samba4 configuration error

deep27ak · 05-21-2012, 07:33 AM

Hello

Can anyone here help me configure samba4 as PDC on CentOS6. I have tried samba3 but now I want to use samba4 because I am having some problems in running group policy using samba3 on windows 7.

I want to implement samba4 with kerberos and DNS server as per the howto tutorials on sambahowto homepage. But i am getting stucked at the DNS and kerberos part.

I have successfully configured DNS server. I have created these entries manually in the zone files as I couldnot locate any zone file which was supposed to be created automatically once i run the provision command. But I never got any error for all the commands before this one.

Code:

# host -t A samba.samdom.example.com.
samba.samdom.example.com has address 10.10.10.176

Here this is another error

Code:

# host -t SRV _ldap._tcp.samdom.example.com.
Host _ldap._tcp.samdom.example.com. not found: 3(NXDOMAIN)

Code:

host -t SRV _kerberos._udp.samdom.example.com.
Host _kerberos._udp.samdom.example.com. not found: 3(NXDOMAIN)

Code:

# nslookup kerberos.samdom.example.com
Server:         10.10.10.176
Address:        10.10.10.176#53

Name:   kerberos.samdom.example.com
Address: 10.10.10.176

but I am not able to get a positive reply for kerberos

Code:

# kinit administrator@SAMDOM.EXAMPLE.COM
kinit: Cannot resolve network address for KDC in realm "SAMDOM.EXAMPLE.COM" while getting initial credentials

this is my /etc/krb5.conf file

Code:

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = SAMDOM.EXAMPLE.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true

[realms]
 SAMDOM.EXAMPLE.COM = {
  kdc = kerberos.samdom.example.com
  admin_server = kerberos.samdom.example.com
 }

[domain_realm]
 .samdom.example.com = SAMDOM.EXAMPLE.COM
 samdom.example.com = SAMDOM.EXAMPLE.COM

heinblöd · 05-22-2012, 11:09 AM

Well I can't really help with this, but just two observations:

1. The use of "example.com" like this from the tutorial may not be a good choice as it is a valid domain name

Code:

host example.com
example.com has address 192.0.43.10
example.com has IPv6 address 2001:500:88:200::10

Maybe use the "samdom.mydomain.local" naming scheme, as it would be a convention (or just a habit, maybe) in Windows domains.

2. As far as I remember, the "_ldap._tcp" etc entries are pointers to the main domain in Windows PDC .
What if you just try to create them manually?
Or if it's those you already created manually, change the domainname.
I'm almost sure the host command is returning the real request from example.com in this case

deep27ak · 05-23-2012, 02:38 AM

Thanks for the reply

well I was able to overcome that error and now my samba4 is working fine. I am able to join windows xp client to the domain without any registry changes but again I am facing some problem with windows 7

The windows 7 machine is able to join the server domain but while I try to login into the machine I receive an error

"trust relationship between this workstation and primary domain failed windows 7"

In samba3 when I used to get this error, I simply added the netbios name of client machine into the server machine using useradd but I don't get it, how can I do the same for samba4.

Even if I add the add machine script in /usr/local/samba/etc/smb.conf then i get a error
Unknown parameter encountered: "add machine script"
Ignoring unknown parameter "add machine script"
smbd version 4.0.0alpha6 started.
Copyright Andrew Tridgell and the Samba Team 1992-2009

have you faced any such issue or do you know any solution for the same?