samba_dnsupdate --verbose - RuntimeError: kinit failed
MG
gam1 at mrg7.com
Tue Sep 17 15:53:41 CEST 2013
Please help:
ubuntu 13.04
samba 4.0.9
root at obelix:/etc# cat krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = HLWSP.HLWSPITTAL.AT
dns_lookup_realm = false
dns_lookup_kdc = true
root at obelix:/usr/local/samba/private# ls -alF
insgesamt 11236
drwxr-xr-x 7 root root 4096 Sep 17 15:47 ./
drwxr-xr-x 10 root root 4096 Sep 17 14:21 ../
drwxrwxr-x 3 root bind 4096 Sep 17 14:27 dns/
-rw-r----- 1 root bind 867 Sep 17 14:27 dns.keytab
-rw-r--r-- 1 root root 2270 Sep 17 14:26 dns_update_list
-rw------- 1 root root 1286144 Sep 17 14:26 hklm.ldb
-rw------- 1 root root 1609728 Sep 17 15:21 idmap.ldb
-rw-r--r-- 1 root root 100 Sep 17 14:26 krb5.conf
srwxrwxrwx 1 root root 0 Sep 17 15:37 ldapi=
drwxr-x--- 2 root root 4096 Sep 17 15:37 ldap_priv/
-rw-r--r-- 1 root root 555 Sep 17 14:32 named.conf
-r--r--r-- 1 root root 438 Sep 17 14:33 named.conf.update
-rw-r--r-- 1 root root 2212 Sep 17 14:27 named.txt
-rw------- 1 root root 1286144 Sep 17 14:46 privilege.ldb
-rw------- 1 root root 696 Sep 17 14:33 randseed.tdb
-rw------- 1 root root 4251648 Sep 17 14:27 sam.ldb
drwxr-x--- 2 root bind 4096 Sep 17 14:27 sam.ldb.d/
-rw------- 1 root root 696 Sep 17 15:37 schannel_store.tdb
-rw------- 1 root root 1247 Sep 17 14:27 secrets.keytab
-rw------- 1 root root 1286144 Sep 17 14:27 secrets.ldb
-rw------- 1 root root 430080 Sep 17 15:37 secrets.tdb
-rw------- 1 root root 1286144 Sep 17 14:26 share.ldb
drwxr-xr-x 3 root root 4096 Sep 17 14:33 smbd.tmp/
-rw-r--r-- 1 root root 955 Sep 17 14:26 spn_update_list
drwxr-xr-x 2 root root 4096 Sep 17 14:26 tls/
root at obelix:/usr/local/samba/private# cat /etc/hosts
127.0.0.1 localhost
127.0.1.1 obelix
root at obelix:/etc/bind# cat named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
include "/etc/bind/rndc.key";
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
};
zone "hlw.hlwspittal.at" {
type master;
file "/var/cache/bind/hlw.hlwspittal.at.hosts";
allow-query {
127.0.0.1;
192.168.0.0/16;
10.8.0.0/16;
};
allow-transfer {
192.168.1.2;
192.168.1.3;
192.168.1.4;
192.168.1.5;
};
allow-update {
192.168.0.0/16;
127.0.0.1;
10.8.0.0/16;
};
notify yes;
};
zone "hlw.local" {
type master;
file "/var/cache/bind/hlw.local.hosts";
allow-query {
127.0.0.1;
192.168.0.0/16;
10.8.0.0/16;
};
allow-transfer {
192.168.1.2;
192.168.1.3;
192.168.1.4;
192.168.1.5;
};
allow-update {
192.168.0.0/16;
127.0.0.1;
10.8.0.0/16;
};
notify yes;
};
zone "hlwtest.local" {
type master;
file "/var/cache/bind/hlwtest.local.hosts";
