[Samba] Kerberos kinit not running
Rowland Penny
rpenny at samba.org
Wed Jul 20 20:50:43 UTC 2022
On Wed, 2022-07-20 at 22:32 +0200, Maurizio Caloro via samba wrote:
>
> root at TestAD:/home/maurizio# cat /etc/bind/named.conf
> // This is the primary configuration file for the BIND DNS server
> named.
> //
> // Please read /usr/share/doc/bind9/README.Debian.gz for information
> on the
> // structure of BIND configuration files in Debian, *BEFORE* you
> customize
> // this configuration file.
> //
> // If you are just adding zones, please do that in
> /etc/bind/named.conf.local
>
> include "/etc/bind/named.conf.options";
> include "/etc/bind/named.conf.local";
> include "/etc/bind/named.conf.default-zones";
> include "/var/lib/samba/bind-dns/named.conf";
>
> root at TestAD:/home/maurizio# cat /etc/bind/named.conf.local
> //
> // Do any local configuration here
> //
>
> // Consider adding the 1918 zones here, if they are not used in your
> // organization
> include "/etc/bind/zones.rfc1918";
>
> zone "caloro.m" {
> type master;
> file "/etc/bind/caloro.m";
> };
>
> zone "10.168.192.in-addr.arpa" {
> type master;
> file "/etc/bind/reverse.caloro.m";
> };
>
>
Please remove the zones you added to named.conf.local, they are
flatfiles and have no place in a DC's Bind9 conf files, they are stored
in AD.
> root at TestAD:/home/maurizio# cat /etc/bind/caloro.m
Remove that as well.
Please post the contents of /etc/bind/named.conf.options.
>
> --
>
> root at TestAD:/home/maurizio# testparm -s
Sorry, I should have said 'samba-tool testparm', but never mind, it has
shown your major error.
> Load smb config files from /etc/samba/smb.conf
> Loaded services file OK.
> Weak crypto is allowed
>
> Server role: ROLE_ACTIVE_DIRECTORY_DC
>
> # Global parameters
> [global]
> passdb backend = samba_dsdb
> realm = TESTAD.CALORO.M
You have 'default_realm = CALORO.M' in /etc/krb5.conf,
'TESTAD.CALORO.M' != 'CALORO.M', which is it ?
Rowland
More information about the samba
mailing list