[Samba] IPV4 Only Environments Kpasswd5 Port 464 Not Showing when ipv6.disable=1 on Kernel CLI

Rowland Penny rpenny at samba.org
Sat Jan 11 08:37:26 UTC 2025


On Fri, 10 Jan 2025 15:07:34 -0700
Gregory Carter <gjcarter2 at gmail.com> wrote:

> Well, if I eliminate the ipv6.disable-1 from the kernel command line
> everything works fine.  So I don't think it is a samba config issue
> per se, unless of course I need something specific for kpasswd5 port
> 464, but in any case.
> 
> This AD server is a Fedora 41 box running

I take it you are aware that the Fedora Samba packages are classed as
experimental because they use MIT kerberos ?

> 
> root at ad:~# uname -ra
> Linux ad.example.com 6.11.10-300.fc41.x86_64 #1 SMP PREEMPT_DYNAMIC
> Sat Nov 23 00:51:20 UTC 2024 x86_64 GNU/Linux
> 
> Here is the join command:
> 
> realm join --automatic-id-mapping=no ad.example.com

No, that is the freeipa join command, the Samba one is:

net ads join -U administrator 

> 
> Here is the smb.conf file of the ad.example.com server:
> # Global parameters
> [global]
>         dns forwarder = 10.10.14.27,10.11.12.10
>         netbios name = AD
>         realm = EXAMPLE.COM
>         server role = active directory domain controller
>         workgroup = EXAMPLE
>         idmap_ldb:use rfc2307 = yes
>         ldap server require strong auth = no
>         bind interfaces only = yes
>         interfaces = 127.0.0.1 192.168.1.40
> 
> [sysvol]
>         path = /var/lib/samba/sysvol
>         read only = No
> 
> [netlogon]
>         path = /var/lib/samba/sysvol/example.com/scripts
>         read only = No
> 

That appears to be from a Samba AD DC, if you are trying to join that
to Samba AD domain, then it shouldn't exist before the join and you
should be using samba-tool to join as a DC.

> like I said I can join fine if I eliminate the ipv6.disable=1 as the
> kpasswd5 port appears:
> 

Just exactly what are you doing ?

Rowland



More information about the samba mailing list