[Samba] does samba need heimdal or something else
David Bear
dwbear75 at gmail.com
Wed Mar 26 19:51:09 MDT 2014
I'm trying to understand what is definitive about samba 4.x as an AD DC.
First, does samba need to have heimdal or mit kerb installed? Following the
how to at
https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO
I don't see that it does.
After getting samba to work in its plain defaults, I then proceeded to
configure it to use bind9 as shown in the bind howto -
https://wiki.samba.org/index.php/DNS#Changing_from_Internal_DNS_to_BIND
But I then found I was getting errors running samba_dnsupdate --verbose
--all
so then I installed hiemdal and configured the /etc/krb5.conf to have the
realm name of may samba domain.
This probably was superfluous as I still go the same error.
So I investigated further and modified /etc/resolv.conf so that in pointed
to the host I'm workinging on -- where I installed bind.
Then running samba_dnsupdate --verbose --all I get lots of errors the
common one is
;; UPDATE SECTION:
_gc._tcp.bearfam.org. 900 IN SRV 0 100 3268 b11.bearfam.org.
; Communication with 127.0.1.1#53 failed: operation canceled
; Communication with 8.8.8.8#53 failed: unexpected error
could not talk to any default name server
Failed nsupdate: 1
Calling nsupdate for SRV _gc._tcp.default-first-site-name._sites.bearfam.org
b11.bearfam.org 3268
So I conclude my first error was a failure to get /etc/resolv.conf correct.
What what do I do about the 'operation canceled' message ? Is samba still
unable to talk wtih bind? do I still need some kind of config for heimdal ?
The bind migration guide mentions running kinit and getting admin tokens
for the domain -- but I'm still wondering about the requirement for heimdal
...
Please advise.
--
David Bear
mobile: (602) 903-6476
More information about the samba
mailing list