[Samba] Samba43 Kerberos issues

Juan Garcia juan at ish.com.au
Tue Mar 22 05:24:17 UTC 2016 

Hi There,

I have an odd issue with my samba4 infrastructure, I have two servers both replicating fine.
DC1 passes all tests documented here: https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller
Except the following test:

# kinit administrator
# kinit: krb5_get_init_creds: Client (administrator at DOMAIN.NAME.COM.AU) unknown

And in the logs I have found the following:

# kinit for SERVER1$@DOMAIN.NAME.COM.AU failed (Client not found in Kerberos database) SERVER1 is my DC1, not sure why it has a $ right before the @ is this normal?
I get the same error when running

# samba_dnsupdate --verbose --all-names
IPs: ['0.0.0.0'] -> shows the real DC1 ip address
Traceback (most recent call last):
   File "/usr/local/sbin/samba_dnsupdate", line 621, in <module>
     get_credentials(lp)
   File "/usr/local/sbin/samba_dnsupdate", line 125, in get_credentials
     raise e
RuntimeError: kinit for SERVER1$@DOMAIN.NAME.COM.AU failed (Client not found in Kerberos database)

Not sure if this is useful but I have run:

# samba_dnsupdate --verbose --all-names --no-credentials

Calling nsupdate for A server1.domain.name.com.au 0.0.0.0 (add) -> Both lines don't show 0.0.0.0 it shows the real ip address
Failed nsupdate: A server1.domain.name.com.au 0.0.0.0 : [Errno 2] No such file or directory

And it keeps trying to find those files all with the same error:
[Errno 2] No such file or directory

Calling nsupdate for A gc._msdcs.a
Calling nsupdate for SRV _gc._tcp.

Last thing that I found
On DC1
# ps ax | grep samba
38636  -  Is      0:00.40 /usr/local/sbin/samba --daemon --configfile=/usr/local/etc/smb4.conf
38637  -  I       0:00.00 samba: task[s3fs_parent] (samba)
38638  -  S       0:27.24 samba: task[dcesrv] (samba)
38640  -  I       0:00.01 samba: task wrepl server_id[38640] (samba)
38641  -  I       0:08.63 samba: task[ldapsrv] (samba)
38642  -  S       0:00.07 samba: task[cldapd] (samba)
38644  -  S       1:04.27 samba: task[dreplsrv] (samba)
38645  -  I       0:00.00 samba: task[winbindd_parent] (samba)
38646  -  I       0:00.01 samba: task[ntp_signd] (samba)
38648  -  I       0:03.79 samba: task[kccsrv] (samba)
38649  -  S       0:00.89 samba: task[dnsupdate] (samba)
38650  -  I       0:04.54 samba: task[dns] (samba)

on DC2
# ps ax | grep samba
11108  -  Ss       0:00.41 /usr/local/sbin/samba --daemon --configfile=/usr/local/etc/smb4.conf
11109  -  I        0:00.00 samba: task[s3fs_parent] (samba)
11110  -  S        0:02.74 samba: task[dcesrv] (samba)
11112  -  S        0:00.00 samba: task wrepl server_id[11112] (samba)
11113  -  I        0:01.77 samba: task[ldapsrv] (samba)
11114  -  S        0:00.19 samba: task[cldapd] (samba)
11115  -  I        0:00.44 samba: task[kdc] (samba)
11116  -  S        0:01.07 samba: task[dreplsrv] (samba)
11117  -  I        0:00.00 samba: task[winbindd_parent] (samba)
11118  -  S        0:00.00 samba: task[ntp_signd] (samba)
11120  -  I        0:00.43 samba: task[kccsrv] (samba)
11121  -  S        0:00.04 samba: task[dnsupdate] (samba)
11122  -  S        0:00.01 samba: task[dns] (samba)

As you can see task[kdc] (samba) is not running on DC1, I'm pretty sure this is something to do with my issues, but not sure how to fix this, I appreciate your help and thanks in advance for reading this.


Regards,

-- 
Juan Garcia
ish
http://www.ish.com.au
Level 1, 30 Wilson Street Newtown 2042 Australia
phone +61 2 9550 5001   fax +61 2 9550 4001

More information about the samba mailing list