[Samba] Ubuntu DC dns update failure
steve
steve at steve-ss.com
Thu Jun 5 15:06:15 MDT 2014
On Thu, 2014-06-05 at 22:03 +0200, Davor Vusir wrote:
> In my working ubuntu 14.04 and Samba 4.1.8 the configurations that
> differ are:
>
> /etc/hosts
> 127.0.0.1 palmera.altea.site palmera localhost localhost.localdomain
> 192.168.1.132 palmera.altea.site palmera
>
> and that the [realm] part in /etc/krb5.conf is missing.
>
> Regards
> Davor
Unfortunately, no change. Still the dnsupdate fails.
Steve
>
>
> Den 5 jun 2014 20:38 skrev "steve" <steve at steve-ss.com>:
> Hi
> Lubuntu 14.04 with bind9 and the samba 4.1.8 tarball
> All seems well. However, 2 errors:
>
> 1. upon starting samba:
> samba: setproctitle not initialized, please either call
> setproctitle_init() or link against libbsd-ctor.
>
> 2. samba_dnsupdate
> - error from samba:
> ../source4/dsdb/dns/dns_update.c:294: Failed DNS update -
> NT_STATUS_IO_TIMEOUT
>
> - error whilst running samba_dnsupdate:
> Looking for DNS entry SRV
> _gc._tcp.default-first-site-name._sites.altea.site
> palmera.altea.site
> 3268 as _gc._tcp.default-first-site-name._sites.altea.site.
> Checking 0 100 3268 palmera.altea.site. against SRV
> _gc._tcp.default-first-site-name._sites.altea.site
> palmera.altea.site
> 3268
> Traceback (most recent call last):
> File "/usr/local/samba/sbin/samba_dnsupdate", line 510, in
> <module>
> get_credentials(lp)
> File "/usr/local/samba/sbin/samba_dnsupdate", line 123, in
> get_credentials
> raise e
> RuntimeError: kinit for PALMERA$@ALTEA.SITE failed (Cannot
> contact any
> KDC for requested realm)
>
> /etc/hosts
> 127.0.0.1 localhost
> 192.168.1.132 palmera.altea.site palmera
>
> /etc/resolv.conf
> nameserver 192.168.1.132
> search altea.site
>
> /etc/hostname
> palmera.altea.site
>
> /etc/krb5.conf
> [libdefaults]
> default_realm = ALTEA.SITE
> dns_lookup_realm = false
> dns_lookup_kdc = true
> [realms]
> ALTEA.SITE = {
> kdc = palmera.altea.site:88
> }
>
> apparmor is not running
>
>
> hostname -d -s and -d all return correctly
> bind 9 loads the samba_dlz partitions OK
> all the dns checks in the howto pass OK
>
> It seems that it's failing getting a ticket using the machine
> key,
> however we can kinit using secrets.keytab fine.
>
> Here is private:
> drwxrwx--- 3 bind bind 4096 jun 5 18:41 dns
> -rw-r----- 1 bind bind 742 jun 5 18:41 dns.keytab
> -rw-r--r-- 1 root root 2270 jun 5 18:41 dns_update_list
> -rw------- 1 root root 1286144 jun 5 18:40 hklm.ldb
> -rw------- 1 root root 1609728 jun 5 19:25 idmap.ldb
> -rw-r--r-- 1 root root 91 jun 5 18:41 krb5.conf
> srwxrwxrwx 1 root root 0 jun 5 20:33 ldapi
> drwxr-x--- 2 root root 4096 jun 5 20:33 ldap_priv
> -rw-r--r-- 1 root bind 555 jun 5 19:22 named.conf
> -rw-r--r-- 1 root root 555 jun 5 19:21 named.conf~
> -r--r--r-- 1 root root 220 jun 5 18:52 named.conf.update
> -rw-r--r-- 1 root root 2212 jun 5 18:41 named.txt
> -rw------- 1 root root 1286144 jun 5 18:40 privilege.ldb
> -rw------- 1 root root 696 jun 5 18:52 randseed.tdb
> -rw------- 1 root root 4251648 jun 5 18:41 sam.ldb
> drwxr-x--- 2 root bind 4096 jun 5 18:41 sam.ldb.d
> -rw------- 1 root root 696 jun 5 20:32 schannel_store.tdb
> -rw------- 1 root bind 1082 jun 5 18:41 secrets.keytab
> -rw------- 1 root root 1286144 jun 5 18:41 secrets.ldb
> -rw------- 1 root root 430080 jun 5 20:33 secrets.tdb
> -rw------- 1 root root 1286144 jun 5 18:40 share.ldb
> drwxr-xr-x 3 root root 4096 jun 5 18:52 smbd.tmp
> -rw-r--r-- 1 root root 955 jun 5 18:41 spn_update_list
> drwx------ 2 root root 4096 jun 5 18:52 tls
>
> Any ideas anyone?
> Cheers,
> Steve
>
>
> --
> To unsubscribe from this list go to the following URL and read
> the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list