Web lists-archives.com

Re: [Samba] gpupdate - Failed to find DC1 in keytab




On Fri, 3 Feb 2017 17:39:17 +0100
Łukasz Sellmann via samba <samba@xxxxxxxxxxxxxxx> wrote:

> */etc/samba/smb.conf *
> 
> # Global parameters
> [global]
> 
>         workgroup = GSBK
>         realm = biuro.gsbk.pl
>         netbios name = DC1
>         server role = active directory domain controller
>         dns forwarder = 192.168.0.1
> 
>         ldap server require strong auth = no
>         allow dns updates = nonsecure and secure
>         require strong key = no
> 
>         vfs objects = acl_xattr
>         map acl inherit = yes
>         store dos attributes = yes
>         unix extensions = no
>         winbind nss info = rfc2307

OK, just who is it that is telling people to add the above five lines to
a DC smb.conf ???

Whoever it is, will they please stop doing it, or to put it another way:

Remove those lines, they should only be in a Unix domain member smb.conf

>         winbind enum users = yes
>         winbind enum groups = yes
>         idmap_ldb:use rfc2307 = yes
> 
> 
> [netlogon]
>         path = /var/lib/samba/sysvol/biuro.gsbk.pl/scripts
>         read only = no
>         browseable = no
> 
> [sysvol]
>         path = /var/lib/samba/sysvol
>         read only = no
>         browseable = no


Again, remove the browseable lines, there is no browsing on a Samba AD
DC.

> */etc/krb.conf*
> 
> [libdefaults]
>         default_realm = BIURO.GSBK.PL
>         dns_lookup_realm = false
>         dns_lookup_kdc = true
> 
> 
> */etc/hosts*
> 
> 192.168.0.3     DC1
> 127.0.0.1       localhost
> # The following lines are desirable for IPv6 capable hosts
> ::1     localhost ip6-localhost ip6-loopback
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
> 

The 192.168.0.3 line should be:
192.168.0.3	dc1.biuro.gsbk.pl dc1

Provided, of course, that DC1 has a fixed IP and it should have a fixed
IP

> */etc/hostname*
> 
> DC1
> 
> */etc/resolv.conf*
> 
> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by
> resolvconf(8)
> #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE
> OVERWRITTEN nameserver 192.168.0.3
> search biuro.gsbk.pl
>

I personally would remove resolvconf, it is totally unneeded on a
machine with a fixed IP
 
Rowland


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba