I am experiencing a weird issue with samba when I am trying to configure it as a Domain Controller. I'm using Gentoo Linux, and after finally figuring that kdb5_util was looking for the krb5.conf file where Gentoo didn't put it, I was able to initialize the realm with kdb5_util create. But now when I try to start samba (the actual Samba process, not smb) it pulls kerberos and kerberos dies, saying: ?Can not fetch master key (error: No such file or directory). - while fetching master key K/M for realm <myrealm> After looking on the internet I see people getting this error before krb5_util create, but not after. I tried kdb5_util stash and it says it's using an existing key in the stash file, but I still get this same error. Help? Samba is 4.13.0 with mit-krb5 1.18.2 Thanks! -- Dan Egli On my Test server -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 495 bytes Desc: OpenPGP digital signature URL: <lists.samba.org/pipermail/samba/attachments/20201028/bad44e66/OpenPGP_signature.sig>
On 29/10/2020 00:41, Dan Egli via samba wrote:> I am experiencing a weird issue with samba when I am trying to configure > it as a Domain Controller.You would :-)> > After looking on the internet I see people getting this error before > krb5_util create, but not after. I tried kdb5_util stash and it says > it's using an existing key in the stash file, but I still get this same > error. Help? Samba is 4.13.0 with mit-krb5 1.18.2I suggest you start again, using MIT instead of Heimdal is experimental and shouldn't be used in production, it gives all sorts of problems. Rowland
On 10/29/2020 2:22 AM, Rowland penny via samba wrote:> On 29/10/2020 00:41, Dan Egli via samba wrote: >> I am experiencing a weird issue with samba when I am trying to configure >> it as a Domain Controller. > You would :-)Gee, thanks! :)>> >> After looking on the internet I see people getting this error before >> krb5_util create, but not after. I tried kdb5_util stash and it says >> it's using an existing key in the stash file, but I still get this same >> error. Help? Samba is 4.13.0 with mit-krb5 1.18.2 > > I suggest you start again, using MIT instead of Heimdal is > experimental and shouldn't be used in production, it gives all sorts > of problems. > > RowlandDid I miss something where Heimdal got re-labeled? The package says MIT, doesn't it? mit-krb5-1.18.2. Sure looks like MIT to me. -- Dan Egli On my Test server -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 495 bytes Desc: OpenPGP digital signature URL: <lists.samba.org/pipermail/samba/attachments/20201029/17987045/OpenPGP_signature.sig>