[Samba] Ubuntu DC dns update failure

steve steve at steve-ss.com
Thu Jun 5 12:38:03 MDT 2014 

Hi
Lubuntu 14.04 with bind9 and the samba 4.1.8 tarball
All seems well. However, 2 errors:

1. upon starting samba:
samba: setproctitle not initialized, please either call
setproctitle_init() or link against libbsd-ctor.

2. samba_dnsupdate
- error from samba:
../source4/dsdb/dns/dns_update.c:294: Failed DNS update -
NT_STATUS_IO_TIMEOUT

- error whilst running samba_dnsupdate:
Looking for DNS entry SRV
_gc._tcp.default-first-site-name._sites.altea.site palmera.altea.site
3268 as _gc._tcp.default-first-site-name._sites.altea.site.
Checking 0 100 3268 palmera.altea.site. against SRV
_gc._tcp.default-first-site-name._sites.altea.site palmera.altea.site
3268
Traceback (most recent call last):
  File "/usr/local/samba/sbin/samba_dnsupdate", line 510, in <module>
    get_credentials(lp)
  File "/usr/local/samba/sbin/samba_dnsupdate", line 123, in
get_credentials
    raise e
RuntimeError: kinit for PALMERA$@ALTEA.SITE failed (Cannot contact any
KDC for requested realm)

/etc/hosts
127.0.0.1 localhost
192.168.1.132 palmera.altea.site palmera

/etc/resolv.conf
nameserver 192.168.1.132
search altea.site

/etc/hostname
palmera.altea.site

 /etc/krb5.conf
[libdefaults]
	default_realm = ALTEA.SITE
	dns_lookup_realm = false
	dns_lookup_kdc = true
[realms]
  ALTEA.SITE = {
  kdc = palmera.altea.site:88
 }

apparmor is not running


hostname -d -s and -d all return correctly
bind 9 loads the samba_dlz partitions OK
all the dns checks in the howto pass OK

It seems that it's failing getting a ticket using the machine key,
however we can kinit using secrets.keytab fine.

Here is private:
drwxrwx--- 3 bind bind    4096 jun  5 18:41 dns
-rw-r----- 1 bind bind     742 jun  5 18:41 dns.keytab
-rw-r--r-- 1 root root    2270 jun  5 18:41 dns_update_list
-rw------- 1 root root 1286144 jun  5 18:40 hklm.ldb
-rw------- 1 root root 1609728 jun  5 19:25 idmap.ldb
-rw-r--r-- 1 root root      91 jun  5 18:41 krb5.conf
srwxrwxrwx 1 root root       0 jun  5 20:33 ldapi
drwxr-x--- 2 root root    4096 jun  5 20:33 ldap_priv
-rw-r--r-- 1 root bind     555 jun  5 19:22 named.conf
-rw-r--r-- 1 root root     555 jun  5 19:21 named.conf~
-r--r--r-- 1 root root     220 jun  5 18:52 named.conf.update
-rw-r--r-- 1 root root    2212 jun  5 18:41 named.txt
-rw------- 1 root root 1286144 jun  5 18:40 privilege.ldb
-rw------- 1 root root     696 jun  5 18:52 randseed.tdb
-rw------- 1 root root 4251648 jun  5 18:41 sam.ldb
drwxr-x--- 2 root bind    4096 jun  5 18:41 sam.ldb.d
-rw------- 1 root root     696 jun  5 20:32 schannel_store.tdb
-rw------- 1 root bind    1082 jun  5 18:41 secrets.keytab
-rw------- 1 root root 1286144 jun  5 18:41 secrets.ldb
-rw------- 1 root root  430080 jun  5 20:33 secrets.tdb
-rw------- 1 root root 1286144 jun  5 18:40 share.ldb
drwxr-xr-x 3 root root    4096 jun  5 18:52 smbd.tmp
-rw-r--r-- 1 root root     955 jun  5 18:41 spn_update_list
drwx------ 2 root root    4096 jun  5 18:52 tls

Any ideas anyone?
Cheers,
Steve

More information about the samba mailing list