[Samba] Samba 4.1.6 and 4.1.7 Kerberos problem on Debian Linux
L.P.H. van Belle
belle at bazuin.nl
Wed Apr 23 00:55:25 MDT 2014
Hai
Debian works fine with samba4.
if you want an easy setup look here.
https://secure.bazuin.nl/scripts/
for you problem check the following.
For a DC config,
Can you check whats in the /etc/nsswitch.conf
should be something like :
passwd: compat
group: compat
shadow: compat
hosts: files dns
make sure /etc/hosts looks like this.
127.0.0.1 localhost
192.168.1.1 server.domain.tld server
::1 ip6-localhost ip6-loopback
and the /etc/resolv.conf
search domain.tld
domain domain.tld
nameserver IP_AD_DC1
nameserver IP_AD_DC2
/etc/krb5.conf
[libdefaults]
dns_lookup_realm = false
dns_lookup_kdc = true
default_realm = DOMAIN.TLD
and do the checks here
http://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Testing_DNS
are you running samba DNS of BIND DNS ?
and any of these installed.
( dpkg --get-selections grep avahi )
avahi-autoipd
avahi-daemon
avahi-discover
avahi-dnsconfd
if so, remove them, check the configs above and reboot your server.
and try again.
Best regards,
Louis
>-----Oorspronkelijk bericht-----
>Van: rschauer at dualhelix.net
>[mailto:samba-bounces at lists.samba.org] Namens Rick Schauer
>Verzonden: maandag 21 april 2014 23:35
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] Samba 4.1.6 and 4.1.7 Kerberos problem on
>Debian Linux
>
>I am trying to setup an AD using a Linux server to get away
>from Windows Server 2008. So far I have tried the setup on
>both a Debian 7.4 64 bit machine, and a Raspberry Pi (Debian
>variant). I've tried both Samba stable versions 4.1.6 and
>4.1.7, and they both give me the same results.
>
>I followed the instructions to install the Samba 4 AD setup at
>https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO
>I also went through the OS requirements on the Samba4 wiki.
>
>Everything works great except the Kerberos test on the Samba4
>AD server. I get the following error (XXXXX is substituted
>here for my domain):
>
># kinit administrator at XXXXX.LOCAL<mailto:administrator at XXXXX.LOCAL>
>Kinit: Cannot contact any KDC for realm 'XXXXX.LOCAL' while
>getting initial credentials.
>
>All the other tests work fine, and there are no errors in the
>log files. I do get one for cups not getting a list of
>printers, but I don't have any setup yet.
>I want to get past this problem first. I have tried it on two
>separate machines running Debian. Same results.
>
>My Kerberos 5 version is 1.10.1 and my krb5.conf file looks like this:
>
>[libdefaults]
> default_realm = XXXXX.LOCAL
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
>The DNS and smbclient tests on the AD all return good results.
> I am using the Samba internal DNS. The Python version is
>2.7.4. The acl and attr are working on my file system. I can
>run nslookup and get valid results for the AD server and
>external DNS names (yahoo.com as an example).
>
>Could there a problem with the version of the krb5-user
>package from the Debian distribution library not working with
>Samba4? Or some other dependent package? Or have I done
>something wrong?
>
>Rick Schauer
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list