Hi there,
I am struggling with samba4 and the internal dns and kerberos.
It seems that DNS is the problem.
When I aske for kerberos dns entrys on my workstation, I get this
(11.22.33.202 is the samba4 server):
root at lit2:~# dig _kerberos._udp.DOMAIN.LOCAL @11.22.33.202
; <<>> DiG 9.7.3 <<>> _kerberos._udp.DOMAIN.LOCAL
@11.22.33.202
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3733
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;_kerberos._udp.DOMAIN.LOCAL. IN A
;; Query time: 1 msec
;; SERVER: 11.22.33.202#53(11.22.33.202)
;; WHEN: Wed Sep 4 10:10:33 2013
;; MSG SIZE rcvd: 48
But if I ask the samba directly:
root at linsrv:~# samba-tool dns query 11.22.33.202 DOMAIN.LOCAL
_kerberos._udp ALL
Password for [Administrator at DOMAIN.LOCAL]:
Name=, Records=1, Children=0
SRV: linsrv.domain.local. (88, 0, 100) (flags=f0, serial=110, ttl=900)
root at linsrv:~# samba-tool dns query 11.22.33.202 DOMAIN.LOCAL linsrv ALL
Password for [Administrator at DOMAIN.LOCAL]:
Name=, Records=1, Children=0
A: 11.22.33.202 (flags=f0, serial=110, ttl=900)
It seems that the entries from the dns database don't get
"propagated"
to the dns server and I tried a "samba_dnsupdate --verbose
--all-names".
This is the result (with 'debug level = 10'):
root at linsrv:/usr/local/samba# samba_dnsupdate --verbose --all-names
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
scavenger: 10
dns: 10
ldb: 10
Processing section "[netlogon]"
Processing section "[sysvol]"
Processing section "[profiles]"
Processing section "[homes]"
Processing section "[daten]"
Processing section "[install]"
Processing section "[winupdate]"
pm_process() returned Yes
added interface eth0 ip=11.22.33.202 bcast=11.22.33.255
netmask=255.255.255.0
IPs: ['11.22.33.202']
Security token SIDs (1):
SID[ 0]: S-1-5-18
Privileges (0xFFFFFFFFFFFFFFFF):
Privilege[ 0]: SeMachineAccountPrivilege
Privilege[ 1]: SeTakeOwnershipPrivilege
Privilege[ 2]: SeBackupPrivilege
Privilege[ 3]: SeRestorePrivilege
Privilege[ 4]: SeRemoteShutdownPrivilege
Privilege[ 5]: SePrintOperatorPrivilege
Privilege[ 6]: SeAddUsersPrivilege
Privilege[ 7]: SeDiskOperatorPrivilege
Privilege[ 8]: SeSecurityPrivilege
Privilege[ 9]: SeSystemtimePrivilege
Privilege[ 10]: SeShutdownPrivilege
Privilege[ 11]: SeDebugPrivilege
Privilege[ 12]: SeSystemEnvironmentPrivilege
Privilege[ 13]: SeSystemProfilePrivilege
Privilege[ 14]: SeProfileSingleProcessPrivilege
Privilege[ 15]: SeIncreaseBasePriorityPrivilege
Privilege[ 16]: SeLoadDriverPrivilege
Privilege[ 17]: SeCreatePagefilePrivilege
Privilege[ 18]: SeIncreaseQuotaPrivilege
Privilege[ 19]: SeChangeNotifyPrivilege
Privilege[ 20]: SeUndockPrivilege
Privilege[ 21]: SeManageVolumePrivilege
Privilege[ 22]: SeImpersonatePrivilege
Privilege[ 23]: SeCreateGlobalPrivilege
Privilege[ 24]: SeEnableDelegationPrivilege
Rights (0x 0):
lpcfg_servicenumber: couldn't find ldb
schema_fsmo_init: we are master[yes] updates allowed[yes]
ldb: ldb_trace_request: SEARCH
dn: @MODULES
scope: base
expr: (@LIST=*)
attr: @LIST
control: <NONE>
ldb: ldb_trace_request: (tdb)->search
ldb: Added timed event "ltdb_callback": 0x1bc3540
ldb: Added timed event "ltdb_timeout": 0x26e86f0
ldb: Running timer event 0x1bc3540 "ltdb_callback"
ldb: ldb_trace_response: ENTRY
