[Samba] [SOLVED] Fresh ADC: Failed DNS update - NT_STATUS_ACCESS_DENIED

Lars Hanke debian at lhanke.de
Wed Jun 4 03:17:51 MDT 2014 

Thanks Joe,

this did the trick for me too.

Kind regards,
  - lars.

Am 03.06.2014 20:50, schrieb Joe Zacky:
>
> On 6/2/2014 9:21 AM, Lars Hanke wrote:
>> I hopefully cleared all SAMBA files and set up a fresh ADC using:
>>
>> samba-tool domain provision --use-rfc2307 --domain=UAC --realm=UAC.MGR
>> --server-role=dc --dns-backend=SAMBA_INTERNAL --targetdir=/srv/files
>> --adminpass="secret" --option="dns forwarder=172.16.6.11"
>>
>> The provisioning seemed okay, i.e. nothing hints at any errors and I
>> see a DOMAIN SID as the final entry as well as a fresh smb.conf in
>> /srv/files/etc. When I start this setup the following happens:
>>
>> root at samba:/# samba -i -M single -s /srv/files/etc/smb.conf
>> samba version 4.1.7-Debian started.
>> Copyright Andrew Tridgell and the Samba Team 1992-2013
>> samba: using 'single' process model
>> Attempting to autogenerate TLS self-signed keys for https for hostname
>> 'SAMBA.uac.mgr'
>> TLS self-signed keys generated OK
>> /usr/sbin/samba_dnsupdate: Traceback (most recent call last):
>> /usr/sbin/samba_dnsupdate:   File "/usr/sbin/samba_dnsupdate", line
>> 510, in <module>
>> /usr/sbin/samba_dnsupdate:     get_credentials(lp)
>> /usr/sbin/samba_dnsupdate:   File "/usr/sbin/samba_dnsupdate", line
>> 123, in get_credentials
>> /usr/sbin/samba_dnsupdate:     raise e
>> /usr/sbin/samba_dnsupdate: RuntimeError: kinit for SAMBA$@UAC.MGR
>> failed (Cannot contact any KDC for requested realm)
>> /usr/sbin/samba_dnsupdate:
>> ../source4/dsdb/dns/dns_update.c:294: Failed DNS update -
>> NT_STATUS_ACCESS_DENIED
>> ^C
>>
>> Shouldn't SAMBA be its own KDC? How to fix this?
>>
>> Thanks for your help,
>>  - lars.
>>
> I had the same error on a fresh install.
>
> root at addc1:~# samba -i -M single
> samba version 4.1.6-Ubuntu started.
> Copyright Andrew Tridgell and the Samba Team 1992-2013
> samba: using 'single' process model
> /usr/sbin/samba_dnsupdate: Traceback (most recent call last):
> /usr/sbin/samba_dnsupdate:   File "/usr/sbin/samba_dnsupdate", line 510,
> in <module>
> /usr/sbin/samba_dnsupdate:     get_credentials(lp)
> /usr/sbin/samba_dnsupdate:   File "/usr/sbin/samba_dnsupdate", line 123,
> in get_credentials
> /usr/sbin/samba_dnsupdate:     raise e
> /usr/sbin/samba_dnsupdate: RuntimeError: kinit for ADDC1$@LAN.ZACKY.COM
> failed (Cannot contact any KDC for requested realm)
> /usr/sbin/samba_dnsupdate:
> ../source4/dsdb/dns/dns_update.c:294: Failed DNS update -
> NT_STATUS_ACCESS_DENIED
>
> The fix for me was to update /etc/resolv.conf and replace the dns
> forwarder address with the address of the local AD server (this computer).
>
> # cat /etc/resolv.conf
> nameserver 10.100.15.26
> domain lan.zacky.com
>
> Joe

More information about the samba mailing list