Hi, ?? I am having an issue with the DC controller in Samba and I was wondering if someone could give me a hand? ?? Samba version is: root at dns2:~# samba --version Version 4.13.9 root at dns2:~# ???? I tried to remove everything involving the dns because it is not required as I will be updating the zone file manually. And the zone file is on another machine. When I first set up samba everything was working perfectly including the Active Directory tool on the win10 machine. I suspect something has gone wrong involving a dns update.? Now I am at a state where my windows machine can login but the secondary DC stops working with the primary after a little while, plus the Active Directory tool can no longer connect to the DC. ??? The error from the log file is: [2021/08/02 09:17:53.017061,? 3] ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) ? Kerberos: Server not found in database: ldap/dc0.cronomagic.ca/cronomagic.ca at CRONOMAGIC.CA: no such entry found in hdb [2021/08/02 09:17:53.017104,? 3] ../../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) ? Kerberos: Failed building TGS-REP to ipv4:192.168.55.119:49985 ??? I can send any configuration files if necessary. ?? Any help with this would be greatly appreciated.
On Mon, 2021-08-02 at 09:21 -0400, ve2cii--- via samba wrote:> Hi, > > I am having an issue with the DC controller in Samba and I was > wondering if someone > could give me a hand? > Samba version is: > > root at dns2:~# samba --version > Version 4.13.9 > root at dns2:~# > > I tried to remove everything involving the dns because it is > not > required as I will be updating > the zone file manually. And the zone file is on another machine.Stop right there, why do think Samba spent so much time getting dns to work on a Samba DC ? It was because AD requires dns. Put back everything you removed (if you can, if not, start again), get your clients to use the DC(s) for AD dns and set the DC(s) to forward anything not in the AD domain to to an external dns server, or do it the other way around, it doesn't really matter as long as the DC(s) are authoritative for the AD domain. You might not like this, but you are not the first person to try something like this (and fail), nor will you be the last :-( Rowland