dn: @MODULES
@LIST: samba_secrets
ldb: Destroying timer event 0x26e86f0 "ltdb_timeout"
ldb: Ending timer event 0x1bc3540 "ltdb_callback"
ldb: ldb_trace_request: REGISTER_CONTROL
1.2.840.113556.1.4.1413
control: <NONE>
ldb: ldb_asprintf/set_errstring: unable to find module or backend to
handle operation: request
ldb: ldb_trace_request: SEARCH
dn: <rootDSE>
scope: base
expr: (objectClass=*)
attr: rootDomainNamingContext
attr: configurationNamingContext
attr: schemaNamingContext
attr: defaultNamingContext
control: <NONE>
ldb: ldb_trace_request: (rdn_name)->search
ldb: ldb_trace_next_request: (tdb)->search
ldb: Added timed event "ltdb_callback": 0x2b4a450
ldb: Added timed event "ltdb_timeout": 0x1fc5d10
ldb: Running timer event 0x2b4a450 "ltdb_callback"
ldb: ldb_asprintf/set_errstring: NULL Base DN invalid for a base search
ldb: Destroying timer event 0x1fc5d10 "ltdb_timeout"
ldb: Ending timer event 0x2b4a450 "ltdb_callback"
ldb_wrap open of secrets.ldb
ldb: ldb_trace_request: SEARCH
dn: cn=Primary Domains
scope: sub
expr: (&(flatname=DOMAIN)(objectclass=primaryDomain))
attr: <ALL>
control: <NONE>
ldb: ldb_trace_request: (rdn_name)->search
ldb: ldb_trace_next_request: (tdb)->search
ldb: Added timed event "ltdb_callback": 0x238f910
ldb: Added timed event "ltdb_timeout": 0x2948fe0
ldb: Running timer event 0x238f910 "ltdb_callback"
ldb: ldb_trace_response: ENTRY
dn: flatname=DOMAIN,cn=Primary Domains
msDS-KeyVersionNumber: 1
objectClass: top
objectClass: primaryDomain
objectClass: kerberosSecret
objectSid: S-1-5-21-1406441594-952197255-810364793
privateKeytab: secrets.keytab
realm: DOMAIN.LOCAL
saltPrincipal: host/linsrv.domain.local at DOMAIN.LOCAL
samAccountName: LINSRV$
secret:
q~;iioq&Tf$JL6[]94jYps4+P<$$.HHk2vNoM8?&MO-HEfWN:cc<v>$8XJmos;Jbj59[z(
BW=+3wZ>Lra&mBWCZBiUzBQwsBVE]O&XK:X)<JX~OTZwkIRU4j?h]Pj3CND;T at
9q$!WDbyew+HTAm
k%F?o at P7GPAj&QnhNKBhK$r
secureChannelType: 6
servicePrincipalName: HOST/linsrv
servicePrincipalName: HOST/linsrv.domain.local
objectGUID: c4f058db-ed80-466a-9b08-1ceb78957aa7
whenCreated: 20130816104951.0Z
whenChanged: 20130816104951.0Z
uSNCreated: 7
uSNChanged: 7
name: DOMAIN
flatname: DOMAIN
distinguishedName: flatname=DOMAIN,cn=Primary Domains
ldb: Destroying timer event 0x2948fe0 "ltdb_timeout"
ldb: Ending timer event 0x238f910 "ltdb_callback"
Traceback (most recent call last):
File "/usr/local/samba/sbin/samba_dnsupdate", line 506, in
<module>
get_credentials(lp)
File "/usr/local/samba/sbin/samba_dnsupdate", line 119, in
get_credentials
creds.get_named_ccache(lp, ccachename)
RuntimeError: kinit for LINSRV$@DOMAIN.LOCAL failed (Cannot contact any
KDC for requested realm)
But Kerberos ist working:
root at linsrv:/usr/local/samba# kinit administrator at DOMAIN.LOCAL
Password for administrator at DOMAIN.LOCAL:
Warning: Your password will expire in 980 days on Wed May 11 12:49:49 2016
root at linsrv:/usr/local/samba# klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator at DOMAIN.LOCAL
Valid starting Expires Service principal
2013-09-04 11:08:51 2013-09-04 21:08:51 krbtgt/DOMAIN.LOCAL at DOMAIN.LOCAL
renew until 2013-09-05 11:08:47, Etype (skey, tkt):
arcfour-hmac, arcfour-hmac
I have no idea how to fix it and would be very glad if someone may help.
