I'm trying to understand what is definitive about samba 4.x as an AD DC.
First, does samba need to have heimdal or mit kerb installed? Following the
how to at
https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO
I don't see that it does.
After getting samba to work in its plain defaults, I then proceeded to
configure it to use bind9 as shown in the bind howto -
https://wiki.samba.org/index.php/DNS#Changing_from_Internal_DNS_to_BIND
But I then found I was getting errors running samba_dnsupdate --verbose
--all
so then I installed hiemdal and configured the /etc/krb5.conf to have the
realm name of may samba domain.
This probably was superfluous as I still go the same error.
So I investigated further and modified /etc/resolv.conf so that in pointed
to the host I'm workinging on -- where I installed bind.
Then running samba_dnsupdate --verbose --all I get lots of errors the
common one is
;; UPDATE SECTION:
_gc._tcp.bearfam.org. 900 IN SRV 0 100 3268 b11.bearfam.org.
; Communication with 127.0.1.1#53 failed: operation canceled
; Communication with 8.8.8.8#53 failed: unexpected error
could not talk to any default name server
Failed nsupdate: 1
Calling nsupdate for SRV _gc._tcp.default-first-site-name._sites.bearfam.org
b11.bearfam.org 3268
So I conclude my first error was a failure to get /etc/resolv.conf correct.
What what do I do about the 'operation canceled' message ? Is samba
still
unable to talk wtih bind? do I still need some kind of config for heimdal ?
The bind migration guide mentions running kinit and getting admin tokens
for the domain -- but I'm still wondering about the requirement for heimdal
...
Please advise.
--
David Bear
mobile: (602) 903-6476
