[Samba] Samba Join as DC failed

Daniel von Obernitz daniel.vonobernitz at uni-greifswald.de
Wed Mar 19 10:31:04 MDT 2014 

Hi Andrew,

>> We know we need to improve some issues at the large end, it would be
>> very interesting to run that join under 'perf record -g' on Linux (with
>> a very, very large disk and much more memory) to see what we are hitting
>> the worst, to see if we can improve it.
>>
>
> Would be glad to help, just give me some concrete values for very large
> disk (and where do I have to mount it - never worked with perf before)
> and how much memory and I'll see, what I can do here...
>
>

Still would be glad to help, but I need help with the values.


Finally I found the time to go on with my testing procedure using an 
external BIND9_DLZ-Server.

I mountet the /usr/local/samba-directory via sshfs to my dns-server 
"dns2" (bind9.8.4), so that the directory is also /usr/local/samba. Then 
I included the named.conf and it worked so far.

Now I face a problem, when I edit the options-settings in the 
named.conf.options, that I get the following error message when starting 
bind:


default realm from krb5.conf (UNI-GREIFSWALD.DE) does not match 
tkey-gssapi-credential (DNS/dns2.uni-greifswald.de)


krb5.conf
[libdefaults]
      default_realm = UNI-GREIFSWALD.DE
      dns_lookup_realm = false
      dns_lookup_kdc = true


named.conf.options
...
options {
      [...]
      tkey-gssapi-credential "DNS/dns2.uni-greifswald.de"
      tkey-domain "UNI-GREIFSWALD.DE"
      tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
      [...]
};


If I don't use the first two lines in the named.conf.options, bind9 starts.


If I start samba via

samba -i

I get:

/usr/local/samba/sbin/samba_dnsupdate: tkey query failed: GSSAPI error: 
Major = Unspecified GSS failure. Minor code may provide more information 
, Minor = Server not found in Kerberos database.
/usr/local/samba/sbin/samba_dnsupdate: tkey query failed: GSSAPI error: 
Major = Unspecified GSS failure. Minor code may provide more information 
, Minor = Server not found in Kerberos database.
Calling samba_kcc script
../source4/dsdb/repl/drepl_ridalloc.c:43: RID Manager failed RID 
allocation - WERR_BADFILE - extended_ret[0x0]


Any ideas?
Best regards

Daniel

More information about the samba mailing list