root at linsrv:/usr/local/samba# samba --version
Version 4.0.9
root at linsrv:/usr/local/samba# cat /etc/debian_version
7.1
root at linsrv:/usr/local/samba# uname -a
Linux linsrv 3.2.0-4-amd64 #1 SMP Debian 3.2.46-1 x86_64 GNU/Linux
Best regards!
--
Thomas Zeitinger
Kundenbetreuung
IT-Quadrat EDV Dienstleistungs- und Handels GmbH
Krongasse 8/2 A-1050 Wien
Tel: +43 (1) 311 44 00 - 10
Fax: +43 (1) 311 44 00 - 90
Thomas.Zeitinger at it2.at
www.it2.at
FN 287345t
UID ATU63123113
re,
found something different, but important:
root at linsrv:~# kinit LINSRV$@DOMAIN.LOCAL
kinit: Client not found in Kerberos database while getting initial
credentials
root at linsrv:~# kinit administrator at DOMAIN.LOCAL
Password for administrator at DOMAIN.LOCAL:
Warning: Your password will expire in 979 days on Wed May 11 12:49:49 2016
-> Kerberos is working, but not for the machine!
But the Account exist:
root at linsrv:~# wbinfo -i LINSRV$
DOMAIN\LINSRV$:*:3000023:3000024::/home/DOMAIN/LINSRV$:/bin/false
I looked for the Kerberos Keytab in /etc/krb5.keytab, but there is none.
So I created a new:
samba-tool domain exportkeytab /etc/krb5.keytab
and did the dnsupdate again:
root at linsrv:~# samba_dnsupdate --verbose --all-names
IPs: ['172.16.0.202']
Traceback (most recent call last):
File "/usr/local/samba/sbin/samba_dnsupdate", line 506, in
<module>
get_credentials(lp)
File "/usr/local/samba/sbin/samba_dnsupdate", line 119, in
get_credentials
creds.get_named_ccache(lp, ccachename)
RuntimeError: kinit for LINSRV$@DOMAIN.LOCAL failed (Cannot contact any
KDC for requested realm)
and again the different error message with kinit:
root at linsrv:~# kinit LINSRV$@ITQUADRAT.LOCAL
kinit: Client not found in Kerberos database while getting initial
credentials
But the account is in the Kerberus DB:
root at linsrv:~# klist -k /etc/krb5.keytab
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
----
--------------------------------------------------------------------------
1 LINSRV$@DOMAIN.LOCAL
1 LINSRV$@DOMAIN.LOCAL
1 LINSRV$@DOMAIN.LOCAL
[...]
So, again no idea :-/ Anybody?
Thanks and best regards
Tom
On 2013-09-04 11:13, Thomas Zeitinger wrote:> Hi there,
>
> I am struggling with samba4 and the internal dns and kerberos.
>
> It seems that DNS is the problem.
