[Samba] does samba need heimdal or something else

Thomas Schulz schulz at adi.com
Thu Mar 27 13:17:05 MDT 2014 

> I'm trying to understand what is definitive about samba 4.x as an AD DC.
> 
> First, does samba need to have heimdal or mit kerb installed? Following the
> how to at
> 
> https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO
> 
> I don't see that it does.
> 
> After getting samba to work in its plain defaults, I then proceeded to
> configure it to use bind9 as shown in the bind howto -
> https://wiki.samba.org/index.php/DNS#Changing_from_Internal_DNS_to_BIND
> 
> But I then found I was getting errors running samba_dnsupdate --verbose
> --all
> 
> so then I installed hiemdal and configured the /etc/krb5.conf to have the
> realm name of may samba domain.
> 
> This probably was superfluous as I still go the same error.
> 
> So I investigated further and modified /etc/resolv.conf so that in pointed
> to the host I'm workinging on -- where I installed bind.
> 
> Then running samba_dnsupdate --verbose --all I get lots of errors the
> common one is
> 
> ;; UPDATE SECTION:
> _gc._tcp.bearfam.org.   900     IN      SRV     0 100 3268 b11.bearfam.org.
> 
> ; Communication with 127.0.1.1#53 failed: operation canceled
> ; Communication with 8.8.8.8#53 failed: unexpected error
> could not talk to any default name server
> Failed nsupdate: 1
> Calling nsupdate for SRV _gc._tcp.default-first-site-name._sites.bearfam.org
> b11.bearfam.org 3268
> 
> 
> So I conclude my first error was a failure to get /etc/resolv.conf correct.
> 
> What what do I do about the 'operation canceled' message ? Is samba still
> unable to talk wtih bind? do I still need some kind of config for heimdal ?
> 
> The bind migration guide mentions running kinit and getting admin tokens
> for the domain -- but I'm still wondering about the requirement for heimdal
> ...
> 
> Please advise.
> 
> -- 
> David Bear

Looking at the logs from when I built Samba 4.1.6 from source, I see that
the Samba source comes with a version of Heimdal and that on systems that
do not come with Heimdal the build will use the embedded Heimdal.

Tom Schulz
Applied Dynamics Intl.
schulz at adi.com

More information about the samba mailing list