[Samba] new installation Samba AD - dnsupdate fail

maurizio at caloro.ch maurizio at caloro.ch
Sun Mar 22 17:35:44 UTC 2020 

Hello
Wau i dont know bevor that Debian 10 running with a so old Samba Version,
yes today i have download 4.12 the source
Was quick compiled and installed, nice.

I fighting with Kerberos..... or will this running when AD are up and
running?


root at AD:/# cat /etc/krb5.conf
[logging]
        Default = FILE:/var/log/krb5.log
        kdc = FILE:/var/log/krb5Kdc.log
        admin_server = FILE:/var/log/krb5adm.log

[libdefaults]
        default_realm = CALORO.M

[realms]
CALORO.M = {
        kdc = ad.caloro.m:88
        admin_server = ad.caloro.m:749
        default_domain = caloro.m
}

[domain_realm]
        .caloro.m = CALORO.M
        caloro.m = CALORO.M
root at AD:/#

if try to made any test
root at AD:/# kinit administrator
kinit: Client 'administrator at CALORO.M' not found in Kerberos database while
getting initial credentials


root at AD:/# ping ad.caloro.m
PING AD.CALORO.M (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.013 ms


root at AD:/# systemctl status krb5-kdc.service
● krb5-kdc.service - Kerberos 5 Key Distribution Center
   Loaded: loaded (/lib/systemd/system/krb5-kdc.service; enabled; vendor
preset: enabled)
   Active: active (running) since Sun 2020-03-22 18:25:05 CET; 9min ago
  Process: 13403 ExecStart=/usr/sbin/krb5kdc -P /var/run/krb5-kdc.pid
$DAEMON_ARGS (code=exited, status=0/SUCCESS)
 Main PID: 13404 (krb5kdc)
    Tasks: 1 (limit: 4915)
   Memory: 1.0M
   CGroup: /system.slice/krb5-kdc.service
           └─13404 /usr/sbin/krb5kdc -P /var/run/krb5-kdc.pid

Mar 22 18:25:05 AD krb5kdc[13403]: Setting pktinfo on socket ::.88
Mar 22 18:25:05 AD systemd[1]: krb5-kdc.service: Can't open PID file
/run/krb5-kdc.pid (yet?) after start: No such file or directory
Mar 22 18:25:05 AD krb5kdc[13403]: Setting up TCP socket for address
0.0.0.0.88
Mar 22 18:25:05 AD krb5kdc[13403]: Setting up TCP socket for address ::.88
Mar 22 18:25:05 AD krb5kdc[13403]: setsockopt(13,IPV6_V6ONLY,1) worked
Mar 22 18:25:05 AD krb5kdc[13403]: set up 6 sockets
Mar 22 18:25:05 AD krb5kdc[13404]: commencing operation
Mar 22 18:25:05 AD systemd[1]: Started Kerberos 5 Key Distribution Center.
Mar 22 18:25:53 AD krb5kdc[13404]: AS_REQ (8 etypes {18 17 20 19 16 23 25
26}) 127.0.0.1: CLIENT_NOT_FOUND: administrator at CALORO.M for
krbtgt/CALORO.M at CALORO.M, Client not found in Kerberos database
Mar 22 18:31:36 AD krb5kdc[13404]: AS_REQ (8 etypes {18 17 20 19 16 23 25
26}) 127.0.0.1: CLIENT_NOT_FOUND: administrator at CALORO.M for
krbtgt/CALORO.M at CALORO.M, Client not found in Kerberos database
root at AD:/#


Thanks
Mauri


>This appears to be more of an error with samba_dnsupdate than your AD ;-)
>
>Python is raising an exception because the records already exist, it should
either remain silent or just print a message like 'Record exists'.
>
>Can I suggest you upgrade your version of Samba, 4.9.x is EOL as far as
Samba is concerned, you can get later versions here: 
>http://apt.van-belle.nl/
>
>There have been numerous updates since 4.9.5 and the fix for your non-error
may be one of them ;-)
>
>Rowland

More information about the samba mailing list