>
> When I aske for kerberos dns entrys on my workstation, I get this
> (11.22.33.202 is the samba4 server):
>
> root at lit2:~# dig _kerberos._udp.DOMAIN.LOCAL @11.22.33.202
>
> ; <<>> DiG 9.7.3 <<>> _kerberos._udp.DOMAIN.LOCAL
@11.22.33.202
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3733
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;_kerberos._udp.DOMAIN.LOCAL. IN A
>
> ;; Query time: 1 msec
> ;; SERVER: 11.22.33.202#53(11.22.33.202)
> ;; WHEN: Wed Sep 4 10:10:33 2013
> ;; MSG SIZE rcvd: 48
>
>
> But if I ask the samba directly:
>
> root at linsrv:~# samba-tool dns query 11.22.33.202 DOMAIN.LOCAL
> _kerberos._udp ALL
> Password for [Administrator at DOMAIN.LOCAL]:
> Name=, Records=1, Children=0
> SRV: linsrv.domain.local. (88, 0, 100) (flags=f0, serial=110, ttl=900)
>
> root at linsrv:~# samba-tool dns query 11.22.33.202 DOMAIN.LOCAL linsrv ALL
> Password for [Administrator at DOMAIN.LOCAL]:
> Name=, Records=1, Children=0
> A: 11.22.33.202 (flags=f0, serial=110, ttl=900)
>
>
> It seems that the entries from the dns database don't get
"propagated"
> to the dns server and I tried a "samba_dnsupdate --verbose
--all-names".
>
> This is the result (with 'debug level = 10'):
>
> root at linsrv:/usr/local/samba# samba_dnsupdate --verbose --all-names
> INFO: Current debug levels:
> all: 10
> tdb: 10
> printdrivers: 10
> lanman: 10
> smb: 10
> rpc_parse: 10
> rpc_srv: 10
> rpc_cli: 10
> passdb: 10
> sam: 10
> auth: 10
> winbind: 10
> vfs: 10
> idmap: 10
> quota: 10
> acls: 10
> locking: 10
> msdfs: 10
> dmapi: 10
> registry: 10
> scavenger: 10
> dns: 10
> ldb: 10
> Processing section "[netlogon]"
> Processing section "[sysvol]"
> Processing section "[profiles]"
> Processing section "[homes]"
> Processing section "[daten]"
> Processing section "[install]"
> Processing section "[winupdate]"
> pm_process() returned Yes
> added interface eth0 ip=11.22.33.202 bcast=11.22.33.255
> netmask=255.255.255.0
> IPs: ['11.22.33.202']
> Security token SIDs (1):
> SID[ 0]: S-1-5-18
> Privileges (0xFFFFFFFFFFFFFFFF):
> Privilege[ 0]: SeMachineAccountPrivilege
> Privilege[ 1]: SeTakeOwnershipPrivilege
> Privilege[ 2]: SeBackupPrivilege
> Privilege[ 3]: SeRestorePrivilege
> Privilege[ 4]: SeRemoteShutdownPrivilege
> Privilege[ 5]: SePrintOperatorPrivilege
> Privilege[ 6]: SeAddUsersPrivilege
> Privilege[ 7]: SeDiskOperatorPrivilege
> Privilege[ 8]: SeSecurityPrivilege
> Privilege[ 9]: SeSystemtimePrivilege
> Privilege[ 10]: SeShutdownPrivilege
> Privilege[ 11]: SeDebugPrivilege
> Privilege[ 12]: SeSystemEnvironmentPrivilege
> Privilege[ 13]: SeSystemProfilePrivilege
> Privilege[ 14]: SeProfileSingleProcessPrivilege
> Privilege[ 15]: SeIncreaseBasePriorityPrivilege
> Privilege[ 16]: SeLoadDriverPrivilege
> Privilege[ 17]: SeCreatePagefilePrivilege
> Privilege[ 18]: SeIncreaseQuotaPrivilege
> Privilege[ 19]: SeChangeNotifyPrivilege
> Privilege[ 20]: SeUndockPrivilege
> Privilege[ 21]: SeManageVolumePrivilege
> Privilege[ 22]: SeImpersonatePrivilege
> Privilege[ 23]: SeCreateGlobalPrivilege
> Privilege[ 24]: SeEnableDelegationPrivilege
> Rights (0x 0):
> lpcfg_servicenumber: couldn't find ldb
> schema_fsmo_init: we are master[yes] updates allowed[yes]
> ldb: ldb_trace_request: SEARCH
> dn: @MODULES
> scope: base
> expr: (@LIST=*)
> attr: @LIST
> control: <NONE>
>
> ldb: ldb_trace_request: (tdb)->search
> ldb: Added timed event "ltdb_callback": 0x1bc3540
>
> ldb: Added timed event "ltdb_timeout": 0x26e86f0
>
> ldb: Running timer event 0x1bc3540 "ltdb_callback"
