[Samba] Samba AD not listening on ipv4 - 464/tcp

Rowland Penny rpenny at samba.org
Fri May 3 08:34:15 UTC 2024 

On Fri, 03 May 2024 10:11:48 +0200
PaLi via samba <samba at lists.samba.org> wrote:

> Hello
> 
> I'm not able to connect to Samba AD domain by realm. 
> 
> sudo realm join OFFICE.COMPANY.COM -U administrator
> 
> Password for administrator: 
> See: journalctl REALMD_OPERATION=r41422.307314
> realm: Couldn't join realm: Failed to join the domain
> 
> this is in journal:
> 
> smbmem41.office.company.com realmd[211374]: adcli: joining domain
> office.company.com failed: Couldn't set password for computer
> account: SMBMEM41$: Cannot contact any KDC for requested realm
> 
> according to 
> https://access.redhat.com/solutions/3697241
> it is necessary to open ports 464/tpc,  464/udp  (kpasswd5)
> 
> but samba AD is listening on IPv6 localhost only
> 
> sudo ss -tulpn | grep ':464\|:88'
> udp   UNCONN 0      0              0.0.0.0:88         0.0.0.0:*
> users:(("krb5kdc",pid=217785,fd=16)) udp   UNCONN 0      0
>     [::1]:464           [::]:*
> users:(("kdc[master]",pid=217782,fd=38)) tcp   LISTEN 0      5
>       0.0.0.0:88         0.0.0.0:*
> users:(("krb5kdc",pid=217785,fd=17)) tcp   LISTEN 0      10
>     [::1]:464           [::]:*
> users:(("kdc[master]",pid=217782,fd=37)) 
> 
> 
> I'm trying to set this explicitly in
> file /var/lib/samba/private/kdc.conf by this directive
> "kpasswd_listen"
> 
> [kdcdefaults]
>    kdc_listen = 0.0.0.0
>    kdc_tcp_listen = 0.0.0.0
>    kpasswd_listen = 127.0.0.1:464 192.168.95.111:464
>    kdc_ports = 88
>    kdc_tcp_ports = 88
> 
> but nothing changed
> 
> when I've changed kdc_listen I can see difference by "sudo ss -tulpn"
> but no changes for kpasswd_listen
> 
> How is it possible to make it work?
> 
> Pavel
> 

Sorry, but you appear to be asking in the wrong place, realmd and adcli
are not produced by Samba

Samba uses 'net ads join' to join to an AD domain and non of my DCs
have /var/lib/samba/private/kdc.conf, so could you be using the
experimental MIT kerberos ?

What OS are you using and how have you setup smb.conf

There is also the problem of the the link you provided being behind a
registration wall that I cannot get through.

Rowland

More information about the samba mailing list