Back to the RE-provision workbench. :-)
So close . . .
Reprovision completed.
Server Role: active directory domain controller
Hostname: internal
NetBIOS Domain: INTERNAL
DNS Domain: internal.example.com
DOMAIN SID: S-1-5-21-123456789-123456789-123456789
----------------------------------------------
]# hostname -f
internal.example.com
]# hostname -s
internal
]# hostname -d
example.com
---------------------------------------------
DNS test all work correctly.
---------------------------------------------
]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator at EXAMPLE.COM
Valid starting Expires Service principal
04/29/2015 10:20:18 04/29/2015 20:20:18 krbtgt/EXAMPLE.COM at EXAMPLE.COM
renew until 04/30/2015 10:19:53
BUT ---
]# kinit administrator at EXAMPLE.COM
kinit: Cannot find KDC for realm "EXAMPLE.COM" while getting initial
credentials
]# kinit administrator at INTERNAL.EXAMPLE.COM
kinit: Cannot contact any KDC for realm 'INTERNAL.EXAMPLE.COM' while
getting initial credentials
On 29/04/15 17:31, Mike wrote:> So close . . . > > Reprovision completed. > > Server Role: active directory domain controller > > Hostname: internal > > NetBIOS Domain: INTERNAL > > DNS Domain: internal.example.com > > DOMAIN SID: S-1-5-21-123456789-123456789-123456789 > > ---------------------------------------------- > > ]# hostname -f > internal.example.com > > ]# hostname -s > internal > > ]# hostname -d > > example.com > >I will try again, your hostname is just one word, the domain name can and should be multiple words. i.e. your hostname could be 'dc' and the domain name could be 'internal.example.com', this would make your FQDN 'dc.internal.example.com' With this, the last part of the provision output should be something like this: Server Role: active directory domain controller Hostname: dc NetBIOS Domain: INTERNAL DNS Domain: internal.example.com DOMAIN SID: S-1-5-21-3439746342-3860244441-329711412 The provision command would be something like this: samba-tool domain provision --realm=internal.example.com --domain=INTERNAL --adminpass=XXXXXXXXXX --use-rfc2307 --server-role=dc Rowland
Greetings, Mike!> So close . . .> Reprovision completed.> Server Role: active directory domain controller> Hostname: internal> NetBIOS Domain: INTERNAL> DNS Domain: internal.example.comYou're AGAIN confusing hostname and domain (realm) name!> DOMAIN SID: S-1-5-21-123456789-123456789-123456789> ----------------------------------------------> ]# hostname -f > internal.example.comGiven your Samba configuration, this should reply internal.internal.example.com> ]# hostname -s > internal> ]# hostname -d> example.comAnd this should reply internal.example.com> ---------------------------------------------> DNS test all work correctly.No, they aren't.> ---------------------------------------------> ]# klist > Ticket cache: FILE:/tmp/krb5cc_0 > Default principal: administrator at EXAMPLE.COM> Valid starting Expires Service principal > 04/29/2015 10:20:18 04/29/2015 20:20:18 krbtgt/EXAMPLE.COM at EXAMPLE.COM > renew until 04/30/2015 10:19:53> BUT ---> ]# kinit administrator at EXAMPLE.COM > kinit: Cannot find KDC for realm "EXAMPLE.COM" while getting initial > credentials> ]# kinit administrator at INTERNAL.EXAMPLE.COM > kinit: Cannot contact any KDC for realm 'INTERNAL.EXAMPLE.COM' while > getting initial credentialsThis only reinforces my claim that you again confused the terms and misconfigured your setup. If you really just testing it, get back to workgroup = INTERNAL realm = EXAMPLE.COM netbios name = DC1 Your DNS tests must show hostname --short: dc1 hostname --domain: example.com hostname --fqdn: dc1.example.com If you are experimenting with a copy of live setup, please start showing real data as you enter it, it'll lead to a faster resolution. -- With best regards, Andrey Repin Wednesday, April 29, 2015 22:10:15 Sorry for my terrible english...