[Samba] Samba 4.0.3 join a ads AS dc
Daniel Müller
mueller at tropenklinik.de
Tue Mar 12 03:04:53 MDT 2013
Dear all,
I do a lot of testing with samba4 at this time. Set up a samba 4 server on centos 6.3 working just fine.
Now tried to join a second samba4 to the existing domain by : samba-tool domain join tplechler DC -Uadministrator --realm=tplechler.kkh --dns-backend=BIND9_DLZ
This worked without any errors.
But samba_dnsupdate --verbose --all-names ends up with errors:
dns_tkey_negotiategss: TKEY is unacceptable
Failed nsupdate: 1
Failed update of 20 entries
The dns-keytab file was generated on domain joining!?
samba-tool drs showrepl is ok:
Default-First-Site-Name\SAMBA4
DSA Options: 0x00000001
DSA object GUID: 9ed1322c-6044-4e17-b109-ce2809a52487
DSA invocationId: c2a9094f-afa6-4904-a5d3-b341be2b919d
==== INBOUND NEIGHBORS ====
CN=Schema,CN=Configuration,DC=tplechler,DC=kkh
Default-First-Site-Name\LINUX2 via RPC
DSA object GUID: a6f6ec2d-5b27-4dff-a2fc-581488411b99
Last attempt @ Tue Mar 12 10:02:29 2013 CET was successful
0 consecutive failure(s).
Last success @ Tue Mar 12 10:02:29 2013 CET
DC=ForestDnsZones,DC=tplechler,DC=kkh
Default-First-Site-Name\LINUX2 via RPC
DSA object GUID: a6f6ec2d-5b27-4dff-a2fc-581488411b99
Last attempt @ Tue Mar 12 10:02:29 2013 CET was successful
0 consecutive failure(s).
Last success @ Tue Mar 12 10:02:29 2013 CET
DC=tplechler,DC=kkh
Default-First-Site-Name\LINUX2 via RPC
DSA object GUID: a6f6ec2d-5b27-4dff-a2fc-581488411b99
Last attempt @ Tue Mar 12 10:02:29 2013 CET was successful
0 consecutive failure(s).
Last success @ Tue Mar 12 10:02:29 2013 CET
CN=Configuration,DC=tplechler,DC=kkh
Default-First-Site-Name\LINUX2 via RPC
DSA object GUID: a6f6ec2d-5b27-4dff-a2fc-581488411b99
Last attempt @ Tue Mar 12 10:02:29 2013 CET was successful
0 consecutive failure(s).
Last success @ Tue Mar 12 10:02:29 2013 CET
DC=DomainDnsZones,DC=tplechler,DC=kkh
Default-First-Site-Name\LINUX2 via RPC
DSA object GUID: a6f6ec2d-5b27-4dff-a2fc-581488411b99
Last attempt @ Tue Mar 12 10:02:29 2013 CET was successful
0 consecutive failure(s).
Last success @ Tue Mar 12 10:02:29 2013 CET
==== OUTBOUND NEIGHBORS ====
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: 7dcfeeaa-a228-4275-bce6-bba8f787a350
Enabled : TRUE
Server DNS name : linux2.tplechler.kkh
Server DN name : CN=NTDS Settings,CN=LINUX2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tplechler,DC=kkh
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
-----------------------------------------------
EDV Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------
-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im Auftrag von Andrew Bartlett
Gesendet: Montag, 11. März 2013 23:34
An: d tbsky
Cc: samba at lists.samba.org
Betreff: Re: [Samba] samba4 AD DC as file server?
On Tue, 2013-03-12 at 01:30 +0800, d tbsky wrote:
> hi:
> I want to setup a small samba4 server with AD and file server function.
> I know that samba4 AD DC has no netbios browsing support. are there
> other missing functions, like winbindd or something else?
The next release will include this patch, which avoids mistakenly creating world-writeable files in additional file shares.
> and if I install two samba4 instance, one to "/usr/local/samba"(for
> file server), one to "/usr/local/samba-ad"(for AD DC). and give them
> two seprate ip to bind. will it work better?
No, it would need to be a different virtual machine (you can only have one winbind per machine, and the different winbind is most important difference between the operating modes).
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba
mailing list