[Samba] Issues demoting a samba DC.
rpenny at samba.org
Sun Jan 8 16:42:18 UTC 2023
On 08/01/2023 16:03, Michael Tokarev via samba wrote:
> 08.01.2023 18:54, Michael Tokarev wrote:
>> And nope, after removing this stale A gc._msdcs record from samba DNS, it
>> still does not work and still logs the same error message, apparenlty
>> trying to log in to the other DC for replication:
>> [2023/01/08 18:50:43.390974, 0]
>> Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
>> I'll try to strace it to find out what's going on.
> strace itself didin't help , but it gave me a clue, because at the very
> where it logs this error, it opens the samba keytab file. And earlier I
> maybe after doing some DC stuff, I'll have to regenerate the keytabs?
> And indeed, there was an error in /etc/krb5.conf, - this file were still
> referring to the old DC which I just removed.
> Unfortunately, all guides I've read so far about samba and kerberos, are
> They say to create krb5.conf with the given contents, but this does not
> at all when you have more than one realm in there, so by creating the new
> krb5.conf, you're breaking other realms. But this is a different issue.
>> Unfortunately I still don't know what does it *mean*, what exactly it
>> to do when "binding to uuid"?
> (still no answer to this).
Ah, I forgot that you are running your Samba AD DC's in an unsupported
way, for a start you really should only have one realm in krb5.conf on a DC.
I cannot help you further with this, an NT4-style DC != an AD DC and you
shouldn't try to run AD anything like NT4
More information about the samba