[Samba] Server is not registered with our KDC

Thomas Zeitinger thomas.zeitinger at it2.at
Fri Nov 29 05:09:57 MST 2013 

Hi there,

I joined a samba 4.1.2 to a Windows 2003 SBS and have some replication
error.

After debugging I found this:

Server ldap/ADSRVS9 at DOMAIN.LOCAL is not registered with our KDC: 
Miscellaneous failure (see text): Server (ldap/ADSRVS9 at DOMAIN.LOCAL) unknown

when I try to check with

  samba-tool drs kcc -U administrator adsrvs9 -d10

"samba-tool drs showrepl" show that unidirectional replication works:

S9\ADSRVS9
DSA Options: 0x00000001
DSA object GUID: 24e16411-1766-4fd0-b715-9cb8ea781498
DSA invocationId: 3def48bd-bb09-4fb4-9ee5-d7c3812b3fe0

==== INBOUND NEIGHBORS ====

DC=ForestDnsZones,DC=domain,DC=local
        K26\SBSSRV via RPC
                DSA object GUID: ebc03070-b2fb-48da-9ea8-5a7c7579ec3f
                Last attempt @ Fri Nov 29 13:01:43 2013 CET was successful
                0 consecutive failure(s).
                Last success @ Fri Nov 29 13:01:43 2013 CET

DC=DomainDnsZones,DC=domain,DC=local
        K26\SBSSRV via RPC
                DSA object GUID: ebc03070-b2fb-48da-9ea8-5a7c7579ec3f
                Last attempt @ Fri Nov 29 13:01:43 2013 CET was successful
                0 consecutive failure(s).
                Last success @ Fri Nov 29 13:01:43 2013 CET

CN=Schema,CN=Configuration,DC=domain,DC=local
        K26\SBSSRV via RPC
                DSA object GUID: ebc03070-b2fb-48da-9ea8-5a7c7579ec3f
                Last attempt @ Fri Nov 29 13:01:44 2013 CET was successful
                0 consecutive failure(s).
                Last success @ Fri Nov 29 13:01:44 2013 CET

CN=Configuration,DC=domain,DC=local
        K26\SBSSRV via RPC
                DSA object GUID: ebc03070-b2fb-48da-9ea8-5a7c7579ec3f
                Last attempt @ Fri Nov 29 13:04:33 2013 CET was successful
                0 consecutive failure(s).
                Last success @ Fri Nov 29 13:04:33 2013 CET

DC=domain,DC=local
        K26\SBSSRV via RPC
                DSA object GUID: ebc03070-b2fb-48da-9ea8-5a7c7579ec3f
                Last attempt @ Fri Nov 29 13:05:56 2013 CET was successful
                0 consecutive failure(s).
                Last success @ Fri Nov 29 13:05:56 2013 CET

==== OUTBOUND NEIGHBORS ====

==== KCC CONNECTION OBJECTS ====

Connection --
        Connection name: ee5ef15c-0fd6-4c88-b0ac-5a8ee41e4c8d
        Enabled        : TRUE
        Server DNS name : sbssrv.domain.local
        Server DN name  : CN=NTDS
Settings,CN=SBSSRV,CN=Servers,CN=K26,CN=Sites,CN=Configuration,DC=domain,DC=local
                TransportType: RPC
                options: 0x00000001
Warning: No NC replicated for Connection!


Searching in LDAP:

root at adsrvs9:/usr/local# ldbsearch -H ldap://sbssrv -Uadministrator%xxx
|grep ldap
servicePrincipalName: ldap/sbssrv.domain.local/ForestDnsZones.domain.local
servicePrincipalName: ldap/sbssrv.domain.local/DomainDnsZones.domain.local
servicePrincipalName:
ldap/ebc03070-b2fb-48da-9ea8-5a7c7579ec3f._msdcs.domain
servicePrincipalName: ldap/sbssrv.domain.local/DOMAIN
servicePrincipalName: ldap/SBSSRV
servicePrincipalName: ldap/sbssrv.domain.local
servicePrincipalName: ldap/sbssrv.domain.local/domain.local
ref: ldap://ForestDnsZones.domain.local/DC=ForestDnsZones,DC=domain,DC=local
ref: ldap://DomainDnsZones.domain.local/DC=DomainDnsZones,DC=domain,DC=local
ref: ldap://domain.local/CN=Configuration,DC=domain,DC=local


Does someone know how to get the missing LDAP entries?

Thanks!
Tom

-- 
Thomas Zeitinger
Kundenbetreuung

IT-Quadrat   EDV Dienstleistungs- und Handels GmbH
Krongasse 8/2 A-1050 Wien
Tel: +43 (1) 311 44 00 - 10
Fax: +43 (1) 311 44 00 - 90
Thomas.Zeitinger at it2.at
www.it2.at

FN 287345t
UID ATU63123113

More information about the samba mailing list