On 10.03.2015 21:43, Rowland Penny wrote:> > I wonder if it is a time problem, does 'date' return the same time > (allowing for being run on different machines), they need to be very > close together. > > Rowland >Time seems okay, the system is getting it from the first DC, but I found something interesting in the serverlog: Not authoritative for '_kerberos.dilken.eu', forwarding [2015/03/10 22:31:34.148561, 2] ../source4/dns_server/dns_query.c:629(dns_serve r_process_query_send) Seems that net ads does not correctly set domain name and/or realm. The DNS-question should be _kerberos.ad.dilken.eu for which the DNS is authoritative... Greetings, Roman
On 10/03/15 21:36, Roman Dilken wrote:> On 10.03.2015 21:43, Rowland Penny wrote: > >> I wonder if it is a time problem, does 'date' return the same time >> (allowing for being run on different machines), they need to be very >> close together. >> >> Rowland >> > > Time seems okay, the system is getting it from the first DC, but I found > something interesting in the serverlog: > > Not authoritative for '_kerberos.dilken.eu', forwarding > [2015/03/10 22:31:34.148561, 2] > ../source4/dns_server/dns_query.c:629(dns_serve > r_process_query_send) > > > Seems that net ads does not correctly set domain name and/or realm. The > DNS-question should be _kerberos.ad.dilken.eu for which the DNS is > authoritative... > > Greetings, > > RomanHmm, it should actually be _kerberos._udp.ad.dilken.eu, what is in /etc/krb5.conf on the two DCs, also what is smb.conf on the two DCs Rowland
smb.conf and krb5.conf on dc2:
# Global parameters
[global] workgroup = AD
realm = ad.dilken.eu
netbios name = DC2
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
log level = 5
[netlogon]
path = /var/lib/samba/sysvol/ad.dilken.eu/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[libdefaults]
dns_lookup_realm = true
dns_lookup_kdc = true
default_realm = AD.DILKEN.EU
smb.conf and krb5.conf on raspberry-pi:
[libdefaults]
default_realm = AD.DILKEN.EU
dns_lookup_realm = true
dns_lookup_kdc = true
[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log
# Global parameters
[global]
workgroup = AD
realm = AD.DILKEN.EU
netbios name = RASPBERRY-PI
server role = active directory domain controller
dns forwarder = 192.71.247.247
idmap_ldb:use rfc2307 = yes
log level = 5
[netlogon]
path = /var/lib/samba/sysvol/ad.dilken.eu/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
I'll check the DNS entries later again.
Greetings
Am 10.03.2015 um 22:55 schrieb Rowland Penny:
>>
>
> Hmm, it should actually be _kerberos._udp.ad.dilken.eu, what is in
/etc/krb5.conf on the two DCs, also what is smb.conf on the two DCs
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba