[Samba] Many errors after adding SAMBA 4.1 as 2nd AD in Win 2008 domain

Denis Cardon denis.cardon at tranquil-it-systems.fr
Wed Jan 21 02:56:49 MST 2015


Hi Arch,


> If I issue "smbclient -L localhost -U%", I get this:

This line does not test the whole thing. In order to test the thing 
properly, you'd better use a kinit to get a kerberos ticket, then a 
smbclient -k -L youservername to validate your environment.

>
> 2015/01/18 17:37:15.239428,  0] ../source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv)
>    Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for e3514235-4b06-11d1-ab04-00c04fc2dcd2 at ncacn_ip_tcp:fa2f509c-accf-442f-b7f2-9497bb286180._msdcs.MYDOMAIN.local[1029,seal,krb5] NT_STATUS_NO_LOGON_SERVERS
> [2015/01/18 17:37:25.439073,  3] ../source4/auth/gensec/gensec_gssapi.c:309(gensec_gssapi_client_creds)
>    Cannot reach a KDC we require to contact GC/WINDOWSDC.MYDOMAIN.local/MYDOMAIN.local : kinit for LINUXDC$@MYDOMAIN.local failed (Cannot contact any KDC for requested realm)

e3514235-4b06-11d1-ab04-00c04fc2dcd2 is a guid related to replication. 
But the real issue is that the server cannot contact a valid dc server. 
Your DNS entries have probably not been properly created at your server 
startup

> /etc/resolv.conf:
>
> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
> #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
> nameserver 10.0.0.233
> search mydomain.local

I assume 10.0.0.233 is the ip of your LINUXDC.

> /etc/krb5.conf:
>
> [libdefaults]
>      dns_lookup_realm = true
>      dns_lookup_kdc = true
>      default_realm = MYDOMAIN.LOCAL
>
> [realms]
> MYDOMAIN.LOCAL = {
> kdc = WAREHOUSE.MYDOMAIN.LOCAL
> admin_server = LINUXDC.MYDOMAIN.LOCAL
> }
>
> [domain_realm]
>          .mydomain.local = MYDOMAIN.LOCAL
>          mydomain.local = MYDOMAIN.LOCAL
>

In your krb5.conf file, if everything is going well, you should only 
need the first 4 lines.

You can try a samba_dnsupdate to see if it works properly. If everything 
is fine, it just exits without saying anything. Could you also try to 
see if the following entry do exists in your DNS, it should point to 
your linuxdc server (and since you have replication issue, check on both 
servers):

b952c564-4c5a-4f7d-854b-18e309f6e969._msdcs.MYDOMAIN.local

check also the _kerberos._tcp.MYDOMAIN.local, _ldap._tcp.MYDOMAIN.local 
and _gc._tcp.MYDOMAIN.local DNS entries, you should have entries for 
both your LINUXDC and your WINDOWS DC servers.

One last thing, since you are using the .local suffix, please check the 
/etc/nsswitch.conf file and delete all the mdns and avahi related stuff, 
and turn off avahi daemon.

Hope this helps,

Denis


-- 
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr



More information about the samba mailing list