[Samba] Samba 4.1.6-Ubuntu on 14.04 domain join seems successful with caveats, testjoin reports no logon servers...

Schuyler Bishop schuyler.bishop at gmail.com
Wed Nov 18 18:08:52 UTC 2015


When I sent the original note, I had it configured this way:

[realms]
HIJ.KLM.COM <http://hij.klm.com/> = {
kdc = ad1.hij.klm.com
kdc = ad2.hij.klm.com
admin_server = ad.hij.klm.com
default_domain = hij.klm.com
}

[domain_realm]
.xyz.hij.klm.com = HIJ.KLM.COM <http://hij.klm.com/>
.hij.klm.com = HIJ.KLM.COM <http://hij.klm.com/>

But then after reading about kerberos on the samba site, it seemed to
suggest to not configure krb5.conf and instead rely on DNS.  I then noticed
these two lines in the krb5.conf that seemed to say "ignore DNS for
kerberos":

        dns_lookup_realm = false
        dns_lookup_kdc = false

After changing those to true and commenting all the realm and domain_realm
stuff out, I could still do a kinit of my domain account and login to the
server using kerberos but still have issues with the testjoin and starting
smbd gives me errors such as:

[2015/11/17 20:16:58.660864,  0]
../source3/libads/kerberos_util.c:74(ads_kinit_password)
  kerberos_kinit_password THIS$@HIJ.KLM.COM failed: Cannot contact any KDC
for requested realm

On Wed, Nov 18, 2015 at 3:03 AM L.P.H. van Belle <belle at bazuin.nl> wrote:

> Hai,
>
> From the logs.
> > ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or
> > directory) kerberos_kinit_password THIS$@HIJ.KLM.COM failed: Cannot
> > contact any KDC for requested realm
> > ads_connect: Cannot contact any KDC for requested realm Join to domain
> > is not valid: No logon servers return code = -1
>
> In your krb5.conf
>
> ad.hij.klm.com does that exist in the domain.
> Because in you logs is see also.
>
> > resolve_lmhosts: Attempting lmhosts lookup for name
> > AD1.HIJ.KLM.COM<0x20>
> > resolve_lmhosts: Attempting lmhosts lookup for name
> > AD1.HIJ.KLM.COM<0x20>
> > resolve_wins: WINS server resolution selected and no WINS servers listed.
> > resolve_hosts: Attempting host lookup for name AD1.HIJ.KLM.COM<0x20>
> > Successfully contacted LDAP server a.b.c.d Connected to LDAP server
> > ad1.hij.klm.com
>
>
> Your sure in krb5.conf
> > admin_server = ad.hij.klm.com is correct ?
>
> Greetz,
>
> Louis
>
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
> > Verzonden: dinsdag 17 november 2015 23:05
> > Aan: samba at lists.samba.org
> > Onderwerp: Re: [Samba] Samba 4.1.6-Ubuntu on 14.04 domain join seems
> > successful with caveats, testjoin reports no logon servers...
> >
> > On 17/11/15 21:41, Schuyler Bishop wrote:
> > > Interesting.  So would having the account I'm creating it with in the
> > > same subdomain fix the potential trust issues, or is samba's function
> > > in a subdomain in general in question?
> > >
> >
> > I honestly don't know, what I can say is that when you try to join a
> > Samba domain member to a DC in the same domain, it just works.
> >
> > Has anybody been able to make this work ?
> >
> > Rowland
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list