[Samba] Fresh ADC: Failed DNS update - NT_STATUS_ACCESS_DENIED

Lars Hanke debian at lhanke.de
Mon Jun 2 10:21:47 MDT 2014

I hopefully cleared all SAMBA files and set up a fresh ADC using:

samba-tool domain provision --use-rfc2307 --domain=UAC --realm=UAC.MGR 
--server-role=dc --dns-backend=SAMBA_INTERNAL --targetdir=/srv/files 
--adminpass="secret" --option="dns forwarder="

The provisioning seemed okay, i.e. nothing hints at any errors and I see 
a DOMAIN SID as the final entry as well as a fresh smb.conf in 
/srv/files/etc. When I start this setup the following happens:

root at samba:/# samba -i -M single -s /srv/files/etc/smb.conf
samba version 4.1.7-Debian started.
Copyright Andrew Tridgell and the Samba Team 1992-2013
samba: using 'single' process model
Attempting to autogenerate TLS self-signed keys for https for hostname 
TLS self-signed keys generated OK
/usr/sbin/samba_dnsupdate: Traceback (most recent call last):
/usr/sbin/samba_dnsupdate:   File "/usr/sbin/samba_dnsupdate", line 510, 
in <module>
/usr/sbin/samba_dnsupdate:     get_credentials(lp)
/usr/sbin/samba_dnsupdate:   File "/usr/sbin/samba_dnsupdate", line 123, 
in get_credentials
/usr/sbin/samba_dnsupdate:     raise e
/usr/sbin/samba_dnsupdate: RuntimeError: kinit for SAMBA$@UAC.MGR failed 
(Cannot contact any KDC for requested realm)
../source4/dsdb/dns/dns_update.c:294: Failed DNS update - 

Shouldn't SAMBA be its own KDC? How to fix this?

Thanks for your help,
  - lars.

More information about the samba mailing list