allow-query {
127.0.0.1;
192.168.0.0/16;
10.8.0.0/16;
};
allow-transfer {
192.168.1.2;
192.168.1.3;
192.168.1.4;
192.168.1.5;
};
allow-update {
192.168.0.0/16;
127.0.0.1;
10.8.0.0/16;
};
notify yes;
};
zone "HLW" {
type master;
file "/var/cache/bind/HLW.hosts";
allow-query {
127.0.0.1;
192.168.0.0/16;
10.8.0.0/16;
};
allow-transfer {
192.168.1.2;
192.168.1.3;
192.168.1.4;
192.168.1.5;
};
allow-update {
192.168.0.0/16;
127.0.0.1;
10.8.0.0/16;
};
notify yes;
};
zone "hlwspittal.at" {
type master;
file "/var/cache/bind/hlwspittal.at.hosts";
allow-query {
localnets;
127.0.0.1;
192.168.0.0/16;
10.8.0.0/16;
};
allow-transfer {
192.168.1.2;
192.168.1.4;
192.168.1.5;
192.168.1.3;
};
allow-update {
any;
192.168.0.0/16;
};
notify yes;
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/var/cache/bind/192.168.1.rev";
allow-transfer {
192.168.1.2;
192.168.1.3;
192.168.1.4;
192.168.1.5;
};
allow-query {
localnets;
127.0.0.1;
192.168.0.0/16;
10.8.0.0/16;
};
allow-update {
any;
192.168.0.0/16;
127.0.0.1;
};
};
zone "3.168.192.in-addr.arpa" {
type master;
file "/var/cache/bind/192.168.3.rev";
allow-transfer {
192.168.1.2;
192.168.1.3;
192.168.1.4;
192.168.1.5;
};
allow-query {
localnets;
127.0.0.1;
192.168.0.0/16;
10.8.0.0/16;
};
allow-update {
127.0.0.1;
any;
192.168.0.0/16;
};
};
zone "4.168.192.in-addr.arpa" {
type master;
file "/var/cache/bind/192.168.4.rev";
allow-transfer {
192.168.1.2;
192.168.1.3;
192.168.1.4;
192.168.1.5;
};
allow-query {
localnets;
127.0.0.1;
192.168.0.0/16;
10.8.0.0/16;
};
allow-update {
127.0.0.1;
any;
192.168.0.0/16;
};
};
zone "168.192.in-addr.arpa" {
type master;
file "/var/cache/bind/192.168.rev";
allow-transfer {
192.168.1.2;
192.168.1.3;
192.168.1.4;
192.168.1.5;
};
allow-query {
localnets;
127.0.0.1;
192.168.0.0/16;
10.8.0.0/16;
};
allow-update {
any;
127.0.0.1;
192.168.0.0/16;
};
};
root at obelix:/etc/bind# cat named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
forwarders {
192.168.1.4;
8.8.8.8;
};
allow-query {
localnets;
127.0.0.1;
127.0.1.1;
192.168.0.0/16;
};
allow-transfer {
192.168.1.4;
192.168.1.5;
192.168.1.3;
192.168.1.0/24;
127.0.1.1;
127.0.0.1;
};
allow-update {
192.168.1.19;
192.168.1.18;
127.0.0.1;
127.0.1.1;
192.168.0.0/16;
};
};
root at obelix:/etc/bind# kinit administrator
Password for administrator at HLWSP.HLWSPITTAL.AT:
Warning: Your password will expire in 332 days on Fri Aug 15 16:03:43 2014
root at obelix:/etc/bind# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator at HLWSP.HLWSPITTAL.AT
Valid starting Expires Service principal
2013-09-17 15:50:31 2013-09-18 01:50:31 krbtgt/
