[Samba] Cannot contact any KDC for requested realm

Rowland Penny rpenny at samba.org
Mon Jul 23 21:27:07 UTC 2018 

On Mon, 23 Jul 2018 23:09:58 +0200
Anton Blau via samba <samba at lists.samba.org> wrote:

> Am 19.07.2018 um 17:50 schrieb Rowland Penny via samba:
> > On Thu, 19 Jul 2018 17:33:46 +0200
> > Anton Blau via samba <samba at lists.samba.org> wrote:
> >
> >> Am 19.07.2018 um 10:03 schrieb Rowland Penny via samba:
> >>> On Wed, 18 Jul 2018 23:21:41 +0200
> >>> Anton Blau via samba <samba at lists.samba.org> wrote:
> >>>
> >>>> Am 18.07.2018 um 14:17 schrieb Rowland Penny via samba:
> >>>>
> >>>
> > The above shows the problem, you cannot use the realm name for the
> > netbios domain name (aka workgroup), or to put it another way, your
> > netbios domain name 'DUCK' cannot be the same as your realm 'DUCK'.
> >
> > Is your dns domain really just 'duck' ?
> > If so, I think you need to consider changing it.
> > I suggest you read this:
> >
> > https://wiki.samba.org/index.php/Active_Directory_Naming_FAQ
> >
> > You could use something like 'duck.tld', just don't use the TLD
> > '.local'
> >
> 
> O. K. Thank you. Now a new trial:
> 
> samba-tool domain provision --use-rfc2307 --interactive
> Realm [DUCK.TLD]: DOMCON.DUCK.TLD
>   Domain [DOMCON]: DUCK.TLD
>   Server Role (dc, member, standalone) [dc]:
>   DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) 
> [SAMBA_INTERNAL]:
>   DNS forwarder IP address (write 'none' to disable forwarding) 
> [192.168.1.254]:
> Administrator password:
> Retype password:
> Looking up IPv4 addresses
> Looking up IPv6 addresses
> No IPv6 address will be assigned
> Setting up secrets.ldb
> Setting up the registry
> Setting up the privileges database
> Setting up idmap db
> Setting up SAM db
> Setting up sam.ldb partitions and settings
> Setting up sam.ldb rootDSE
> Pre-loading the Samba 4 and AD schema
> Adding DomainDN: DC=domcon,DC=duck,DC=tld
> Adding configuration container
> Setting up sam.ldb schema
> Setting up sam.ldb configuration data
> Setting up display specifiers
> Modifying display specifiers
> Adding users container
> Modifying users container
> Adding computers container
> Modifying computers container
> Setting up sam.ldb data
> Setting up well known security principals
> Setting up sam.ldb users and groups
> Setting up self join
> Adding DNS accounts
> Creating CN=MicrosoftDNS,CN=System,DC=domcon,DC=duck,DC=tld
> Creating DomainDnsZones and ForestDnsZones partitions
> Populating DomainDnsZones and ForestDnsZones partitions
> Setting up sam.ldb rootDSE marking as synchronized
> Fixing provision GUIDs
> A Kerberos configuration suitable for Samba 4 has been generated at 
> /var/lib/samba/private/krb5.conf
> Setting up fake yp server settings
> Once the above files are installed, your Samba4 server will be ready
> to use Server Role:           active directory domain controller
> Hostname:              domcon
> NetBIOS Domain:        DUCK.TLD
> DNS Domain:            domcon.duck.tld
> DOMAIN SID:            S-1-5-21-2320560232-2299116025-3491239596
> 
> But I get no running SAMBA4:
> 
> /var/log/syslog:
> 
> Jul 23 20:49:36 domcon samba[1513]:   samba version 4.2.14-Debian
> started. Jul 23 20:49:36 domcon samba[1513]:   Copyright Andrew
> Tridgell and the Samba Team 1992-2014
> Jul 23 20:49:37 domcon samba[1554]: [2018/07/23 20:49:37.084452,  0] 
> ../source4/smbd/server.c:488(binary_smbd_main)
> Jul 23 20:49:37 domcon samba[1554]:   samba: using 'standard' process
> model Jul 23 20:49:37 domcon samba[1554]: [2018/07/23
> 20:49:37.094546,  0] ../lib/util/become_daemon.c:124(daemon_ready)
> Jul 23 20:49:37 domcon samba[1554]:   STATUS=daemon 'samba' finished 
> starting up and ready to serve connections
> Jul 23 20:49:37 domcon winbindd[1621]: [2018/07/23 20:49:37.232947,
> 0] ../source3/winbindd/winbindd_cache.c:3235(initialize_winbindd_cache)
> Jul 23 20:49:37 domcon winbindd[1621]:   initialize_winbindd_cache: 
> clearing cache and re-creating with version number 2
