I've used the Samba AD DC HOWTO
<https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO> to install Samba 4
as an Active Directory/Domain Controller.
I've successfully configured the domain/realm and DNS (as far as I can
tell) and worked my way through Testing Your Samba Domain Controller
<https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Testing_Your_Samba_Domain_Controller>
and Testing DNS
<https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Testing_DNS>
segments without issue.
I'm having problems starting Kerberos, specifically, 'krb5-kdc' and
'krb5-admin-server'
It appears it cannot identify the realm/domain It appears Samba is not
identifying itself.
adam at sogo:~$ sudo service krb5-kdc start
* Starting Kerberos KDC krb5kdc
krb5kdc: Configuration file does not specify default realm, attempting
to retrieve default realm
adam at sogo:~$ sudo service krb5-admin-server start
* Starting Kerberos administrative servers kadmind
kadmind: Configuration file does not specify default realm while
initializing, aborting
I'm using Ubuntu 14.04 LTS I provisioned Samba as follows:
samba-tool domain provision --domain=SMBDOMAIN \
--dns-backend=SAMBA_INTERNAL --server-role=dc \
--function-level=2008_R2 --use-xattr=yes \
--use-rfc2307 --realm=smbdomain.com
Here's my 'smb.conf'
adam at sogo:~$ cat /etc/samba/smb.conf
# Global parameters
[global]
workgroup = SMBDOMAIN
realm = smbdomain.com
netbios name = SOGO
server role = active directory domain controller
dns forwarder = 192.168.121.1
idmap_ldb:use rfc2307 = yes
passdb backend = samba
allow dns updates = nonsecure
### Configuration required by OpenChange server ###
dcerpc endpoint servers = epmapper, mapiproxy, dnsserver
dcerpc_mapiproxy:server = true
dcerpc_mapiproxy:interfaces = exchange_emsmdb, exchange_nsp,
exchange_ds_rfr
### Configuration required by OpenChange server ###
mapistore:namedproperties = mysql
namedproperties:mysql_user = openchange-user
namedproperties:mysql_pass = passwd
namedproperties:mysql_host = localhost
namedproperties:mysql_db = openchange
mapistore:indexing_backend =
mysql://openchange-user:passwd at localhost/openchange
mapiproxy:openchangedb =
mysql://openchange-user:passwd at localhost/openchange
[netlogon]
path = /var/lib/samba/sysvol/smbdomain.com/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
Here's my 'kdc.conf'
adam at sogo:~$ sudo cat /etc/krb5kdc/kdc.conf
[kdcdefaults]
kdc_ports = 750,88
[realms]
SMBDOMAIN.COM = {
database_name = /var/lib/krb5kdc/principal
admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
acl_file = /etc/krb5kdc/kadm5.acl
key_stash_file = /etc/krb5kdc/stash
kdc_ports = 750,88
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
master_key_type = des3-hmac-sha1
supported_enctypes = aes256-cts:normal arcfour-hmac:normal
des3-hmac-sha1:normal des-cbc-crc:normal des:normal des:v4 des:norealm
des:onlyrealm des:afs3
default_principal_flags = +preauth
}
That is exactly as 'kdc.conf' was configured when I installed
'krb5-kdc'
& 'krb5-admin-server'
I've configured '/etc/network/interfaces' as follows:
adam at sogo:~$ cat /etc/network/interfaces
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.121.149
netmask 255.255.255.0
gateway 192.168.121.1
network 192.168.121.0
broadcast 192.168.121.255
domain smbdomain.com
dns-nameservers 127.0.0.1 192.168.121.1
Any suggestions? Thanks so much.
On 13/02/15 22:20, Steve Ankeny wrote:> I've used the Samba AD DC HOWTO > <https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO> to install Samba > 4 as an Active Directory/Domain Controller. > > I've successfully configured the domain/realm and DNS (as far as I can > tell) and worked my way through Testing Your Samba Domain Controller > <https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Testing_Your_Samba_Domain_Controller> > and Testing DNS > <https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Testing_DNS> > segments without issue. > > I'm having problems starting Kerberos, specifically, 'krb5-kdc' and > 'krb5-admin-server' > > It appears it cannot identify the realm/domain It appears Samba is > not identifying itself. > > adam at sogo:~$ sudo service krb5-kdc start > * Starting Kerberos KDC krb5kdc > krb5kdc: Configuration file does not specify default realm, attempting > to retrieve default realm > > adam at sogo:~$ sudo service krb5-admin-server start > * Starting Kerberos administrative servers kadmind > kadmind: Configuration file does not specify default realm while > initializing, aborting > > I'm using Ubuntu 14.04 LTS I provisioned Samba as follows: > > samba-tool domain provision --domain=SMBDOMAIN \ > --dns-backend=SAMBA_INTERNAL --server-role=dc \ > --function-level=2008_R2 --use-xattr=yes \ > --use-rfc2307 --realm=smbdomain.com > > Here's my 'smb.conf' > > adam at sogo:~$ cat /etc/samba/smb.conf > # Global parameters > [global] > workgroup = SMBDOMAIN > realm = smbdomain.com > netbios name = SOGO > server role = active directory domain controller > dns forwarder = 192.168.121.1 > idmap_ldb:use rfc2307 = yes > passdb backend = samba > allow dns updates = nonsecure > > ### Configuration required by OpenChange server ### > dcerpc endpoint servers = epmapper, mapiproxy, dnsserver > dcerpc_mapiproxy:server = true > dcerpc_mapiproxy:interfaces = exchange_emsmdb, exchange_nsp, > exchange_ds_rfr > ### Configuration required by OpenChange server ### > > mapistore:namedproperties = mysql > namedproperties:mysql_user = openchange-user > namedproperties:mysql_pass = passwd > namedproperties:mysql_host = localhost > namedproperties:mysql_db = openchange > mapistore:indexing_backend = > mysql://openchange-user:passwd at localhost/openchange > mapiproxy:openchangedb = > mysql://openchange-user:passwd at localhost/openchange > > [netlogon] > path = /var/lib/samba/sysvol/smbdomain.com/scripts > read only = No > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > Here's my 'kdc.conf' > > adam at sogo:~$ sudo cat /etc/krb5kdc/kdc.conf > [kdcdefaults] > kdc_ports = 750,88 > > [realms] > SMBDOMAIN.COM = { > database_name = /var/lib/krb5kdc/principal > admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab > acl_file = /etc/krb5kdc/kadm5.acl > key_stash_file = /etc/krb5kdc/stash > kdc_ports = 750,88 > max_life = 10h 0m 0s > max_renewable_life = 7d 0h 0m 0s > master_key_type = des3-hmac-sha1 > supported_enctypes = aes256-cts:normal arcfour-hmac:normal > des3-hmac-sha1:normal des-cbc-crc:normal des:normal des:v4 des:norealm > des:onlyrealm des:afs3 > default_principal_flags = +preauth > } > > That is exactly as 'kdc.conf' was configured when I installed > 'krb5-kdc' & 'krb5-admin-server' > > I've configured '/etc/network/interfaces' as follows: > > adam at sogo:~$ cat /etc/network/interfaces > > # The loopback network interface > auto lo > iface lo inet loopback > > # The primary network interface > auto eth0 > iface eth0 inet static > address 192.168.121.149 > netmask 255.255.255.0 > gateway 192.168.121.1 > network 192.168.121.0 > broadcast 192.168.121.255 > domain smbdomain.com > dns-nameservers 127.0.0.1 192.168.121.1 > > > Any suggestions? Thanks so much. >Yep, 'apt-get purge krb5-kdc krb5-admin-server' The kerberos server is built into the samba AD DC Rowland