HLWSP.HLWSPITTAL.AT at HLWSP.HLWSPITTAL.AT
renew until 2013-09-18 15:50:25
root at obelix:/etc/bind# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 Sep16 ? 00:00:00 /sbin/init
root 2 0 0 Sep16 ? 00:00:00 [kthreadd]
root 3 2 0 Sep16 ? 00:00:14 [ksoftirqd/0]
root 5 2 0 Sep16 ? 00:00:00 [kworker/0:0H]
root 7 2 0 Sep16 ? 00:00:00 [kworker/u:0H]
root 8 2 0 Sep16 ? 00:00:00 [migration/0]
root 9 2 0 Sep16 ? 00:00:00 [rcu_bh]
root 10 2 0 Sep16 ? 00:00:26 [rcu_sched]
root 11 2 0 Sep16 ? 00:00:00 [watchdog/0]
root 12 2 0 Sep16 ? 00:00:00 [cpuset]
root 13 2 0 Sep16 ? 00:00:00 [khelper]
root 14 2 0 Sep16 ? 00:00:00 [kdevtmpfs]
root 15 2 0 Sep16 ? 00:00:00 [netns]
root 16 2 0 Sep16 ? 00:00:00 [bdi-default]
root 17 2 0 Sep16 ? 00:00:00 [kintegrityd]
root 18 2 0 Sep16 ? 00:00:00 [kblockd]
root 19 2 0 Sep16 ? 00:00:00 [ata_sff]
root 20 2 0 Sep16 ? 00:00:00 [khubd]
root 21 2 0 Sep16 ? 00:00:00 [md]
root 22 2 0 Sep16 ? 00:00:00 [devfreq_wq]
root 23 2 0 Sep16 ? 00:00:00 [kworker/0:1]
root 24 2 0 Sep16 ? 00:00:00 [khungtaskd]
root 25 2 0 Sep16 ? 00:00:01 [kswapd0]
root 26 2 0 Sep16 ? 00:00:00 [ksmd]
root 27 2 0 Sep16 ? 00:00:00 [khugepaged]
root 28 2 0 Sep16 ? 00:00:00 [fsnotify_mark]
root 29 2 0 Sep16 ? 00:00:00 [ecryptfs-kthrea]
root 30 2 0 Sep16 ? 00:00:00 [crypto]
root 41 2 0 Sep16 ? 00:00:00 [kthrotld]
root 43 2 0 Sep16 ? 00:00:00 [scsi_eh_0]
root 44 2 0 Sep16 ? 00:00:00 [scsi_eh_1]
root 46 2 0 Sep16 ? 00:00:00 [binder]
root 47 2 0 Sep16 ? 00:00:00 [kworker/u:3]
root 66 2 0 Sep16 ? 00:00:00 [deferwq]
root 67 2 0 Sep16 ? 00:00:00 [charger_manager]
root 68 2 0 Sep16 ? 00:00:00 [kworker/u:4]
root 193 2 0 Sep16 ? 00:00:22 [kworker/0:2]
root 201 2 0 Sep16 ? 00:01:35 [jbd2/sda1-8]
root 202 2 0 Sep16 ? 00:00:00 [ext4-dio-unwrit]
root 282 2 0 Sep16 ? 00:00:56 [kworker/0:1H]
root 289 1 0 Sep16 ? 00:00:00 upstart-file-bridge --daemon
root 316 1 0 Sep16 ? 00:00:00 upstart-udev-bridge --daemon
root 318 1 0 Sep16 ? 00:00:00 /sbin/udevd --daemon
102 392 1 0 Sep16 ? 00:00:00 dbus-daemon --system --fork
syslog 397 1 0 Sep16 ? 00:00:05 rsyslogd -c5
root 441 318 0 Sep16 ? 00:00:00 /sbin/udevd --daemon
root 442 318 0 Sep16 ? 00:00:00 /sbin/udevd --daemon
root 464 2 0 Sep16 ? 00:00:00 [kpsmoused]
root 600 1 0 Sep16 ? 00:00:00 upstart-socket-bridge
--daemon
root 851 1 0 Sep16 ? 00:00:00 /usr/sbin/sshd -D
root 937 1 0 Sep16 tty4 00:00:00 /sbin/getty -8 38400 tty4
root 944 1 0 Sep16 tty5 00:00:00 /sbin/getty -8 38400 tty5
root 956 1 0 Sep16 tty2 00:00:00 /sbin/getty -8 38400 tty2
root 957 1 0 Sep16 tty3 00:00:00 /sbin/getty -8 38400 tty3
