[Samba] samba 4.1.17 on raspberry pi as ad dc - internal dns problems

Thu Mar 12 10:23:05 MDT 2015

On 12/03/15 15:43, Matthias Busch wrote:
> Hey Peter,
>
> many thanks for your reply.
>
> ---
> regarding .local domains
> I know this is regarded by some as bad form, is actively being 
> discouraged by the samba wiki and can cause problems with 
> bonjour/zerobla configuration.
>
> I can say for certain that no apple devices will ever come anywhere 
> near that network and the other drawbacks of .local like getting 
> signed certs... should never be an issue in this case.
>
> I am hesitant to use .net (the domain I own) in fear of having dns 
> issues. i do not control the NS for the internet accesible .net domain 
> either.
>
> In the end, unless .local will not cause problems like software X will 
> not work with .local I should be fine.
>
> ---
>
> DNS seems fixed
>
> I was further looking around and studying /var/log/syslog, looking for 
> hints when I saw some signs of slapd causing taking ports and causing 
> samba to throw errors (cant bind to port)
>
> I removed slapd and rebooted:
> - DNS works for internet domains
> - host -t SRV _ldap._tcp.my-domain.local --> looking good
> - samba_dnsupdate --verbose --> looking good
> - smbclient -L localhost -U% --> showing shares
>
> ---
>
> Kerberos still on the fritz
>
> kinit administrator at MY-DOMAIN.LOCAL --> kinit: Cannot contact any KDC 
> for realm 'MY-DOMAIN.LOCAL' while getting initial credentials
> klist -e --> klist: No credentials cache found (ticket cache 
> FILE:/tmp/krb5cc_0)
>
> --- /usr/local/samba/etc/smb.conf
>
> # Global parameters
> [global]
>     workgroup = MY-DOMAIN
>     realm = MY-DOMAIN.LOCAL
>     netbios name = ADSERVER
>     server role = active directory domain controller
>     dns forwarder = 192.168.7.1
>     idmap_ldb:use rfc2307 = yes
>
> [netlogon]
>     path = /usr/local/samba/var/locks/sysvol/fam-busch.local/scripts
>     read only = No
>
> [sysvol]
>     path = /usr/local/samba/var/locks/sysvol
>     read only = No
>
>
> --- /etc/krb5.conf
>
> [libdefaults]
>     default_realm = MY-DOMAIN.LOCAL
>     dns_lookup_realm = false
>     dns_lookup_kdc = true
>
>
> --- nsswitch ???
>
> whats that? where? find / -iname "nsswitch" shows 3 directories in my 
> samba4.1.17 source directory
>
> ---
>
> checking daemon.log now and google abit about krb5.
>
> If anything strikes you as odd and/or you have ideas to try, I'll look 
> forward to hearing about it.
>
> Thanks
> M.

Hi, please don't use .local, you say that no apple devices will come 
near, but what about an iphone ? and what about avahi ?

When you ran configure, you might as well just run it like this: ./configure

All the rest are defaults and you do not really need debug.

You only need to alter /etc/nsswitch.conf (yes that's the one) if you 
want/need your users to log into the DC.

Rowland