> Jul 23 20:49:37 domcon winbindd[1621]: [2018/07/23 20:49:37.592355,
> 0] ../lib/util/become_daemon.c:124(daemon_ready)
> Jul 23 20:49:37 domcon winbindd[1621]:   STATUS=daemon 'winbindd' 
> finished starting up and ready to serve connections
> Jul 23 20:49:37 domcon smbd[1609]: [2018/07/23 20:49:37.973506,  0] 
> ../lib/util/become_daemon.c:124(daemon_ready)
> Jul 23 20:49:37 domcon smbd[1609]:   STATUS=daemon 'smbd' finished 
> starting up and ready to serve connections
> Jul 23 20:49:38 domcon samba[1619]: [2018/07/23 20:49:38.865881,  0] 
> ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler)
> Jul 23 20:49:38 domcon samba[1619]:   /usr/sbin/samba_dnsupdate: 
> Traceback (most recent call last):
> Jul 23 20:49:38 domcon samba[1619]: [2018/07/23 20:49:38.865968,  0] 
> ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler)
> Jul 23 20:49:38 domcon samba[1619]:   /usr/sbin/samba_dnsupdate: File 
> "/usr/sbin/samba_dnsupdate", line 614, in <module>
> Jul 23 20:49:38 domcon samba[1619]: [2018/07/23 20:49:38.866000,  0] 
> ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler)
> Jul 23 20:49:38 domcon samba[1619]:   /usr/sbin/samba_dnsupdate: 
> get_credentials(lp)
> Jul 23 20:49:38 domcon samba[1619]: [2018/07/23 20:49:38.866026,  0] 
> ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler)
> Jul 23 20:49:38 domcon samba[1619]:   /usr/sbin/samba_dnsupdate: File 
> "/usr/sbin/samba_dnsupdate", line 125, in get_credentials
> Jul 23 20:49:38 domcon samba[1619]: [2018/07/23 20:49:38.866046,  0] 
> ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler)
> Jul 23 20:49:38 domcon samba[1619]:   /usr/sbin/samba_dnsupdate:
> raise e Jul 23 20:49:38 domcon samba[1619]: [2018/07/23
> 20:49:38.866072,
> 0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) Jul 23
> 20:49:38 domcon samba[1619]:   /usr/sbin/samba_dnsupdate:
> RuntimeError: kinit for DOMCON$@WORKGROUP failed (Cannot contact any
> KDC for requested realm) Jul 23 20:49:38 domcon samba[1619]:
> [2018/07/23 20:49:38.866229,
> 0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) Jul 23
> 20:49:38 domcon samba[1619]:   /usr/sbin/samba_dnsupdate: Jul 23
> 20:55:49 domcon smbd[1630]: [2018/07/23 20:55:49.027185,
> 0] ../lib/util/pidfile.c:153(pidfile_unlink) Jul 23 20:55:49 domcon
> smbd[1630]:   Failed to delete pidfile /var/run/samba/smbd.pid. Error
> was No such file or directory Jul 23 20:55:49 domcon samba[1607]:
> [2018/07/23 20:55:49.028182,
> 0] ../file_server/file_server.c:48(file_server_smbd_done) Jul 23
> 20:55:49 domcon samba[1607]:   file_server smbd daemon exited normally
> Jul 23 20:55:49 domcon samba[1554]: [2018/07/23 20:55:49.043272,  0] 
> ../source4/smbd/server.c:211(samba_terminate)
> Jul 23 20:55:49 domcon samba[1554]:   samba_terminate: smbd child 
> process exited
> Jul 23 20:59:37 domcon winbindd[1626]: [2018/07/23 20:59:37.694999,
> 0] ../source3/winbindd/winbindd_cm.c:1670(wb_open_internal_pipe)
> Jul 23 20:59:37 domcon winbindd[1626]:   open_internal_pipe: Could
> not connect to lsarpc pipe: NT_STATUS_UNSUCCESSFUL
> Jul 23 21:04:37 domcon winbindd[1626]: [2018/07/23 21:04:37.695289,
> 0] ../source3/winbindd/winbindd_cm.c:1670(wb_open_internal_pipe)
> Jul 23 21:04:37 domcon winbindd[1626]:   open_internal_pipe: Could
> not connect to lsarpc pipe: NT_STATUS_UNSUCCESSFUL
> Jul 23 21:06:01 domcon CRON[2406]: (root) CMD (   cd / && run-parts 
> --report /etc/cron.hourly)
> 
> 
> 

Is there some reason why you are using an EOL version of Samba ? 
Not saying this is your problem, but you stand more chance of getting
help if you use a much more recent version of Samba.
As you seem to be using Debian, you can a very recent version here:

http://apt.van-belle.nl/

You know seem to be able to provision Samba correctly, but is the OS
set up correctly to use it ?

can you post:
/etc/hosts
/etc/hostname
/etc/resolv.conf
/etc/krb5.conf
/etc/samba/smb.conf

Rowland

More information about the samba mailing list