samba - Jul 2018 - Setting up new samba-ac-dc on Ubuntu 18.04 - KDC not FOUND

I have been running a small domain for years. I finally decided to move 
the domain to ad. I am also upgrading the server from Ubuntu i6.04 LTS 
to 18.04 LTS

I installed the new server on a new RAID array and loaded the Ubuntu 
LAMP stack. I installed samba. I have gone through a few tutorials which 
offer differing recommendation on some things. All were based on either 
Debian or Ubuntu.

I seem to have successfully provisioned the DC but I cannot contact the 
kerberos KDC
The /etc/krb5.conf contains:
> {libdefaults]
>         default_realm = ORLEANS.STEINMETZNET.COM
>         dns_lookup_realm = false
>         dns_lookup_kdc = true
kinit returns server not found.
> $ kinit administrator at ORLEANS.STEINMETZNET.COM
> kinit: Cannot find KDC for realm "ORLEANS.STEINMETZNET.COM" while
> getting initial credentials
Some of the other suggested test seem to work but give somewhat 
different results than the examples, particularly the smbclient tests.

I've searched around the net for a solution but haven't come up with one
yet.
Can I simply remove the Samba database files and re-provision the DC?

Looks like a DNS issue!? Please post smb.conf and your DNS preferences. Make
sure your domain "ORLEANS.STEINMETZNET.COM" is resolved by
locahost/your dc. Do you have a secondary DC?

Am 8. Juli 2018 18:54:28 MESZ schrieb Robert Steinmetz AIA via samba <samba
at lists.samba.org>:
>I have been running a small domain for years. I finally decided to move
>
>the domain to ad. I am also upgrading the server from Ubuntu i6.04 LTS 
>to 18.04 LTS
>
>I installed the new server on a new RAID array and loaded the Ubuntu 
>LAMP stack. I installed samba. I have gone through a few tutorials
>which 
>offer differing recommendation on some things. All were based on either
>
>Debian or Ubuntu.
>
>I seem to have successfully provisioned the DC but I cannot contact the
>
>kerberos KDC
>The /etc/krb5.conf contains:
>> {libdefaults]
>>         default_realm = ORLEANS.STEINMETZNET.COM
>>         dns_lookup_realm = false
>>         dns_lookup_kdc = true
>kinit returns server not found.
>> $ kinit administrator at ORLEANS.STEINMETZNET.COM
>> kinit: Cannot find KDC for realm "ORLEANS.STEINMETZNET.COM"
while
>> getting initial credentials
>Some of the other suggested test seem to work but give somewhat 
>different results than the examples, particularly the smbclient tests.
>
>I've searched around the net for a solution but haven't come up with
>one 
>yet.
>Can I simply remove the Samba database files and re-provision the DC?
>
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
-- 
Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.

Top posting, because I'm lazy. :)

I'm not at all sure this is correct, but...
...this sounds like a DNS resolution problem, and it may be related to
systemd.resolved.

Louis did a walk-through on 18.04 AD setup a while back - it might be worth
finding and reading.

While Louis left systemd-resolved alone, and did some trickery to work with it,
I have opted to disable systemd-resolved. [I wasn't able to get Louis's
method to work - which is likely a result of self-inflicted issues, rather than
Louis' walk-through being wrong.]

Here's how I do that.

---
systemctl mask systemd-resolved.service
systemctl stop systemd-resolved.service

#Remove the linked file
#resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
rm /etc/resolv.conf

nano /etc/resolv.conf
# ---
search ad.abc.local localdomain
nameserver 8.8.4.4
nameserver 8.8.8.8
#---
[We need resolvers other than the AD for now. We'll change it to 127.0.0.1
after the AD provision.]

---
After AD provision is successful...

#modify /etc/resolv.conf - point dns at itself 127.0.0.1
#Make sure your smb.conf has a properly configured dns forwarder configured.
nano /etc/resolv.conf
---
nameserver 127.0.0.1
search ad.abc.local localdomain
---

HTH

-Greg

RSAvs> I have been running a small domain for years. I finally decided to
move
RSAvs> the domain to ad. I am also upgrading the server from Ubuntu i6.04 LTS
RSAvs> to 18.04 LTS

RSAvs> I installed the new server on a new RAID array and loaded the Ubuntu 
RSAvs> LAMP stack. I installed samba. I have gone through a few tutorials
which
RSAvs> offer differing recommendation on some things. All were based on
either
RSAvs> Debian or Ubuntu.

RSAvs> I seem to have successfully provisioned the DC but I cannot contact
the
RSAvs> kerberos KDC
RSAvs> The /etc/krb5.conf contains:
>> {libdefaults]
>>         default_realm = ORLEANS.STEINMETZNET.COM
>>         dns_lookup_realm = false
>>         dns_lookup_kdc = true
RSAvs> kinit returns server not found.
>> $ kinit administrator at ORLEANS.STEINMETZNET.COM
>> kinit: Cannot find KDC for realm "ORLEANS.STEINMETZNET.COM"
while
>> getting initial credentials
RSAvs> Some of the other suggested test seem to work but give somewhat 
RSAvs> different results than the examples, particularly the smbclient tests.

RSAvs> I've searched around the net for a solution but haven't come
up with one
RSAvs> yet.
RSAvs> Can I simply remove the Samba database files and re-provision the DC?



-- 
Gregory Sloop, Principal: Sloop Network & Computer Consulting
Voice: 503.251.0452 x82
EMail: gregs at sloop.net
http://www.sloop.net
---

OK I'm back on this after a tour through firewalld and other issues.

I see Louis has posted his  how to on git-hub. It seems very helpful

I also see his method uses the Ubuntu resolver but also uses bind9 so 
I'm not sure whether his method can be adapted to using the internal DNS 
in Samba.

In setting this up one of my main goals is to limit the amount of 
customization I do as I have found it easier to accept a little less 
performance for ease of maintenance.
-- 
Rob Steinmetz

Hai Robert, 

It does not matter if you bind9 dns or internal samba dns.

Have a look here, and see why i did use the internal sub listener. 
https://www.freedesktop.org/software/systemd/man/systemd-resolved.service.html

Its a 5 min read the above link but it explains it all better then i can. 
;-) 

Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Robert Steinmetz AIA via samba
> Verzonden: zondag 5 augustus 2018 22:27
> Aan: samba
> Onderwerp: Re: [Samba] Setting up new samba-ac-dc on Ubuntu 
> 18.04 - KDC not FOUND
> 
> OK I'm back on this after a tour through firewalld and other issues.
> 
> I see Louis has posted his  how to on git-hub. It seems very helpful
> 
> I also see his method uses the Ubuntu resolver but also uses bind9 so 
> I'm not sure whether his method can be adapted to using the 
> internal DNS 
> in Samba.
> 
> In setting this up one of my main goals is to limit the amount of 
> customization I do as I have found it easier to accept a little less 
> performance for ease of maintenance.
> -- 
> Rob Steinmetz
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>