[Samba] Samba4 in FreeBSD 9 i386 for Domain controller not working. Samba version 4.1.0 pre1-GIT cf15406
Rowland Penny
rpenny at f2s.com
Mon Nov 19 09:33:24 MST 2012
On 19/11/12 02:50, Pccom Frank wrote:
> Thank you Andrew!
> You are right. Let FreeBSD start its own Kerberos does not make sense since
> Samba4 has its own Kerberos.
> I can not get Samba4's Kerberos working.
> The following is the message I run Samba4.
>
> I am using the Samba4's internal DNS.
> I copied krb5.conf from /usr/local/samba/private to /etc after I run
> samba-tool domain provision.
>
>
>
> root at f10:/usr/local/samba/sbin # ./samba -i -M single
> samba version 4.1.0pre1-GIT-e6a100e started.
> Copyright Andrew Tridgell and the Samba Team 1992-2012
> samba: using 'single' process model
> /usr/local/samba/sbin/samba_dnsupdate: Traceback (most recent call last):
> /usr/local/samba/sbin/samba_dnsupdate: File
> "/usr/local/samba/sbin/samba_dnsupdate", line 507, in <module>
> /usr/local/samba/sbin/samba_dnsupdate: get_credentials(lp)
> /usr/local/samba/sbin/samba_dnsupdate: File
> "/usr/local/samba/sbin/samba_dnsupdate", line 121, in get_credentials
> /usr/local/samba/sbin/samba_dnsupdate: creds.get_named_ccache(lp,
> ccachename)
> /usr/local/samba/sbin/samba_dnsupdate: RuntimeError: kinit for F10$@
> F10.PCCOM.CA failed (Cannot contact any KDC for requested realm)
> /usr/local/samba/sbin/samba_dnsupdate:
> ../source4/dsdb/dns/dns_update.c:294: Failed DNS update -
> NT_STATUS_ACCESS_DENIED
>
>
>
> root at f10:/usr/local/samba/sbin # uname -a
> FreeBSD f10 10.0-CURRENT FreeBSD 10.0-CURRENT #0: Sat Oct 6 04:49:30 UTC
> 2012 root at build-i386-fbsd-2.allbsd.org:/usr/obj/i386.i386/usr/src/sys/GENERIC
> i386
>
>
> root at f10:/usr/local/samba/sbin # cat /etc/resolv.conf
> domain f10.pcccom.ca
> nameserver 192.168.1.1
>
> root at f10:/usr/local/samba/sbin # nslookup samba.org
> Server: 192.168.1.1
> Address: 192.168.1.1#53
>
> Non-authoritative answer:
> Name: samba.org
> Address: 216.83.154.106
>
> It looks the DNS server has no problem.
>
> Please help me out!
>
> On Sun, Nov 18, 2012 at 6:38 PM, Andrew Bartlett <abartlet at samba.org> wrote:
>
>> On Fri, 2012-11-16 at 16:42 -0500, Pccom Frank wrote:
>>> Hi, Samab gurus!
>>>
>>> I tried to make Samba4 work on FreeBSD 9.1 i386 but failed to join an XP
>>> computer to the domain.
>>>
>>> What I did is:
>>>
>>> 1, git clone git://git.samba.org/samba.git samba-master
>>>
>>> 2, cd /usr/local/samba-master
>>> 3, ./configure --enable-debug --enable-selftest && make && make install
>>> 4, /usr/local/samba/sbin/samba-tool domain provision
>>> --realm=xyz.pccom.ca--domain=dcxyz --adminpass='123456'
>>> --server-role=dc
>>> 5, cp /usr/local/samba/private/krb.conf /etc
>> What suggested that you should do this?
>>
>>> 6, echo 'kerberos5_server_enable="YES"' >> /etc/rc.conf
>>> 7, echo 'kadmind5_server_enable="YES"' >> /etc/rc.conf
>> This step is not included in any official Samba HOWTO.
>>
>>> 8, echo 'domain xyz.pccom.ca' >> /etc/resolv.conf
>>> the dns server keep the same as before.
>>> 9, /usr/local/samba/bin/samba -i -M single
>>>
>>> I found
>>>
>>> "Failed to bind to 192.168.1.248 UDP_NT_ADDRESS_ALREADY_ASSOCIATED"
>> Our KDC cannot start because you enabled a different KDC and it is
>> listening on port 88 already.
>>
>> Andrew Bartlett
>>
>> --
>> Andrew Bartlett http://samba.org/~abartlet/
>> Authentication Developer, Samba Team http://samba.org
>>
>>
>>
Hello, is the ipaddress of the samba 4 server 192.168.1.1 ? because
earlier you had a problem connecting to the KDC on 192.168.1.248
If 192.168.1.1 is a different machine, then alter the nameserver line in
/etc/resolv.conf to point to either your samba4 servers ipaddress or
127.0.0.1
Rowland
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the samba
mailing list