[Samba] new dc does not allow login..?

Rowland penny rpenny at samba.org
Thu Oct 22 18:27:56 UTC 2020 

Please see replies inline:

On 22/10/2020 19:06, Joachim Lindenberg wrote:
> root at cobra:/home/joachim# cat /tmp/samba-debug-info.txt
> Collected config  --- 2020-10-22-17:57 -----------
>
> Hostname: cobra
> DNS Domain:
> FQDN: cobra
> ipaddress: 192.168.177.19

I actually expected more output, but lets start with what we have :-)

You do not seem to have a domain name, you need to fix this, not sure 
just what Ubuntu 20.04 uses, but you need to fix it so that the 
following commands print the following output

hostname -s

cobra

hostname -d

samba.lindenberg.one

hostname -f

cobra.samba.lindenberg.one

hostname -i

192.168.177.19

>
> -----------
>
> WARNING: kinit Administrator will fail and this needs to be fixed first.
> unable to verify DNS kerberos._tcp SRV records
>
> Server:         192.168.177.18
> Address:        192.168.177.18#53
>
> ** server can't find _kerberos._tcp: NXDOMAIN
This could be because it isn't asking itself, the DC should use its own 
IP as the first nameserver in /etc/resolv.conf, so what is 
'192.168.177.19' ?
>
> kinit Adminstrator done manually does work or at least does not report any error.
>
> when I dig manually I get SRV records:
>
> root at cobra:/home/joachim# dig -t SRV _kerberos._tcp.samba.lindenberg.one
>
> ; <<>> DiG 9.16.1-Ubuntu <<>> -t SRV _kerberos._tcp.samba.lindenberg.one
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9893
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ; COOKIE: c60e03fcc592f9949fb4fc8e5f91c878ed0f2c5c525380ca (good)
> ;; QUESTION SECTION:
> ;_kerberos._tcp.samba.lindenberg.one. IN        SRV
>
> ;; ANSWER SECTION:
> _kerberos._tcp.samba.lindenberg.one. 900 IN SRV 0 100 88 boa.samba.lindenberg.one.
> _kerberos._tcp.samba.lindenberg.one. 900 IN SRV 0 100 88 cobra.samba.lindenberg.one.
>
> ;; Query time: 4 msec
> ;; SERVER: 192.168.177.18#53(192.168.177.18)
> ;; WHEN: Thu Oct 22 17:59:20 UTC 2020
> ;; MSG SIZE  rcvd: 182
>
> (actually I missed them initially as dns_update did not work, and fixed both)
Again that is using '192.168.177.18'
> Just in case, my smb.conf looks as follows:
>
> # Global parameters
> [global]
>          netbios name = COBRA
>          realm = SAMBA.LINDENBERG.ONE
>          server role = active directory domain controller
>          server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
>          workgroup = SAMBA
>
> [sysvol]
>          path = /var/lib/samba/sysvol
>          read only = No
>
> [netlogon]
>          path = /var/lib/samba/sysvol/samba.lindenberg.one/scripts
>          read only = No

About all I can tell from that is that you are using Bind9, so you will 
manually have to set /var/lib/samba/bind-dns/named.conf.

Open it in an editor and check if any of the lines that have 'database' 
in them have been uncommented (I don't think they will have), if not, 
uncomment the last one, under '# For BIND 9.11.x'

Once you have fixed the problems highlighted above, re-run the script.

Rowland

More information about the samba mailing list