[Samba] Fresh ADC: Failed DNS update - NT_STATUS_ACCESS_DENIED
Lars Hanke
debian at lhanke.de
Mon Jun 2 10:21:47 MDT 2014
I hopefully cleared all SAMBA files and set up a fresh ADC using:
samba-tool domain provision --use-rfc2307 --domain=UAC --realm=UAC.MGR
--server-role=dc --dns-backend=SAMBA_INTERNAL --targetdir=/srv/files
--adminpass="secret" --option="dns forwarder=172.16.6.11"
The provisioning seemed okay, i.e. nothing hints at any errors and I see
a DOMAIN SID as the final entry as well as a fresh smb.conf in
/srv/files/etc. When I start this setup the following happens:
root at samba:/# samba -i -M single -s /srv/files/etc/smb.conf
samba version 4.1.7-Debian started.
Copyright Andrew Tridgell and the Samba Team 1992-2013
samba: using 'single' process model
Attempting to autogenerate TLS self-signed keys for https for hostname
'SAMBA.uac.mgr'
TLS self-signed keys generated OK
/usr/sbin/samba_dnsupdate: Traceback (most recent call last):
/usr/sbin/samba_dnsupdate: File "/usr/sbin/samba_dnsupdate", line 510,
in <module>
/usr/sbin/samba_dnsupdate: get_credentials(lp)
/usr/sbin/samba_dnsupdate: File "/usr/sbin/samba_dnsupdate", line 123,
in get_credentials
/usr/sbin/samba_dnsupdate: raise e
/usr/sbin/samba_dnsupdate: RuntimeError: kinit for SAMBA$@UAC.MGR failed
(Cannot contact any KDC for requested realm)
/usr/sbin/samba_dnsupdate:
../source4/dsdb/dns/dns_update.c:294: Failed DNS update -
NT_STATUS_ACCESS_DENIED
^C
Shouldn't SAMBA be its own KDC? How to fix this?
Thanks for your help,
- lars.
More information about the samba
mailing list