>
> ldb: ldb_trace_response: ENTRY
> dn: @MODULES
> @LIST: samba_secrets
>
>
>
> ldb: Destroying timer event 0x26e86f0 "ltdb_timeout"
>
> ldb: Ending timer event 0x1bc3540 "ltdb_callback"
>
> ldb: ldb_trace_request: REGISTER_CONTROL
> 1.2.840.113556.1.4.1413
> control: <NONE>
>
> ldb: ldb_asprintf/set_errstring: unable to find module or backend to
> handle operation: request
> ldb: ldb_trace_request: SEARCH
> dn: <rootDSE>
> scope: base
> expr: (objectClass=*)
> attr: rootDomainNamingContext
> attr: configurationNamingContext
> attr: schemaNamingContext
> attr: defaultNamingContext
> control: <NONE>
>
> ldb: ldb_trace_request: (rdn_name)->search
> ldb: ldb_trace_next_request: (tdb)->search
> ldb: Added timed event "ltdb_callback": 0x2b4a450
>
> ldb: Added timed event "ltdb_timeout": 0x1fc5d10
>
> ldb: Running timer event 0x2b4a450 "ltdb_callback"
>
> ldb: ldb_asprintf/set_errstring: NULL Base DN invalid for a base search
> ldb: Destroying timer event 0x1fc5d10 "ltdb_timeout"
>
> ldb: Ending timer event 0x2b4a450 "ltdb_callback"
>
> ldb_wrap open of secrets.ldb
> ldb: ldb_trace_request: SEARCH
> dn: cn=Primary Domains
> scope: sub
> expr: (&(flatname=DOMAIN)(objectclass=primaryDomain))
> attr: <ALL>
> control: <NONE>
>
> ldb: ldb_trace_request: (rdn_name)->search
> ldb: ldb_trace_next_request: (tdb)->search
> ldb: Added timed event "ltdb_callback": 0x238f910
>
> ldb: Added timed event "ltdb_timeout": 0x2948fe0
>
> ldb: Running timer event 0x238f910 "ltdb_callback"
>
> ldb: ldb_trace_response: ENTRY
> dn: flatname=DOMAIN,cn=Primary Domains
> msDS-KeyVersionNumber: 1
> objectClass: top
> objectClass: primaryDomain
> objectClass: kerberosSecret
> objectSid: S-1-5-21-1406441594-952197255-810364793
> privateKeytab: secrets.keytab
> realm: DOMAIN.LOCAL
> saltPrincipal: host/linsrv.domain.local at DOMAIN.LOCAL
> samAccountName: LINSRV$
> secret:
>
q~;iioq&Tf$JL6[]94jYps4+P<$$.HHk2vNoM8?&MO-HEfWN:cc<v>$8XJmos;Jbj59[z(
>
BW=+3wZ>Lra&mBWCZBiUzBQwsBVE]O&XK:X)<JX~OTZwkIRU4j?h]Pj3CND;T at
9q$!WDbyew+HTAm
> k%F?o at P7GPAj&QnhNKBhK$r
> secureChannelType: 6
> servicePrincipalName: HOST/linsrv
> servicePrincipalName: HOST/linsrv.domain.local
> objectGUID: c4f058db-ed80-466a-9b08-1ceb78957aa7
> whenCreated: 20130816104951.0Z
> whenChanged: 20130816104951.0Z
> uSNCreated: 7
> uSNChanged: 7
> name: DOMAIN
> flatname: DOMAIN
> distinguishedName: flatname=DOMAIN,cn=Primary Domains
>
>
>
> ldb: Destroying timer event 0x2948fe0 "ltdb_timeout"
>
> ldb: Ending timer event 0x238f910 "ltdb_callback"
>
> Traceback (most recent call last):
> File "/usr/local/samba/sbin/samba_dnsupdate", line 506, in
<module>
> get_credentials(lp)
> File "/usr/local/samba/sbin/samba_dnsupdate", line 119, in
get_credentials
> creds.get_named_ccache(lp, ccachename)
> RuntimeError: kinit for LINSRV$@DOMAIN.LOCAL failed (Cannot contact any
> KDC for requested realm)
>
>
> But Kerberos ist working:
>
> root at linsrv:/usr/local/samba# kinit administrator at DOMAIN.LOCAL
> Password for administrator at DOMAIN.LOCAL:
> Warning: Your password will expire in 980 days on Wed May 11 12:49:49 2016
> root at linsrv:/usr/local/samba# klist -e
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: administrator at DOMAIN.LOCAL
>
> Valid starting Expires Service principal
> 2013-09-04 11:08:51 2013-09-04 21:08:51 krbtgt/DOMAIN.LOCAL at
DOMAIN.LOCAL
> renew until 2013-09-05 11:08:47, Etype (skey, tkt):
> arcfour-hmac, arcfour-hmac
>
>
> I have no idea how to fix it and would be very glad if someone may help.
