[Samba] Cannot contact any KDC for requested realm

Anton Blau tony.blue.mailinglist at gmx.de
Thu Jul 19 15:33:46 UTC 2018 

Am 19.07.2018 um 10:03 schrieb Rowland Penny via samba:
> On Wed, 18 Jul 2018 23:21:41 +0200
> Anton Blau via samba <samba at lists.samba.org> wrote:
>
>> Am 18.07.2018 um 14:17 schrieb Rowland Penny via samba:
>>
> It is touched on here:
>
> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Parameter_Explanation
>
> It is quite simple, the realm is the DNS domain name in uppercase, so
> in your case, the DNS domain appears to be 'duck', so the realm must be
> 'DUCK'
>
> You don't appear to have provisioned with the realm 'DUCK', so it will
> probably be easier to re-provision.
>
> Rowland
>   
>
Sorry - but I suppose I'm stupid. If I try to re-provision with realm 
"DUCK" I get a new error.

I tried it with realm "DUCK" + domain "DUCK" and "FILE" -> provisioning 
fails.

If I try it with realm "DUCK" + domain "FILE.DUCK" provisioning runns, 
but I got the error

What I am doing wrong?



root at file:~# rm /etc/samba/smb.conf
root at file:~# samba-tool domain provision --use-rfc2307 --interactive
Realm [DUCK]:
  Domain [DUCK]:
  Server Role (dc, member, standalone) [dc]:
  DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) 
[SAMBA_INTERNAL]:
  DNS forwarder IP address (write 'none' to disable forwarding) 
[192.168.1.254]:
Administrator password:
Retype password:
ERROR(<class 'samba.provision.ProvisioningError'>): Provision failed - 
ProvisioningError: guess_names: Realm 'DUCK' must not be equal to short 
domain name 'DUCK'!
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 
434, in run
     nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode)
   File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", 
line 2022, in provision
     sitename=sitename, rootdn=rootdn, domain_names_forced=(samdb_fill 
== FILL_DRS))
   File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", 
line 638, in guess_names
     raise ProvisioningError("guess_names: Realm '%s' must not be equal 
to short domain name '%s'!" % (realm, domain))

root at file:~# rm /etc/samba/smb.conf
root at file:~# samba-tool domain provision --use-rfc2307 --interactive
Realm [DUCK]:
  Domain [DUCK]: FILE
  Server Role (dc, member, standalone) [dc]:
  DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) 
[SAMBA_INTERNAL]:
  DNS forwarder IP address (write 'none' to disable forwarding) 
[192.168.1.254]:
Administrator password:
Retype password:
ERROR(<class 'samba.provision.ProvisioningError'>): Provision failed - 
ProvisioningError: guess_names: Domain 'FILE' must not be equal to short 
host name 'FILE'!
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 
434, in run
     nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode)
   File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", 
line 2022, in provision
     sitename=sitename, rootdn=rootdn, domain_names_forced=(samdb_fill 
== FILL_DRS))
   File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", 
line 624, in guess_names
     raise ProvisioningError("guess_names: Domain '%s' must not be equal 
to short host name '%s'!" % (domain, netbiosname))

  samba-tool domain provision --use-rfc2307 --interactive
Realm [DUCK]:
  Domain [DUCK]: DOMCON.DUCK
  Server Role (dc, member, standalone) [dc]:
  DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) 
[SAMBA_INTERNAL]:
  DNS forwarder IP address (write 'none' to disable forwarding) 
[192.168.1.254]:
Administrator password:
Invalid administrator password.
Administrator password:
Retype password:
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=duck
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=duck
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at 
/var/lib/samba/private/krb5.conf
Setting up fake yp server settings
Once the above files are installed, your Samba4 server will be ready to use
Server Role:           active directory domain controller
Hostname:              domcon
NetBIOS Domain:        DOMCON.DUCK
DNS Domain:            duck
DOMAIN SID:            S-1-5-21-2872781360-2334468414-1341116025


/var/log/syslog:

Jul 19 15:29:22 domcon smbd[1979]:   STATUS=daemon 'smbd' finished 
starting up and ready to serve connections
Jul 19 15:29:22 domcon winbindd[1991]: [2018/07/19 15:29:22.827717,  0] 
../lib/util/become_daemon.c:124(daemon_ready)
Jul 19 15:29:22 domcon winbindd[1991]:   STATUS=daemon 'winbindd' 
finished starting up and ready to serve connections
Jul 19 15:29:23 domcon samba[1989]: [2018/07/19 15:29:23.039362, 0] 
../lib/util/util_runcmd.c:324(samba_runcmd_io_handler)
Jul 19 15:29:23 domcon samba[1989]:   /usr/sbin/samba_dnsupdate: 
Traceback (most recent call last):
Jul 19 15:29:23 domcon samba[1989]: [2018/07/19 15:29:23.039515, 0] 
../lib/util/util_runcmd.c:324(samba_runcmd_io_handler)
Jul 19 15:29:23 domcon samba[1989]:   /usr/sbin/samba_dnsupdate: File 
"/usr/sbin/samba_dnsupdate", line 614, in <module>
Jul 19 15:29:23 domcon samba[1989]: [2018/07/19 15:29:23.039687, 0] 
../lib/util/util_runcmd.c:324(samba_runcmd_io_handler)
Jul 19 15:29:23 domcon samba[1989]: /usr/sbin/samba_dnsupdate:     
get_credentials(lp)
Jul 19 15:29:23 domcon samba[1989]: [2018/07/19 15:29:23.039776, 0] 
../lib/util/util_runcmd.c:324(samba_runcmd_io_handler)
Jul 19 15:29:23 domcon samba[1989]:   /usr/sbin/samba_dnsupdate: File 
"/usr/sbin/samba_dnsupdate", line 125, in get_credentials
Jul 19 15:29:23 domcon samba[1989]: [2018/07/19 15:29:23.039878, 0] 
../lib/util/util_runcmd.c:324(samba_runcmd_io_handler)
Jul 19 15:29:23 domcon samba[1989]: /usr/sbin/samba_dnsupdate:     raise e
Jul 19 15:29:23 domcon samba[1989]: [2018/07/19 15:29:23.039976, 0] 
../lib/util/util_runcmd.c:324(samba_runcmd_io_handler)
Jul 19 15:29:23 domcon samba[1989]:   /usr/sbin/samba_dnsupdate: 
RuntimeError: kinit for DOMCON$@DUCK failed (Cannot contact any KDC for 
requested realm)
Jul 19 15:29:23 domcon samba[1989]: [2018/07/19 15:29:23.040049, 0] 
../lib/util/util_runcmd.c:324(samba_runcmd_io_handler)
Jul 19 15:29:23 domcon samba[1989]:   /usr/sbin/samba_dnsupdate:

More information about the samba mailing list