[Samba] samba 4.1.17 on raspberry pi as ad dc - internal dns problems

Matthias Busch catwiesel at gmx.net
Thu Mar 12 08:00:29 MDT 2015

Hello List,

I have a raspberry pi with raspbian. I am trying to get samba 4.1.17 to 
work as AD DC and have problems which seem to be dns related...

What I did to get here:

- I removed the preinstalled samba

- installed prerequisites (build-essential libacl1-dev libattr1-dev 
libblkid-dev libgnutls-dev libreadline-dev python-dev libpam0g-dev 
python-dnspython gdb pkg-config libpopt-dev libldap2-dev dnsutils 
libbsd-dev attr krb5-user* docbook-xsl libcups2-dev acl libkrb5-dev)
- installed optionals (acl, python-xattr, util-linux, gnutls-bin, 
readline-common, cups, python-setproctitle, slapd**)
(some preqrequisites and optionals were already installed)
(I initially did install xsltproc and docbook but got errors during make 
at the documentation. removed them and started at config again)
-* krb5 wanted some kerberos data which I diddnt have yet, so i gave it some
-** ldap wanted some stuff and possibly created DC entries which will 
not be correct for dc=my-domain, dc=local

- got samba 4.1.17 as tar.gz via wget from samba.org
- configure /(//--prefix=/usr/local/samba 
//--with-piddir=/usr/local/samba/var/run \//--with-syslog 
\//--with-quotas \//--with-acl-support//--enable-debug)
- make
- make install
/ -added /usr/local/samba/bin and .../sbin to %PATH (all users)
- followed instructions for debain under 
https://wiki.samba.org/index.php/Samba4/InitScript for init.d script

- setup network/name/etc
-- network/interfaces: ip is static (, gateway is router 
.1, dns-nameservers is, dns-search is my-domain.local)
-- hostname is adserver.my-domain.local
-- hosts is localhost localhost.my-domain and 
adserver, adserver.my-domain.local


- samba -V shows 4.1.17, smbclient -V shows 4.1.17

- ran samba-tool domain provision --interactive --use-rfc230
(from memory)
---realm my-domain.local
---domain my-domain (I pressed enter and took the preset)
--- internal dns
--- forward dns:
--- gave admin pw

output was looking good, no error...

- copied the krb5.conf file provided by samba over /etc/krb5.conf 
(checked content, $(REALM) was replaced by my-domain.local)


tests --> and results

names do not resolve (except the entries in hosts)

smbclient -L localhost -U% --> session setup failed: NT_STATUS_CONNECTION_REFUSED

kinitadministrator at MY-DOMAIN.LOCAL -->  <mailto:administrator at OFFERLAMNET.LOCAL>kinit: Cannot contact any KDC for realm 'MY-DOMAIN.LOCAL' while getting initial credentials
klist -e --> klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0)

host -t SRV _ldap._tcp.my-domain.local --> ;; connection timed out. no 
server could be reached

samba_dnsupdate --verbose
--> gives a LOT of errors "failed to find dns entry..."

obviously kerberos is having trouble. however, I feel like kerberos has 
problems because dns has problems.
DNS itself seems not to work at all.

Unfortunately I dont know anything about sambas internal dns. I expected 
it to work "out of the box".
Is it a seperate service that needs to be started? or a special option 
for configure ?

How do you propose I could fix my dns problem (except "use another dns 
daemon like bind")?

Any help will be appreciated...


More information about the samba mailing list