[Samba] Debugging Samba 4 AD Setup

L.P.H. van Belle belle at bazuin.nl
Tue Mar 24 08:48:53 MDT 2015 

Realm is advices to use UPPERCASE.. not obligated. ( but very advices yes ) 

check the following outputs and post them back in the list ( if needed anonymized ) 

hostname -i
hostname -s
hostname -f
hostname -d

cat /etc/resolv.conf
cat /etc/hosts
cat /etc/mailname

dig MX ourdomain.com @127.0.0.1
dig MX ourdomain.com @192.168.1.254
dig PTR IP_OF_DC

Greetz, 

Louis




>-----Oorspronkelijk bericht-----
>Van: kable at abv.bg [mailto:samba-bounces at lists.samba.org] 
>Namens Georg Georgiev
>Verzonden: dinsdag 24 maart 2015 14:27
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] Debugging Samba 4 AD Setup
>
>Hello Johannes,
>Please check your kerberos realm, wiki says: _Realm:_ . It will also 
>automatically be used as the Active Directory DNS domain name. 
>The Realm 
>always has to be in uppercase.
>I see that your is realm = ourdomain.com
>Regards,
>George
>
>On 24.3.2015 ??. 14:29 ??., Johannes Amorosa | Celluloid VFX wrote:
>> We're using quite successfully a samba 4.1 AD setup authenticating 
>> user. We have on an unregular basis
>> mails that can't be delivered because dovecot-pam fails to 
>verify the 
>> credentials. I'm trying to debug
>> this and set the loglevel up to 3.
>>
>> I can see an error message being spammed in the log files and can't 
>> figure out what causes this. I expect a configuration error somewhere
>> although everything else seems to work. Can someone shed 
>some light on 
>> this error.
>>
>> Invalid domain! Expected name in domain [ourdomain.com]. But 
>received 
>> [THE-AD-HOSTNAME]!
>> 
>../source4/rpc_server/netlogon/dcerpc_netlogon.c:2330(dcesrv_ne
>tr_DsrEnumerateDomainTrusts) 
>>
>>
>> I don't believe this has anything to do with the initial 
>problem, but 
>> I would like to resolve this one aswell.
>> Thank you for your time.
>> Joe
>>
>> Setup:
>> Two identical servers with this samba.conf.
>>
>> # Global parameters
>> [global]
>>     workgroup = OURDOMAIN
>>     realm = ourdomain.com
>>     netbios name = THE-AD-HOSTNAME
>>     netbios aliases = SOMETHINGELSE
>>     log level = 3
>>
>>     server role = active directory domain controller
>>     dns forwarder = 192.168.1.254
>> [netlogon]
>>     path = /var/lib/samba/sysvol/ourdomain.com/scripts
>>     read only = No
>>
>> [sysvol]
>>     path = /var/lib/samba/sysvol
>>     read only = No
>>
>>
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list