[Samba] IPV4 Only Environments Kpasswd5 Port 464 Not Showing when ipv6.disable=1 on Kernel CLI

Christian Naumer christian.naumer at greyfish.net
Sun Jan 12 06:41:10 UTC 2025


In your situation on Fedora you are not using the Samba buildin Heimdal KDC but the MIT KDC that might explain some differences between Rowland and you. 

Regards 

Christian 


Am 11. Januar 2025 21:18:23 MEZ schrieb Gregory Carter via samba <samba at lists.samba.org>:
>I have resolved this issue last night.
>
>The issue wasn't the ipv6.disable=1, it was a separate difference in the
>config files.
>
>I was using:
>
>>         bind interfaces only = yes
>>         interfaces = 127.0.0.1 192.168.1.40
>
>Mainly due to the fact that I plan on adding more ethernet interfaces later
>to the mail server, and I wanted to insure the configuration was explicit
>on what interfaces to run SAMBA AD on.
>
>However, kpasswd5 port will not bind to 192.168.1.40 in this configuration,
>only to 127.0.0.1 hence it won't show up in the config.
>
>So I removed the above statements from the config file and that seemed to
>fix the problem.
>
>Looking more closely at the syntax, maybe I need a subnet after the second
>IP address to make that work.
>
>I will be looking at that tonight.
>
>On Sat, Jan 11, 2025 at 1:38 AM Rowland Penny via samba <
>samba at lists.samba.org> wrote:
>
>> On Fri, 10 Jan 2025 15:07:34 -0700
>> Gregory Carter <gjcarter2 at gmail.com> wrote:
>>
>> > Well, if I eliminate the ipv6.disable-1 from the kernel command line
>> > everything works fine.  So I don't think it is a samba config issue
>> > per se, unless of course I need something specific for kpasswd5 port
>> > 464, but in any case.
>> >
>> > This AD server is a Fedora 41 box running
>>
>> I take it you are aware that the Fedora Samba packages are classed as
>> experimental because they use MIT kerberos ?
>>
>> >
>> > root at ad:~# uname -ra
>> > Linux ad.example.com 6.11.10-300.fc41.x86_64 #1 SMP PREEMPT_DYNAMIC
>> > Sat Nov 23 00:51:20 UTC 2024 x86_64 GNU/Linux
>> >
>> > Here is the join command:
>> >
>> > realm join --automatic-id-mapping=no ad.example.com
>>
>> No, that is the freeipa join command, the Samba one is:
>>
>> net ads join -U administrator
>>
>> >
>> > Here is the smb.conf file of the ad.example.com server:
>> > # Global parameters
>> > [global]
>> >         dns forwarder = 10.10.14.27,10.11.12.10
>> >         netbios name = AD
>> >         realm = EXAMPLE.COM
>> >         server role = active directory domain controller
>> >         workgroup = EXAMPLE
>> >         idmap_ldb:use rfc2307 = yes
>> >         ldap server require strong auth = no
>> >         bind interfaces only = yes
>> >         interfaces = 127.0.0.1 192.168.1.40
>> >
>> > [sysvol]
>> >         path = /var/lib/samba/sysvol
>> >         read only = No
>> >
>> > [netlogon]
>> >         path = /var/lib/samba/sysvol/example.com/scripts
>> >         read only = No
>> >
>>
>> That appears to be from a Samba AD DC, if you are trying to join that
>> to Samba AD domain, then it shouldn't exist before the join and you
>> should be using samba-tool to join as a DC.
>>
>> > like I said I can join fine if I eliminate the ipv6.disable=1 as the
>> > kpasswd5 port appears:
>> >
>>
>> Just exactly what are you doing ?
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba



More information about the samba mailing list