[SOLVED] Windows (Active Directory), Linux (BIND and SAMBA)

tquang · 11-08-2010, 02:44 AM

Hi eveybody!

I'm building system network with integrate betweens Windows and Linux, but I have problem for this when deploy. Above my config for each server:

Linux [smb.quangvps.local]:
_installed BIND and SAMBA

Windows [upgraded to dc.quangvps.local]:
_install AD with DNS using BIND (well done connecting to Linux).

However, problem occur in progress integrate SAMBA. Because Kerberos not found Windows AD, command/output

Code:

[root@smb ~]# kinit Administrator@QUANGVPS.LOCAL
kinit(v5): Cannot find KDC for requested realm while getting initial credentials

And, i tried with

Code:

[root@smb ~]# kinit Administrator@DC.QUANGVPS.LOCAL
kinit(v5): Cannot find KDC for requested realm while getting initial credentials

Yes, I known just edit BIND config, but really I don't know how can config exactly?

Because if "Windows AD" run by himself, it very easy.

Thank you.

=====

Post script:

Kerberos config

Code:

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = QUANGVPS.LOCAL
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 forwardable = yes

[realms]
 QUANGVPS.LOCAL = {
  kdc = dc.quangvps.local
  admin_server = dc.quangvps.local
  default_domain = quangvps.local
 }

[domain_realm]
 .quangvps.local = QUANGVPS.LOCAL
 quangvps.local = QUANGVPS.LOCAL

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }

d072330 · 11-08-2010, 05:10 PM

Try this. This is from my working configuration.

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = DIR.EXAMPLE.COM
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes

[realms]
DIR.EXAMPLE.COM = {
kdc = AD_Server_FQDN:88 # Kerberos—authentication system (port 88)
kdc = AD_Server_FQDN:88
kdc = AD_Server_FQDN:88
admin_server = AD_Server_FQDN:749 # Kerberos (protocol) administration (port 749)
}

[domain_realm]
dir.example.com = DIR.EXAMPLE.COM
.dir.example.com = DIR.EXAMPLE.COM

[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}

tquang · 11-15-2010, 12:42 AM

Thank d072330 replied.

I re-build with 3 server: 1DC - 1DNS - 1SMB

It's ok.

ganesh24pal@gmail.com · 11-15-2010, 01:55 AM

Hi,
Have good day.
Also create Additional Domain controller. It will help you.