[Samba] Samba 4.1.6 and 4.1.7 Kerberos problem on Debian Linux
Rowland Penny
rowlandpenny at googlemail.com
Wed Apr 23 02:20:32 MDT 2014
On 21/04/14 22:34, Rick Schauer wrote:
> I am trying to setup an AD using a Linux server to get away from Windows Server 2008. So far I have tried the setup on both a Debian 7.4 64 bit machine, and a Raspberry Pi (Debian variant). I've tried both Samba stable versions 4.1.6 and 4.1.7, and they both give me the same results.
>
> I followed the instructions to install the Samba 4 AD setup at https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO
> I also went through the OS requirements on the Samba4 wiki.
>
> Everything works great except the Kerberos test on the Samba4 AD server. I get the following error (XXXXX is substituted here for my domain):
>
> # kinit administrator at XXXXX.LOCAL<mailto:administrator at XXXXX.LOCAL>
> Kinit: Cannot contact any KDC for realm 'XXXXX.LOCAL' while getting initial credentials.
>
> All the other tests work fine, and there are no errors in the log files. I do get one for cups not getting a list of printers, but I don't have any setup yet.
> I want to get past this problem first. I have tried it on two separate machines running Debian. Same results.
>
> My Kerberos 5 version is 1.10.1 and my krb5.conf file looks like this:
>
> [libdefaults]
> default_realm = XXXXX.LOCAL
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
> The DNS and smbclient tests on the AD all return good results. I am using the Samba internal DNS. The Python version is 2.7.4. The acl and attr are working on my file system. I can run nslookup and get valid results for the AD server and external DNS names (yahoo.com as an example).
>
> Could there a problem with the version of the krb5-user package from the Debian distribution library not working with Samba4? Or some other dependent package? Or have I done something wrong?
>
> Rick Schauer
>
What have you got in /etc/resolv.conf ?
Rowland
More information about the samba
mailing list