samba4 domain problem

Gémes Géza geza at kzsdabas.hu
Sat Apr 20 15:14:19 MDT 2013 

2013-04-20 22:21 keltezéssel, Keresztes Péter-Zoltán írta:
> Hi,
>
> my resolve.conf look like this:
>
> search demo.local
> domain demo.local
> nameserver 10.0.0.1
> nameserver 8.8.8.8
>
> The IP of my samba box is 10.0.0.102 and the 10.0.0.1 is a wireless router.
> the config I have posted is generated by testparm therefore that configuration is added by the Testparm script in there, the real smb.conf look like this:
>
> [global]
> 	workgroup = DEMO
> 	realm = demo.local
> 	netbios name = DEM
> 	server role = active directory domain controller
> 	dns forwarder = 10.0.0.1
> 	nsupdate command = /usr/sbin/samba_dnsupdate
> 	server services = smb,dnsupdate,dns,winbind,kdc
>
> [netlogon]
> 	path = /var/lib/samba/sysvol/demo.local/scripts
> 	read only = No
>
> [sysvol]
> 	path = /var/lib/samba/sysvol
> 	read only = No
>
> Regards,
> Peter
> On 2013.04.20., at 23:16, Gémes Géza <geza at kzsdabas.hu> wrote:
>
>> Hi,
>>> Hi,
>>>
>>> As far as I understand if I use as a dns-backend SAMBA_INTERNAL or I don't mention about it it will use samba4's internal DNS server. If I run everything else like BIND9_DLZ or BIND9_FLATFILE option I need to use a bind on the same server as the samba4 dc would be running. For the moment I think the samba's internal stuff would be much simpler since for the moment I want to get used to it and it would not have any extra configuration files.
>>> Good taking in consideration that I am using google's public dns as a dns server what IP should I put in dns forwarders?
>>>
>>> if I start my samba with -i -M single -d2 option I get the following:
>>>
>>> # samba -i -M single -d2
>>> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
>>> samba version 4.0.5 started.
>>> Copyright Andrew Tridgell and the Samba Team 1992-2012
>>> samba: using 'single' process model
>>> dreplsrv_partition[CN=Configuration,DC=demo,DC=local] loaded
>>> dreplsrv_partition[CN=Schema,CN=Configuration,DC=demo,DC=local] loaded
>>> dreplsrv_partition[DC=demo,DC=local] loaded
>>> dreplsrv_partition[DC=DomainDnsZones,DC=demo,DC=local] loaded
>>> dreplsrv_partition[DC=ForestDnsZones,DC=demo,DC=local] loaded
>>> kccsrv_partition[DC=demo,DC=local] loaded
>>> kccsrv_partition[CN=Configuration,DC=demo,DC=local] loaded
>>> kccsrv_partition[CN=Schema,CN=Configuration,DC=demo,DC=local] loaded
>>> kccsrv_partition[DC=DomainDnsZones,DC=demo,DC=local] loaded
>>> kccsrv_partition[DC=ForestDnsZones,DC=demo,DC=local] loaded
>>> Loading new DNS update grant rules
>>> /usr/sbin/smbd: smbd version 4.0.5 started.
>>> /usr/sbin/smbd: Copyright Andrew Tridgell and the Samba Team 1992-2012
>>> /usr/sbin/smbd: standard input is not a socket, assuming -D option
>>> /usr/sbin/smbd: Unable to connect to CUPS server localhost:631 - Connection refused
>>> /usr/sbin/smbd: failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL
>>> /usr/sbin/samba_dnsupdate: Traceback (most recent call last):
>>> /usr/sbin/samba_dnsupdate:   File "/usr/sbin/samba_dnsupdate", line 506, in <module>
>>> /usr/sbin/samba_dnsupdate:     get_credentials(lp)
>>> /usr/sbin/samba_dnsupdate:   File "/usr/sbin/samba_dnsupdate", line 119, in get_credentials
>>> /usr/sbin/samba_dnsupdate:     creds.get_named_ccache(lp, ccachename)
>>> /usr/sbin/samba_dnsupdate: RuntimeError: kinit for DEM$@DEMO.LOCAL failed (Cannot contact any KDC for requested realm)
>>> /usr/sbin/samba_dnsupdate:
>>> ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_ACCESS_DENIED
>>>
>>> my smb.conf look like this:
>>> global]
>>> 	workgroup = DEMO
>>> 	realm = demo.local
>>> 	server role = active directory domain controller
>>> 	passdb backend = samba_dsdb
>>> 	dns forwarder = 10.0.0.1
>>> 	rpc_server:tcpip = no
>>> 	rpc_daemon:spoolssd = embedded
>>> 	rpc_server:spoolss = embedded
>>> 	rpc_server:winreg = embedded
>>> 	rpc_server:ntsvcs = embedded
>>> 	rpc_server:eventlog = embedded
>>> 	rpc_server:srvsvc = embedded
>>> 	rpc_server:svcctl = embedded
>>> 	rpc_server:default = external
>>> 	idmap config * : backend = tdb
>>> 	map archive = No
>>> 	map readonly = no
>>> 	store dos attributes = Yes
>>> 	vfs objects = dfs_samba4, acl_xattr
>>>
>>> [netlogon]
>>> 	path = /var/lib/samba/sysvol/demo.local/scripts
>>> 	read only = No
>>>
>>> [sysvol]
>>> 	path = /var/lib/samba/sysvol
>>> 	read only = No
>>>
>>> thanks for you help.
>>>
>>> Peter
>>>
>>>
>>>
>> It seems you are trying to forward dns queries to 10.0.0.1. Do you have another dns server listening at that address (btw. what is ip address of your samba box?) ? What does your resolv.conf look like? BTW your idmap config line is useless on a Samba 4.0.x AD DC.
>>
>> Regards
>>
>> Geza Gemes
You should put your samba servers ip in resolv.conf instead of your 
router and google, that way kerberos will start working, which it seems 
to be needed by dnsupdate.

Regards

Geza Gemes

More information about the samba-technical mailing list