

my resolve.conf look like this: 

search demo.local
domain demo.local
nameserver 10.0.0.1
nameserver 8.8.8.8

The IP of my samba box is 10.0.0.102 and the 10.0.0.1 is a wireless router.
the config I have posted is generated by testparm therefore that configuration is added by the Testparm script in there, the real smb.conf look like this:

[global]
	workgroup = DEMO
	realm = demo.local
	netbios name = DEM
	server role = active directory domain controller
	dns forwarder = 10.0.0.1
	nsupdate command = /usr/sbin/samba_dnsupdate
	server services = smb,dnsupdate,dns,winbind,kdc

[netlogon]
	path = /var/lib/samba/sysvol/demo.local/scripts
	read only = No

[sysvol]
	path = /var/lib/samba/sysvol
	read only = No

Regards,
Peter
On 2013.04.20., at 23:16, Gémes Géza <geza at kzsdabas.hu> wrote:

> Hi,
>> Hi,
>> 
>> As far as I understand if I use as a dns-backend SAMBA_INTERNAL or I don't mention about it it will use samba4's internal DNS server. If I run everything else like BIND9_DLZ or BIND9_FLATFILE option I need to use a bind on the same server as the samba4 dc would be running. For the moment I think the samba's internal stuff would be much simpler since for the moment I want to get used to it and it would not have any extra configuration files.
>> Good taking in consideration that I am using google's public dns as a dns server what IP should I put in dns forwarders?
>> 
>> if I start my samba with -i -M single -d2 option I get the following:
>> 
>> # samba -i -M single -d2
>> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
>> samba version 4.0.5 started.
>> Copyright Andrew Tridgell and the Samba Team 1992-2012
>> samba: using 'single' process model
>> dreplsrv_partition[CN=Configuration,DC=demo,DC=local] loaded
>> dreplsrv_partition[CN=Schema,CN=Configuration,DC=demo,DC=local] loaded
>> dreplsrv_partition[DC=demo,DC=local] loaded
>> dreplsrv_partition[DC=DomainDnsZones,DC=demo,DC=local] loaded
>> dreplsrv_partition[DC=ForestDnsZones,DC=demo,DC=local] loaded
>> kccsrv_partition[DC=demo,DC=local] loaded
>> kccsrv_partition[CN=Configuration,DC=demo,DC=local] loaded
>> kccsrv_partition[CN=Schema,CN=Configuration,DC=demo,DC=local] loaded
>> kccsrv_partition[DC=DomainDnsZones,DC=demo,DC=local] loaded
>> kccsrv_partition[DC=ForestDnsZones,DC=demo,DC=local] loaded
>> Loading new DNS update grant rules
>> /usr/sbin/smbd: smbd version 4.0.5 started.
>> /usr/sbin/smbd: Copyright Andrew Tridgell and the Samba Team 1992-2012
>> /usr/sbin/smbd: standard input is not a socket, assuming -D option
>> /usr/sbin/smbd: Unable to connect to CUPS server localhost:631 - Connection refused
>> /usr/sbin/smbd: failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL
>> /usr/sbin/samba_dnsupdate: Traceback (most recent call last):
>> /usr/sbin/samba_dnsupdate:   File "/usr/sbin/samba_dnsupdate", line 506, in <module>
>> /usr/sbin/samba_dnsupdate:     get_credentials(lp)
>> /usr/sbin/samba_dnsupdate:   File "/usr/sbin/samba_dnsupdate", line 119, in get_credentials
>> /usr/sbin/samba_dnsupdate:     creds.get_named_ccache(lp, ccachename)
>> /usr/sbin/samba_dnsupdate: RuntimeError: kinit for DEM$@DEMO.LOCAL failed (Cannot contact any KDC for requested realm)
>> /usr/sbin/samba_dnsupdate:
>> ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_ACCESS_DENIED
>> 
>> my smb.conf look like this:
>> global]
>> 	workgroup = DEMO
>> 	realm = demo.local
>> 	server role = active directory domain controller
>> 	passdb backend = samba_dsdb
>> 	dns forwarder = 10.0.0.1
>> 	rpc_server:tcpip = no
>> 	rpc_daemon:spoolssd = embedded
>> 	rpc_server:spoolss = embedded
>> 	rpc_server:winreg = embedded
>> 	rpc_server:ntsvcs = embedded
>> 	rpc_server:eventlog = embedded
>> 	rpc_server:srvsvc = embedded
>> 	rpc_server:svcctl = embedded
>> 	rpc_server:default = external
>> 	idmap config * : backend = tdb
>> 	map archive = No
>> 	map readonly = no
>> 	store dos attributes = Yes
>> 	vfs objects = dfs_samba4, acl_xattr
>> 
>> [netlogon]
>> 	path = /var/lib/samba/sysvol/demo.local/scripts
>> 	read only = No
>> 
>> [sysvol]
>> 	path = /var/lib/samba/sysvol
>> 	read only = No
>> 
>> thanks for you help.
>> 
>> Peter
>> 
>> 
>> 
> It seems you are trying to forward dns queries to 10.0.0.1. Do you have another dns server listening at that address (btw. what is ip address of your samba box?) ? What does your resolv.conf look like? BTW your idmap config line is useless on a Samba 4.0.x AD DC.
> 
> Regards
> 
> Geza Gemes

More information about the samba-technical mailing list