samba - Jul 2016 - Fwd: Good installation documentation on samba4?

The OS I'm using is Ubuntu 16.04. The previous OS I was working with was
Ubuntu 14.04. The krb issue I had was that the kdc server

" RuntimeError: kinit for DOMAINCONTROLLER$@SAMDOM.EXAMPLE.COM failed
(Cannot contact any KDC for requested realm)".

The modified krb5.conf file I distilled out of information on the internet
helped to create a working version.

When comparing the documentation of samba4 vs. samba 3.5 I find that the
samba3.5 documentation is a lot more complete and a lot bigger. Comparing
the samba4 documentation to the samba3.5, makes me think the newer
documentation of more of an afterthought than a similarly constructed
document.

2016-07-29 22:25 GMT+02:00 Rowland penny <rpenny at samba.org>:
> On 29/07/16 20:50, Léon van der Kaap wrote:
>
>> I figured out the resolv.conf bit fidgeting around. Thanks for the tip
>> anyway.
>>
>> Regarding the krb5.conf I have never got it working with the example
>> files. I have always added at least a "kdc = samdom.example.com
<
>> http://samdom.example.com>" to the lines, but my file is
actually still
>> a bit more complex(and possibly redundant).
>>
>
> If you have to add that line to krb5.conf on a DC, then I think you are
> doing something wrong, because, to be honest, it only really needs to be:
>
> [libdefaults]
>     default_realm = SAMDOM.EXAMPLE.COM
>
> The other two lines are defaults.
>
> What OS did you try it on ?
>
>
>
>> Regarding the troubleshooting page, it is /far/ from complete. At the
>> very least, the documentation should at a check for a succesful
'kinit'
>> command to see if the system is going to work.
>>
>
> It doesn't have to be on the troubleshooting page, because it is on the
DC
> howto page, did you somehow miss this ?
>
>
>> Maybe I sound a bit angry, but I severely dislike documentation that
>> leaves you with an unfinished installation. Compare the monstrously
sized
>> Samba 3.5 with Samba 4 kind of illustrates the point that not all bases
are
>> covered which is a shame to me.
>>
>>
> I am sure that if you follow the Samba wiki page you will end up with a
> basic DC, but if it doesn't work for you, just what do you feel is
missing
> ? as I said, if we don't know what is wrong, how can we fix it ?
>
> I also don't understand what you mean by 'Compare the monstrously
sized
> Samba 3.5 with Samba 4', just what are you trying to compare ?
>
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

On 29/07/16 21:43, Léon van der Kaap wrote:
> The OS I'm using is Ubuntu 16.04. The previous OS I was working with 
> was Ubuntu 14.04. The krb issue I had was that the kdc server
>
> " RuntimeError: kinit for DOMAINCONTROLLER$@SAMDOM.EXAMPLE.COM 
> <http://SAMDOM.EXAMPLE.COM> failed (Cannot contact any KDC for 
> requested realm)".
>
> The modified krb5.conf file I distilled out of information on the 
> internet helped to create a working version.
>
> When comparing the documentation of samba4 vs. samba 3.5 I find that 
> the samba3.5 documentation is a lot more complete and a lot bigger. 
> Comparing the samba4 documentation to the samba3.5, makes me think the 
> newer documentation of more of an afterthought than a similarly 
> constructed document.
>
I think I understand this a bit better now, the kinit didn't work until 
you added a line to krb5.conf that told kerberos where the DC was, this 
sounds very like a dns problem. Did you alter your /etc/resolv.conf 
after the provision, so it pointed the nameserver to itself and seeing 
as you are using Ubuntu, did you remove 127.0.1.1 from /etc/hosts and 
stop Network Manager from using dnsmasq.

Rowland

Thanks, I think I found the issue now. My system loves to be stubborn about
DNS. The fact that /etc/resolv.conf is automatically generated from
configuration probably didn't help either. I was convinced the DNS worked,
but the system decided otherwise. It readily explains the Kerberos issue.

The reboot of the system probably reset the DNS and it showed up as a
Kerberos issue.

You've all been very helpful with your comments. Thanks for helping me find
out where the issues were.

2016-07-29 22:50 GMT+02:00 Rowland penny <rpenny at samba.org>:
> On 29/07/16 21:43, Léon van der Kaap wrote:
>
>> The OS I'm using is Ubuntu 16.04. The previous OS I was working
with was
>> Ubuntu 14.04. The krb issue I had was that the kdc server
>>
>> " RuntimeError: kinit for DOMAINCONTROLLER$@SAMDOM.EXAMPLE.COM
<
>> http://SAMDOM.EXAMPLE.COM> failed (Cannot contact any KDC for
requested
>> realm)".
>>
>> The modified krb5.conf file I distilled out of information on the
>> internet helped to create a working version.
>>
>> When comparing the documentation of samba4 vs. samba 3.5 I find that
the
>> samba3.5 documentation is a lot more complete and a lot bigger.
Comparing
>> the samba4 documentation to the samba3.5, makes me think the newer
>> documentation of more of an afterthought than a similarly constructed
>> document.
>>
>>
> I think I understand this a bit better now, the kinit didn't work until
> you added a line to krb5.conf that told kerberos where the DC was, this
> sounds very like a dns problem. Did you alter your /etc/resolv.conf after
> the provision, so it pointed the nameserver to itself and seeing as you are
> using Ubuntu, did you remove 127.0.1.1 from /etc/hosts and stop Network
> Manager from using dnsmasq.
>
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>