On 13/02/15 22:48, Steve Ankeny wrote:> Thanks for the quick response! > > Do I still need the following packages? > > adam at sogo:~$ sudo dpkg --get-selections | grep krb5 > krb5-config install > krb5-user install > libgssapi-krb5-2:amd64 install > libkrb5-26-heimdal:amd64 install > libkrb5-3:amd64 install > libkrb5support0:amd64 install > > They were not listed in the "autoremove" message. > > On 02/13/2015 05:37 PM, Rowland Penny wrote: >> On 13/02/15 22:20, Steve Ankeny wrote: >>> I've used the Samba AD DC HOWTO >>> <https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO> to install >>> Samba 4 as an Active Directory/Domain Controller. >>> >>> I've successfully configured the domain/realm and DNS (as far as I >>> can tell) and worked my way through Testing Your Samba Domain >>> Controller >>> <https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Testing_Your_Samba_Domain_Controller> >>> and Testing DNS >>> <https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Testing_DNS> >>> segments without issue. >>> >>> I'm having problems starting Kerberos, specifically, 'krb5-kdc' and >>> 'krb5-admin-server' >>> >>> It appears it cannot identify the realm/domain It appears Samba is >>> not identifying itself. >>> >>> adam at sogo:~$ sudo service krb5-kdc start >>> * Starting Kerberos KDC krb5kdc >>> krb5kdc: Configuration file does not specify default realm, >>> attempting to retrieve default realm >>> >>> adam at sogo:~$ sudo service krb5-admin-server start >>> * Starting Kerberos administrative servers kadmind >>> kadmind: Configuration file does not specify default realm while >>> initializing, aborting >>> >>> I'm using Ubuntu 14.04 LTS I provisioned Samba as follows: >>> >>> samba-tool domain provision --domain=SMBDOMAIN \ >>> --dns-backend=SAMBA_INTERNAL --server-role=dc \ >>> --function-level=2008_R2 --use-xattr=yes \ >>> --use-rfc2307 --realm=smbdomain.com >>> >>> Here's my 'smb.conf' >>> >>> adam at sogo:~$ cat /etc/samba/smb.conf >>> # Global parameters >>> [global] >>> workgroup = SMBDOMAIN >>> realm = smbdomain.com >>> netbios name = SOGO >>> server role = active directory domain controller >>> dns forwarder = 192.168.121.1 >>> idmap_ldb:use rfc2307 = yes >>> passdb backend = samba >>> allow dns updates = nonsecure >>> >>> ### Configuration required by OpenChange server ### >>> dcerpc endpoint servers = epmapper, mapiproxy, dnsserver >>> dcerpc_mapiproxy:server = true >>> dcerpc_mapiproxy:interfaces = exchange_emsmdb, exchange_nsp, >>> exchange_ds_rfr >>> ### Configuration required by OpenChange server ### >>> >>> mapistore:namedproperties = mysql >>> namedproperties:mysql_user = openchange-user >>> namedproperties:mysql_pass = passwd >>> namedproperties:mysql_host = localhost >>> namedproperties:mysql_db = openchange >>> mapistore:indexing_backend = >>> mysql://openchange-user:passwd at localhost/openchange >>> mapiproxy:openchangedb = >>> mysql://openchange-user:passwd at localhost/openchange >>> >>> [netlogon] >>> path = /var/lib/samba/sysvol/smbdomain.com/scripts >>> read only = No >>> >>> [sysvol] >>> path = /var/lib/samba/sysvol >>> read only = No >>> >>> Here's my 'kdc.conf' >>> >>> adam at sogo:~$ sudo cat /etc/krb5kdc/kdc.conf >>> [kdcdefaults] >>> kdc_ports = 750,88 >>> >>> [realms] >>> SMBDOMAIN.COM = { >>> database_name = /var/lib/krb5kdc/principal >>> admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab >>> acl_file = /etc/krb5kdc/kadm5.acl >>> key_stash_file = /etc/krb5kdc/stash >>> kdc_ports = 750,88 >>> max_life = 10h 0m 0s >>> max_renewable_life = 7d 0h 0m 0s >>> master_key_type = des3-hmac-sha1 >>> supported_enctypes = aes256-cts:normal arcfour-hmac:normal >>> des3-hmac-sha1:normal des-cbc-crc:normal des:normal des:v4 >>> des:norealm des:onlyrealm des:afs3 >>> default_principal_flags = +preauth >>> } >>> >>> That is exactly as 'kdc.conf' was configured when I installed >>> 'krb5-kdc' & 'krb5-admin-server' >>> >>> I've configured '/etc/network/interfaces' as follows: >>> >>> adam at sogo:~$ cat /etc/network/interfaces >>> >>> # The loopback network interface >>> auto lo >>> iface lo inet loopback >>> >>> # The primary network interface >>> auto eth0 >>> iface eth0 inet static >>> address 192.168.121.149 >>> netmask 255.255.255.0 >>> gateway 192.168.121.1 >>> network 192.168.121.0 >>> broadcast 192.168.121.255 >>> domain smbdomain.com >>> dns-nameservers 127.0.0.1 192.168.121.1 >>> >>> >>> Any suggestions? Thanks so much. >>> >> >> Yep, 'apt-get purge krb5-kdc krb5-admin-server' >> >> The kerberos server is built into the samba AD DC >> >> Rowland >Yes, they are the client packages Rowland