[Samba] Custom SAMBA4/OpenChage ZEG applicance
John Russell
jb.fresh at gmail.com
Fri Sep 14 13:54:23 MDT 2012
Changing direction yet again. I decided do some testing with the latest *SOGo
ZEG v2.0.0 rc5 appliance.*
Since this is supposed to be a turnkey package with SAMBA4, OpenChange and
SOGo all somewhat working together I figured i'd give it a shot.
Started up the appliance and try to join an XP client to the "EXAMPLE"
domain... FAILED: The error was: "DNS name does not exist." (error code
0x0000232B RCODE_NAME_ERROR)
Try to join an XP client to the "OPENCHANGE" domain... FAILED: The error
was: "Network path was not found". The DNS lookup partially worked but tail
/var/log/samba/log.samba showed:
RuntimeError: kinit for SOGO$@EXAMPLE.COM failed (Cannot contact any KDC
for requested realm)
Basically samba_dnsupdate fails with the following output.
Traceback (most recent call last):
File "/usr/sbin/samba_dnsupdate", line 485, in <module>
get_credentials(lp)
File "/usr/sbin/samba_dnsupdate", line 120, in get_credentials
creds.get_named_ccache(lp, ccachename)
RuntimeError: kinit for SOGO$@EXAMPLE.COM failed (Cannot contact any KDC
for requested realm)
This is the same problem found here
http://thread.gmane.org/gmane.comp.groupware.sogo.user/11358
At this point I know I have a KRB/KDC related issue and possibly DNS is not
running properly. kinit isnt installed and Bind9 isnt configured
with'--with-dlopen=yes'.
Here is the output of
/usr/sbin/named -V:
BIND 9.8.1-P1 built with '--prefix=/usr' '--mandir=/usr/share/man'
'--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var'
'--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared'
'--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr'
'--with-gnu-ld' '--with-geoip=/usr' '--enable-ipv6'
'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2'
'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro'
'CPPFLAGS=-D_FORTIFY_SOURCE=2'
using OpenSSL version: OpenSSL 1.0.1 14 Mar 2012
using libxml2 version: 2.7.8
>From here:
I installed krb5-user dpkg-dev libkrb5-dev libssl-dev libgeoip-dev
Recompiled bind9 with the '--with-dlopen=yes' option
Re-provisioned samba4 with domain EXAMPLE and realm EXAMPLE.COM
Added tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab"; to
/etc/bind/named.conf.options
Copied /var/lib/samba/private/krb5.conf to /etc/krb5.conf
Modified /etc/hosts so that "sogo.example.com sogo" uses interface
IP instead of loopback.
Restarted bind and samba
And still get the same error. Any ideas? Just trying to add a windows
client to the domain at this point. Thanks
On Tue, Apr 17, 2012 at 1:20 PM, John Russell <jb.fresh at gmail.com> wrote:
> Question following HowTo build your own OpenChange/SOGo appliance:
> I have been building my own SAMBA4/OpenChange appliance *MOSTLY*following the instructions at
> http://tracker.openchange.org/projects/openchange/wiki/HowTo_build_your_own_OpenChangeSOGo_appliance
> .
>
> I am using Ubuntu-Server 12.04 LTS (Precise Pangolin)
> precise-server-amd64.iso
> OpenChange from svn co -r 3923
> https://svn.openchange.org/openchange/branches/sogo
> SAMBA4 - Samba-4.0.0Alpha18
>
> At the step titled "Configure DNS service"
> # cd /etc/bind
> # mkdir samba
> # cp /usr/local/samba/private/named.* samba/
> # cp –rfi /usr/local/samba/private/dns samba/
>
> my named.* files are actually in "/usr/local/samba/share/setup/" (no big
> deal)
> logically I would assume my dns files would be in
> "/usr/local/samba/share/setup/dns" but no cookie :(
>
> Find reveals:
> find / -name "dns"
> /openchange/sogo/samba4/lib/dnspython/dns
> /openchange/sogo/samba4/libcli/dns
> /openchange/sogo/samba4/bin/default/libcli/dns
> /openchange/sogo/samba4/bin/default/source4/dsdb/dns
> /openchange/sogo/samba4/source4/selftest/provisions/alpha13/private/dns
> /openchange/sogo/samba4/source4/dsdb/dns
> /usr/share/pyshared/dns
> /usr/lib/python2.7/dist-packages/dns
> /usr/src/linux-headers-3.2.0-23-generic/include/config/ceph/lib/use/dns
> /usr/src/linux-headers-3.2.0-23-generic/include/config/dns
>
> Does anyone know the correct dns file or directory to copy to the bind
> directory?
>
> Thanks
>
--
"It's better to be boldly decisive and risk being wrong than to agonize at
length and be right too late."
Marilyn Moats Kennedy
More information about the samba
mailing list