[Samba] Fwd: No DNS/Kerberos after DC OS upgrade
Nicolas Canonne
me at electronico.nc
Sun Mar 30 08:30:03 UTC 2025
Le 30/03/2025 à 19:04, Rowland Penny via samba a écrit :
> First, you do not have a 'main' DC, you just have DCs, it is just that
> one of them holds the FSMO roles.
>
> And from what you posted, it doesn't look like DC2 holds any of the
> FSMO roles, it certainly doesn't hold the PDC_Emulator role.
>
> Here is what I suggest you do:
> Transfer all the FSMO roles to DC2 (seize them if you have to).
> Demote DC1 and turn it off.
> Install Debian 12 and use backports.
> This will get you Samba 4.21.4 , 4.19.5 is EOL from the Samba point of
> view.
> Join this as a new DC
>
> Rowland
>
Rowland,
The problem is that I'm on remote location, doing all things via SSH
So, this Debian12 OS change is not possible before a lot of hours and
whole AD is off at site
it really looks like Kerberos is broken
> @dc1:~$ klist
> klist: No credentials cache found (filename: /tmp/krb5cc_1000)
> @dc1:~$ cat /etc/krb5.conf
> [libdefaults]
> default_realm = SMB.RDK.NC
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
> rdns = false
> [realms]
> SMB.RDK.NC = {
> default_domain = smb.rdk.nc
> }
>
> [domain_realm]
> dc1 = SMB.RDK.NC
> @dc2:~$ klist
> klist: No credentials cache found (filename: /tmp/krb5cc_1000)
> @dc2:~$ cat /etc/krb5.conf
> [libdefaults]
> default_realm = SMB.RDK.NC
> dns_lookup_realm = false
> dns_lookup_kdc = true
May you please try to assist a bit more ?
Thanks, once more, for your help
Nicolas
Electronico
NEW-CALEDONIA (South Pacific)
More information about the samba
mailing list