Am 2016-12-01 um 13:19 schrieb Rowland Penny via samba:> You should have seen a line like this towards to the end of the upgrade: > > Administrator password has been set to password of user > > But it is usually the 'root' user password.Ah, yes, I should have remembered reading that. Unfortunately it isn't working for me, yet. in my test VM I rm-ed /var/lib/samba/private/* explicitly set passwd for root again re-ran classicupgrade ln -sf /var/lib/samba/private/krb5.conf /etc/krb5.conf and kinit fails for me: # kinit Administrator at my.tld kinit: Cannot find KDC for realm "my.tld" while getting initial credentials - krb5.conf only contains: # cat /etc/krb5.conf [libdefaults] default_realm = MY.TLD dns_lookup_realm = false dns_lookup_kdc = true ? I played around and edited it like: # cat /etc/krb5.conf [libdefaults] default_realm = my.tld dns_lookup_realm = false dns_lookup_kdc = true [realms] my.tld = { kdc = mypdc admin_server = mypdc default_domain = my.tld kpasswd_server = mypdc } [domain_realm] .my.tld = my.tld my.tld = my.tld - Then I get: # kinit Administrator at my.tld Password for Administrator at my.tld: kinit: Preauthentication failed while getting initial credentials same for # kinit Administrator at MY.TLD # kinit Administrator
I want too much it seems. NT4-domain was "OFFICE", and I ran classicupgrade with "--realm=my.tld" as I wanted to rename the domain to the company's name (TLD) during the conversion. I assume that is too much at once?
On Thu, 1 Dec 2016 15:15:18 +0100 "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:> Am 2016-12-01 um 13:19 schrieb Rowland Penny via samba: > > > You should have seen a line like this towards to the end of the > > upgrade: > > > > Administrator password has been set to password of user > > > > But it is usually the 'root' user password. > > Ah, yes, I should have remembered reading that. > Unfortunately it isn't working for me, yet. > > in my test VM > > I rm-ed /var/lib/samba/private/* > > explicitly set passwd for root again > > re-ran classicupgrade > > ln -sf /var/lib/samba/private/krb5.conf /etc/krb5.conf > > and kinit fails for me: > > # kinit Administrator at my.tld > kinit: Cannot find KDC for realm "my.tld" while getting initial > credentials > > - > > krb5.conf only contains: > > # cat /etc/krb5.conf > [libdefaults] > default_realm = MY.TLD > dns_lookup_realm = false > dns_lookup_kdc = true > > ?Yes, that is all you need (to be honest, you only need the first and second lines ) If I do this on a domain member it works: kinit administrator Password for administrator at SAMDOM.EXAMPLE.COM: klist Ticket cache: FILE:/tmp/krb5cc_10000_EyqmGz Default principal: administrator at SAMDOM.EXAMPLE.COM Valid starting Expires Service principal 01/12/16 14:39:13 02/12/16 00:39:13 krbtgt/SAMDOM.EXAMPLE.COM at SAMDOM.EXAMPLE.COM renew until 02/12/16 14:39:04 and on a DC: kinit administrator Password for administrator at SAMDOM.EXAMPLE.COM: klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrator at SAMDOM.EXAMPLE.COM Valid starting Expires Service principal 01/12/16 14:42:45 02/12/16 00:42:45 krbtgt/SAMDOM.EXAMPLE.COM at SAMDOM.EXAMPLE.COM renew until 02/12/16 14:42:39 Have you altered /etc/resolv.conf, on the DC, to use its own ip as the first nameserver ? Rowland
On Thu, 1 Dec 2016 15:38:16 +0100 "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:> > I want too much it seems. > > NT4-domain was "OFFICE", and I ran classicupgrade with > "--realm=my.tld" as I wanted to rename the domain to the company's > name (TLD) during the conversion. > > I assume that is too much at once? > >No, NT4-domain and realm are different and I don't think you can actually set the realm that way. NT4-domain has a few names, 'workgroup' or 'netbiosname' being the two main ones. realm is always the domain name in uppercase. You should either have seen this: No realm specified in smb.conf file and being a DC. That upgrade path doesn't work! Please add a 'realm' directive to your old smb.conf to let us know which one you want to use (it is the DNS name of the AD domain you wish to create. Or this: No realm specified in smb.conf file, assuming '%s' (with '%s' being replaced with the dns domain name) If you are unsure just which REALM name you are using, it will be shown in the krb5.conf file the upgrade created, or you could run: ldbedit -e nano -H /usr/local/samba/private/sam.ldb This will display the entire AD database and your realm will be the last part of any 'dn' and will be something like: DC=samdom,DC=example,DC=com Rowland
Am 2016-12-01 um 15:41 schrieb Rowland Penny via samba:> Have you altered /etc/resolv.conf, on the DC, to use its own ip as the > first nameserver ?That change seems to have fixed it! I added that now to network config for the VM. klist ok now step by step ;-) thanks