Hello, i installed a SAMBA 4.7.4 AD Server on Ubuntu 18.04 (BETA). SAMBA4 was compiled from source. For MIT Keberos i also installed libkrb5-dev and krb5-kdc and compiled with the "--with-system-mitkrb5" option. The installation runs pretty good (some dependencies problem, solved manually). But now im not able to test kerberos: # kinit administrator --> kinit: Cannot find KDC for realm "ROOTRUDI.DE" while getting initial credentials. I followed all steps from samba.org: - https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC - https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller --> hanging on "Verifying Kerberos" # vim /usr/local/samba/private/kdc.conf ------------------------------------------------- [kdcdefaults] kdc_ports = 88 kdc_tcp_ports = 88 kadmind_port = 464 [realms] ROOTRUDI.DE = { } rootrudi.de = { } ROOTRUDI = { } [dbmodules] db_module_dir = /usr/local/samba/lib/krb5/plugins/kdb ROOTRUDI.DE = { db_library = samba } rootrudi.de = { db_library = samba } ROOTRUDI = { db_library = samba } [logging] kdc = FILE:/usr/local/samba/var/mit_kdc.log admin_server = FILE:/usr/local/samba/var/mit_kadmin.log ------------------------------------------------- # vim /etc/krb5.conf ------------------------------------------------- [libdefaults] default_realm = ROOTRUDI.DE dns_lookup_realm = false dns_lookup_kdc = true ------------------------------------------------- What does it mean in https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC: "Do not start the krb5kdc" manually" Best regards Micha
On Mon, 22 Jan 2018 21:04:22 +0100 Micha Ballmann via samba <samba at lists.samba.org> wrote:> Hello, > > i installed a SAMBA 4.7.4 AD Server on Ubuntu 18.04 (BETA). SAMBA4 > was compiled from source. For MIT Keberos i also installed > libkrb5-dev and krb5-kdc and compiled with the > "--with-system-mitkrb5" option. > > What does it mean in > https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC: > > "Do not start the krb5kdc" manually" >It means you shouldn't start the MIT kdc yourself, Samba will start this for you. Rowland
There is a script in /etc/init.d/krb5-kdc". Do i need remove this? Because this is trying to start automatic krb5kdc at reboot. Output from pstree and ps: # pstree | grep samba |-3*[samba] |-samba-+-samba---samba---smbd-+-cleanupd | |-10*[samba] | |-samba---samba---krb5kdc | `-samba---samba---winbindd---winbindd # ps axf 2129 ? Ss 0:00 samba 2130 ? S 0:00 \_ samba 2132 ? S 0:00 | \_ samba 2135 ? Ss 0:00 | \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground 2155 ? S 0:00 | \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground 2156 ? S 0:00 | \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground 2157 ? S 0:00 | \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground 2131 ? S 0:00 \_ samba 2133 ? S 0:00 \_ samba 2134 ? S 0:00 \_ samba 2136 ? S 0:00 \_ samba 2137 ? S 0:00 \_ samba 2138 ? S 0:00 \_ samba 2141 ? S 0:00 | \_ samba 2143 ? S 0:00 | \_ /usr/sbin/krb5kdc -n 2139 ? S 0:00 \_ samba 2140 ? S 0:00 \_ samba 2147 ? S 0:00 | \_ samba 2148 ? Ss 0:00 | \_ /usr/local/samba/sbin/winbindd -D --option=server role check:inhibit=yes --foreground 2159 ? S 0:00 | \_ /usr/local/samba/sbin/winbindd -D --option=server role check:inhibit=yes --foreground 2142 ? S 0:00 \_ samba 2144 ? S 0:00 \_ samba 2145 ? S 0:00 \_ samba 2146 ? S 0:00 \_ samba Looks fine? But also got same error: kinit: Cannot find KDC for realm "ROOTRUDI.DE" while getting initial credentials THY Micha Am 22. Januar 2018 21:04:22 MEZ schrieb Micha Ballmann <ballmann at uni-landau.de>:>Hello, > >i installed a SAMBA 4.7.4 AD Server on Ubuntu 18.04 (BETA). SAMBA4 was >compiled from source. For MIT Keberos i also installed libkrb5-dev and >krb5-kdc and compiled with the "--with-system-mitkrb5" option. > >The installation runs pretty good (some dependencies problem, solved >manually). But now im not able to test kerberos: > ># kinit administrator > >--> kinit: Cannot find KDC for realm "ROOTRUDI.DE" while getting >initial >credentials. > >I followed all steps from samba.org: > >- >https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC > >- >https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller > >--> hanging on "Verifying Kerberos" > > ># vim /usr/local/samba/private/kdc.conf >------------------------------------------------- >[kdcdefaults] > kdc_ports = 88 > kdc_tcp_ports = 88 > kadmind_port = 464 > >[realms] > ROOTRUDI.DE = { > } > > rootrudi.de = { > } > > ROOTRUDI = { > } > >[dbmodules] > db_module_dir = /usr/local/samba/lib/krb5/plugins/kdb > > ROOTRUDI.DE = { > db_library = samba > } > > rootrudi.de = { > db_library = samba > } > > ROOTRUDI = { > db_library = samba > } > >[logging] > kdc = FILE:/usr/local/samba/var/mit_kdc.log > admin_server = FILE:/usr/local/samba/var/mit_kadmin.log >------------------------------------------------- > ># vim /etc/krb5.conf >------------------------------------------------- >[libdefaults] > default_realm = ROOTRUDI.DE > dns_lookup_realm = false > dns_lookup_kdc = true >------------------------------------------------- > >What does it mean in >https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC: > >"Do not start the krb5kdc" manually" > >Best regards >Micha-- Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
On Mon, 22 Jan 2018 23:05:30 +0100 Micha Ballmann via samba <samba at lists.samba.org> wrote:> There is a script in /etc/init.d/krb5-kdc". Do i need remove this? > Because this is trying to start automatic krb5kdc at reboot. >You need to stop it running at boot, your OS should have some way of doing this. Rowland