deep27ak 05-21-2012 07:33 AM

samba4 configuration error

Can anyone here help me configure samba4 as PDC on CentOS6. I have tried samba3 but now I want to use samba4 because I am having some problems in running group policy using samba3 on windows 7.

I want to implement samba4 with kerberos and DNS server as per the howto tutorials on sambahowto homepage. But i am getting stucked at the DNS and kerberos part.

I have successfully configured DNS server. I have created these entries manually in the zone files as I couldnot locate any zone file which was supposed to be created automatically once i run the provision command. But I never got any error for all the commands before this one.

# host -t A has address

Here this is another error

# host -t SRV
Host not found: 3(NXDOMAIN)


host -t SRV
Host not found: 3(NXDOMAIN)


# nslookup


but I am not able to get a positive reply for kerberos

# kinit administrator@SAMDOM.EXAMPLE.COM
kinit: Cannot resolve network address for KDC in realm "SAMDOM.EXAMPLE.COM" while getting initial credentials

this is my /etc/krb5.conf file

 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

 default_realm = SAMDOM.EXAMPLE.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true

  kdc =
  admin_server =


heinblöd 05-22-2012 11:09 AM

Well I can't really help with this, but just two observations:

1. The use of "" like this from the tutorial may not be a good choice as it is a valid domain name

host has address has IPv6 address 2001:500:88:200::10

Maybe use the "samdom.mydomain.local" naming scheme, as it would be a convention (or just a habit, maybe) in Windows domains.

2. As far as I remember, the "_ldap._tcp" etc entries are pointers to the main domain in Windows PDC .
What if you just try to create them manually?
Or if it's those you already created manually, change the domainname.
I'm almost sure the host command is returning the real request from in this case

deep27ak 05-23-2012 02:38 AM

Thanks for the reply

well I was able to overcome that error and now my samba4 is working fine. I am able to join windows xp client to the domain without any registry changes but again I am facing some problem with windows 7

The windows 7 machine is able to join the server domain but while I try to login into the machine I receive an error

"trust relationship between this workstation and primary domain failed windows 7"

In samba3 when I used to get this error, I simply added the netbios name of client machine into the server machine using useradd but I don't get it, how can I do the same for samba4.

Even if I add the add machine script in /usr/local/samba/etc/smb.conf then i get a error
Unknown parameter encountered: "add machine script"
Ignoring unknown parameter "add machine script"
smbd version 4.0.0alpha6 started.
Copyright Andrew Tridgell and the Samba Team 1992-2009

have you faced any such issue or do you know any solution for the same?