>
>
> root at linsrv:/usr/local/samba# samba --version
> Version 4.0.9
> root at linsrv:/usr/local/samba# cat /etc/debian_version
> 7.1
> root at linsrv:/usr/local/samba# uname -a
> Linux linsrv 3.2.0-4-amd64 #1 SMP Debian 3.2.46-1 x86_64 GNU/Linux
>
>
> Best regards!
>
--
Thomas Zeitinger
Kundenbetreuung
IT-Quadrat EDV Dienstleistungs- und Handels GmbH
Krongasse 8/2 A-1050 Wien
Tel: +43 (1) 311 44 00 - 10
Fax: +43 (1) 311 44 00 - 90
Thomas.Zeitinger at it2.at
www.it2.at
FN 287345t
UID ATU63123113
Hi there, a few days ago I tried to install a print spooler with samba4 and in the installation process the "avahi-daemon" was installed. This daemon prevented the samba4 internal dns from working fully.... The solution: "apt-get --purge remove avahi-daemon" Now everything is working like beast ;-) Best regards Tom On 2013-09-04 11:13, Thomas Zeitinger wrote:> Hi there, > > I am struggling with samba4 and the internal dns and kerberos. > > It seems that DNS is the problem. > > When I aske for kerberos dns entrys on my workstation, I get this > (11.22.33.202 is the samba4 server): > > root at lit2:~# dig _kerberos._udp.DOMAIN.LOCAL @11.22.33.202 > > ; <<>> DiG 9.7.3 <<>> _kerberos._udp.DOMAIN.LOCAL @11.22.33.202 > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3733 > ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > ;_kerberos._udp.DOMAIN.LOCAL. IN A > > ;; Query time: 1 msec > ;; SERVER: 11.22.33.202#53(11.22.33.202) > ;; WHEN: Wed Sep 4 10:10:33 2013 > ;; MSG SIZE rcvd: 48 > > > But if I ask the samba directly: > > root at linsrv:~# samba-tool dns query 11.22.33.202 DOMAIN.LOCAL > _kerberos._udp ALL > Password for [Administrator at DOMAIN.LOCAL]: > Name=, Records=1, Children=0 > SRV: linsrv.domain.local. (88, 0, 100) (flags=f0, serial=110, ttl=900) > > root at linsrv:~# samba-tool dns query 11.22.33.202 DOMAIN.LOCAL linsrv ALL > Password for [Administrator at DOMAIN.LOCAL]: > Name=, Records=1, Children=0 > A: 11.22.33.202 (flags=f0, serial=110, ttl=900) > > > It seems that the entries from the dns database don't get "propagated" > to the dns server and I tried a "samba_dnsupdate --verbose --all-names". > > This is the result (with 'debug level = 10'): > > root at linsrv:/usr/local/samba# samba_dnsupdate --verbose --all-names > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > Processing section "[netlogon]" > Processing section "[sysvol]" > Processing section "[profiles]" > Processing section "[homes]" > Processing section "[daten]" > Processing section "[install]" > Processing section "[winupdate]" > pm_process() returned Yes > added interface eth0 ip=11.22.33.202 bcast=11.22.33.255 > netmask=255.255.255.0 > IPs: ['11.22.33.202'] > Security token SIDs (1): > SID[ 0]: S-1-5-18 > Privileges (0xFFFFFFFFFFFFFFFF): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeSecurityPrivilege > Privilege[ 9]: SeSystemtimePrivilege > Privilege[ 10]: SeShutdownPrivilege > Privilege[ 11]: SeDebugPrivilege > Privilege[ 12]: SeSystemEnvironmentPrivilege > Privilege[ 13]: SeSystemProfilePrivilege > Privilege[ 14]: SeProfileSingleProcessPrivilege > Privilege[ 15]: SeIncreaseBasePriorityPrivilege > Privilege[ 16]: SeLoadDriverPrivilege > Privilege[ 17]: SeCreatePagefilePrivilege > Privilege[ 18]: SeIncreaseQuotaPrivilege > Privilege[ 19]: SeChangeNotifyPrivilege > Privilege[ 20]: SeUndockPrivilege > Privilege[ 21]: SeManageVolumePrivilege > Privilege[ 22]: SeImpersonatePrivilege > Privilege[ 23]: SeCreateGlobalPrivilege > Privilege[ 24]: SeEnableDelegationPrivilege > Rights (0x 0): > lpcfg_servicenumber: couldn't find ldb > schema_fsmo_init: we are master[yes] updates allowed[yes] > ldb: ldb_trace_request: SEARCH > dn: @MODULES > scope: base > expr: (@LIST=*) > attr: @LIST > control: <NONE> > > ldb: ldb_trace_request: (tdb)->search > ldb: Added timed event "ltdb_callback": 0x1bc3540 > > ldb: Added timed event "ltdb_timeout": 0x26e86f0 > > ldb: Running timer event 0x1bc3540 "ltdb_callback" > > ldb: ldb_trace_response: ENTRY > dn: @MODULES > @LIST: samba_secrets > > > > ldb: Destroying timer event 0x26e86f0 "ltdb_timeout" > > ldb: Ending timer event 0x1bc3540 "ltdb_callback" > > ldb: ldb_trace_request: REGISTER_CONTROL > 1.2.840.113556.1.4.1413 > control: <NONE> > > ldb: ldb_asprintf/set_errstring: unable to find module or backend to > handle operation: request > ldb: ldb_trace_request: SEARCH > dn: <rootDSE> > scope: base > expr: (objectClass=*) > attr: rootDomainNamingContext > attr: configurationNamingContext > attr: schemaNamingContext > attr: defaultNamingContext > control: <NONE> > > ldb: ldb_trace_request: (rdn_name)->search > ldb: ldb_trace_next_request: (tdb)->search > ldb: Added timed event "ltdb_callback": 0x2b4a450 > > ldb: Added timed event "ltdb_timeout": 0x1fc5d10 > > ldb: Running timer event 0x2b4a450 "ltdb_callback" > > ldb: ldb_asprintf/set_errstring: NULL Base DN invalid for a base search > ldb: Destroying timer event 0x1fc5d10 "ltdb_timeout" > > ldb: Ending timer event 0x2b4a450 "ltdb_callback" > > ldb_wrap open of secrets.ldb > ldb: ldb_trace_request: SEARCH > dn: cn=Primary Domains > scope: sub > expr: (&(flatname=DOMAIN)(objectclass=primaryDomain)) > attr: <ALL> > control: <NONE> > > ldb: ldb_trace_request: (rdn_name)->search > ldb: ldb_trace_next_request: (tdb)->search > ldb: Added timed event "ltdb_callback": 0x238f910 > > ldb: Added timed event "ltdb_timeout": 0x2948fe0 > > ldb: Running timer event 0x238f910 "ltdb_callback" > > ldb: ldb_trace_response: ENTRY > dn: flatname=DOMAIN,cn=Primary Domains > msDS-KeyVersionNumber: 1 > objectClass: top > objectClass: primaryDomain > objectClass: kerberosSecret > objectSid: S-1-5-21-1406441594-952197255-810364793 > privateKeytab: secrets.keytab > realm: DOMAIN.LOCAL > saltPrincipal: host/linsrv.domain.local at DOMAIN.LOCAL > samAccountName: LINSRV$ > secret: > q~;iioq&Tf$JL6[]94jYps4+P<$$.HHk2vNoM8?