samba-tool drs replicate

Andreas Schneider asn at samba.org
Thu Sep 8 13:53:31 UTC 2016 

Hello,

I have an issue with my MIT Kerberos branch right now. I need some help that I 
know where I need to look for the issue.

'samba-tool drs replicate' tries to get a service ticket for 'ldap/
PROMOTEDVDC at SAMBA.EXMAPLE.COM' but the KDC can't find an entry.

LOCALDC KDC log:

krb5kdc[17250](info): TGS_REQ (9 etypes {18 17 16 23 25 26 1 3 2}) 127.0.0.33: 
LOOKING_UP_SERVER: authtime 0,  Administrator at SAMBA.EXAMPLE.COM for ldap/
PROMOTEDVDC at SAMBA.EXAMPLE.COM, Server not found in Kerberos database


I've checked the samdb and I see

sAMAccountName: PROMOTEDVDC$
...
servicePrincipalName: HOST/PROMOTEDVDC
servicePrincipalName: HOST/promotedvdc.samba.example.com
servicePrincipalName: GC/promotedvdc.samba.example.com/samba.example.com
servicePrincipalName: E3514235-4B06-11D1-AB04-00C04FC2DCD2/ebfaf72a-a933-4817-
 84c3-686510760875/samba.example.com



sAMAccountName: LOCALDC$
...
servicePrincipalName: HOST/localdc.samba.example.com
servicePrincipalName: HOST/localdc.samba.example.com/SAMBADOMAIN
servicePrincipalName: ldap/localdc.samba.example.com/SAMBADOMAIN
servicePrincipalName: GC/localdc.samba.example.com/samba.example.com
servicePrincipalName: ldap/localdc.samba.example.com
servicePrincipalName: HOST/localdc.samba.example.com/samba.example.com
servicePrincipalName: ldap/localdc.samba.example.com/samba.example.com
servicePrincipalName: HOST/LOCALDC
servicePrincipalName: E3514235-4B06-11D1-AB04-00C04FC2DCD2/d9a939bb-268c-4050-
 bc39-c843feb7edc9/samba.example.com
servicePrincipalName: ldap/d9a939bb-268c-4050-bc39-c843feb7edc9._msdcs.samba.e
 xample.com
servicePrincipalName: ldap/LOCALDC
servicePrincipalName: RestrictedKrbHost/LOCALDC
servicePrincipalName: RestrictedKrbHost/localdc.samba.example.com
servicePrincipalName: ldap/localdc.samba.example.com/DomainDnsZones.samba.exam
 ple.com
servicePrincipalName: ldap/localdc.samba.example.com/ForestDnsZones.samba.exam
 ple.com


There is no servicePrincipalName for the ldap/PROMOTEDVDC. What creates this 
entry and why isn't it created?

Any ideas?


Cheers,


	-- andreas

-- 
Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at samba.org
www.samba.org

More information about the samba-technical mailing list