root 962 1 0 Sep16 tty6 00:00:00 /sbin/getty -8 38400 tty6
root 978 1 0 Sep16 ? 00:00:00 acpid -c /etc/acpi/events
-s /var/run/acpid.socket
root 983 1 0 Sep16 ? 00:00:00 cron
daemon 984 1 0 Sep16 ? 00:00:00 atd
dhcpd 985 1 0 Sep16 ? 00:00:05 dhcpd -user dhcpd -group
dhcpd -f -q -4 -pf /run/dhcp-server/dhcpd.pid -
whoopsie 999 1 0 Sep16 ? 00:00:00 whoopsie
root 1024 1 0 Sep16 ? 00:00:02 /usr/sbin/gpm -m
/dev/input/mice -t exps2
root 1094 2 0 Sep16 ? 00:00:03 [flush-8:0]
root 1130 2 0 Sep16 ? 00:00:00 [kauditd]
root 1131 1 0 Sep16 ? 00:00:01 /usr/bin/perl
/usr/share/webmin/miniserv.pl /etc/webmin/miniserv.conf
root 1135 1 0 Sep16 tty1 00:00:00 /sbin/getty -8 38400 tty1
ntp 1362 1 0 Sep16 ? 00:00:06 /usr/sbin/ntpd -p
/var/run/ntpd.pid -g -c /var/lib/ntp/ntp.conf.dhcp -u
root 2061 851 0 12:33 ? 00:00:01 sshd: root at pts/2
root 2226 2061 0 12:33 pts/2 00:00:00 -bash
root 7663 1 0 10:18 ? 00:00:00
/usr/sbin/console-kit-daemon --no-daemon
root 7732 1 0 10:18 ? 00:00:00
/usr/lib/policykit-1/polkitd --no-debug
bind 23303 1 0 14:33 ? 00:00:39 /usr/sbin/named -u bind
root 28065 1 0 15:37 ? 00:00:00 /usr/local/samba/sbin/samba
-D
root 28066 28065 0 15:37 ? 00:00:00 /usr/local/samba/sbin/samba
-D
root 28067 28065 0 15:37 ? 00:00:01 /usr/local/samba/sbin/samba
-D
root 28068 28065 0 15:37 ? 00:00:00 /usr/local/samba/sbin/samba
-D
root 28069 28065 0 15:37 ? 00:00:00 /usr/local/samba/sbin/samba
-D
root 28070 28065 0 15:37 ? 00:00:00 /usr/local/samba/sbin/samba
-D
root 28071 28065 0 15:37 ? 00:00:00 /usr/local/samba/sbin/samba
-D
root 28072 28066 0 15:37 ? 00:00:00 /usr/local/samba/sbin/smbd
--option=server role check:inhibit=yes --fore
root 28073 28065 0 15:37 ? 00:00:00 /usr/local/samba/sbin/samba
-D
root 28074 28065 0 15:37 ? 00:00:06 /usr/local/samba/sbin/samba
-D
root 28075 28065 0 15:37 ? 00:00:00 /usr/local/samba/sbin/samba
-D
root 28076 28065 0 15:37 ? 00:00:00 /usr/local/samba/sbin/samba
-D
root 28077 28065 0 15:37 ? 00:00:00 /usr/local/samba/sbin/samba
-D
root 28078 28065 0 15:37 ? 00:00:00 /usr/local/samba/sbin/samba
-D
root 28085 28072 0 15:37 ? 00:00:00 /usr/local/samba/sbin/smbd
--option=server role check:inhibit=yes --fore
root 29033 2226 0 15:51 pts/2 00:00:00 ps -ef
root at obelix:/etc/bind# netstat -tulpn |grep :53
tcp 0 0 192.168.1.2:53 0.0.0.0:*
LISTEN 23303/named
tcp 0 0 127.0.0.1:53 0.0.0.0:*
LISTEN 23303/named
tcp6 0 0 :::53 :::*
LISTEN 23303/named
udp 0 0 192.168.1.2:53 0.0.0.0:*
23303/named
udp 0 0 127.0.0.1:53 0.0.0.0:*
23303/named
udp6 0 0 :::53
:::* 23303/named
Please give me a hint?
Michael
More information about the samba-technical
mailing list