&MO-HEfWN:cc<v>$8XJmos;Jbj59[z( > BW=+3wZ>Lra&mBWCZBiUzBQwsBVE]O&XK:X)<JX~OTZwkIRU4j?h]Pj3CND;T at 9q$!WDbyew+HTAm > k%F?o at P7GPAj&QnhNKBhK$r > secureChannelType: 6 > servicePrincipalName: HOST/linsrv > servicePrincipalName: HOST/linsrv.domain.local > objectGUID: c4f058db-ed80-466a-9b08-1ceb78957aa7 > whenCreated: 20130816104951.0Z > whenChanged: 20130816104951.0Z > uSNCreated: 7 > uSNChanged: 7 > name: DOMAIN > flatname: DOMAIN > distinguishedName: flatname=DOMAIN,cn=Primary Domains > > > > ldb: Destroying timer event 0x2948fe0 "ltdb_timeout" > > ldb: Ending timer event 0x238f910 "ltdb_callback" > > Traceback (most recent call last): > File "/usr/local/samba/sbin/samba_dnsupdate", line 506, in <module> > get_credentials(lp) > File "/usr/local/samba/sbin/samba_dnsupdate", line 119, in get_credentials > creds.get_named_ccache(lp, ccachename) > RuntimeError: kinit for LINSRV$@DOMAIN.LOCAL failed (Cannot contact any > KDC for requested realm) > > > But Kerberos ist working: > > root at linsrv:/usr/local/samba# kinit administrator at DOMAIN.LOCAL > Password for administrator at DOMAIN.LOCAL: > Warning: Your password will expire in 980 days on Wed May 11 12:49:49 2016 > root at linsrv:/usr/local/samba# klist -e > Ticket cache: FILE:/tmp/krb5cc_0 > Default principal: administrator at DOMAIN.LOCAL > > Valid starting Expires Service principal > 2013-09-04 11:08:51 2013-09-04 21:08:51 krbtgt/DOMAIN.LOCAL at DOMAIN.LOCAL > renew until 2013-09-05 11:08:47, Etype (skey, tkt): > arcfour-hmac, arcfour-hmac > > > I have no idea how to fix it and would be very glad if someone may help. > > > root at linsrv:/usr/local/samba# samba --version > Version 4.0.9 > root at linsrv:/usr/local/samba# cat /etc/debian_version > 7.1 > root at linsrv:/usr/local/samba# uname -a > Linux linsrv 3.2.0-4-amd64 #1 SMP Debian 3.2.46-1 x86_64 GNU/Linux > > > Best regards! >-- Thomas Zeitinger Kundenbetreuung IT-Quadrat EDV Dienstleistungs- und Handels GmbH Krongasse 8/2 A-1050 Wien Tel: +43 (1) 311 44 00 - 10 Fax: +43 (1) 311 44 00 - 90 Thomas.Zeitinger at it2.at www.it2.at FN 287345t UID ATU63123113
Maybe Matching Threads
- Samba 4 classicupgrade: Error converting string to value for line:"CurrentVersion"
- After upgrading samba 4.5.10 to 4.9.13
- FreeBSD problems with sysvol and share Acls
- Dynamic DNS Updates not working. samba_dnsupdate : RuntimeError: (sambalist: to exclusive) kinit for [DC@Realm] failed (Cannot contact any KDC for requested realm)
- regpatch writing to local registry hive with -F not working (registery-utils 4.0.0~alpha15~git20110124.dfsg1-2ubuntu1)