Web lists-archives.com

Re: [Samba] Setting up new samba-ac-dc on Ubuntu 18.04 - KDC not FOUND




Top posting, because I'm lazy. :)

I'm not at all sure this is correct, but...
...this sounds like a DNS resolution problem, and it may be related to systemd.resolved.

Louis did a walk-through on 18.04 AD setup a while back - it might be worth finding and reading. 

While Louis left systemd-resolved alone, and did some trickery to work with it, I have opted to disable systemd-resolved. [I wasn't able to get Louis's method to work - which is likely a result of self-inflicted issues, rather than Louis' walk-through being wrong.]

Here's how I do that.

---
systemctl mask systemd-resolved.service
systemctl stop systemd-resolved.service

#Remove the linked file
#resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
rm /etc/resolv.conf

nano /etc/resolv.conf
# ---
search ad.abc.local localdomain
nameserver 8.8.4.4
nameserver 8.8.8.8
#---
[We need resolvers other than the AD for now. We'll change it to 127.0.0.1 after the AD provision.]

---
After AD provision is successful...

#modify /etc/resolv.conf - point dns at itself 127.0.0.1
#Make sure your smb.conf has a properly configured dns forwarder configured.
nano /etc/resolv.conf
---
nameserver 127.0.0.1
search ad.abc.local localdomain
---

HTH

-Greg

RSAvs> I have been running a small domain for years. I finally decided to move
RSAvs> the domain to ad. I am also upgrading the server from Ubuntu i6.04 LTS
RSAvs> to 18.04 LTS

RSAvs> I installed the new server on a new RAID array and loaded the Ubuntu 
RSAvs> LAMP stack. I installed samba. I have gone through a few tutorials which
RSAvs> offer differing recommendation on some things. All were based on either
RSAvs> Debian or Ubuntu.

RSAvs> I seem to have successfully provisioned the DC but I cannot contact the
RSAvs> kerberos KDC
RSAvs> The /etc/krb5.conf contains:
>> {libdefaults]
>>         default_realm = ORLEANS.STEINMETZNET.COM
>>         dns_lookup_realm = false
>>         dns_lookup_kdc = true
RSAvs> kinit returns server not found.
>> $ kinit administrator@xxxxxxxxxxxxxxxxxxxxxxxx
>> kinit: Cannot find KDC for realm "ORLEANS.STEINMETZNET.COM" while 
>> getting initial credentials
RSAvs> Some of the other suggested test seem to work but give somewhat 
RSAvs> different results than the examples, particularly the smbclient tests.

RSAvs> I've searched around the net for a solution but haven't come up with one
RSAvs> yet.
RSAvs> Can I simply remove the Samba database files and re-provision the DC?



-- 
Gregory Sloop, Principal: Sloop Network & Computer Consulting
Voice: 503.251.0452 x82
EMail: gregs@xxxxxxxxx
http://www.sloop.net
---
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba