Kerberos - Active Directory Domain Failure (Ubuntu)
After i google this past week, lucky i found this site http://edoceo.com/howto/samba4
Happens to be i need to edit my dnsmasq (/etc/dnsmasq.conf) add this line :
srv-host=_kerberos._tcp.test.sg,4ecapsvsg6.test.sg,88 srv-host=_kerberos._tcp.dc._msdcs.test.sg,4ecapsvsg6.test.sg,88 srv-host=_kerberos._udp.test.sg,4ecapsvsg6.test.sg,88
srv-host=_kpasswd._tcp.test.sg,4ecapsvsg6.test.sg,464 srv-host=_kpasswd._udp.test.sg,4ecapsvsg6.test.sg,464
and disable Bind9 (which installed along with Samba4 by default)
Now the problems gone :)
Only one problems remains, how to connect to AD (which i'll open another thread for that)
Related videos on Youtube
AdhiDazz
Updated on September 18, 2022Comments
-
AdhiDazz almost 2 years
I try to join Active Directory and Samba 4 in Ubuntu 12.04.05.
When I runhost -t SRV _kerberos._udp.test.sg
I get the error:Host _kerberos._udp.test.sg not found: 3(NXDOMAIN)
meanwhile
$# host -t SRV _ldap._tcp.test.sg _ldap._tcp.test.sg has SRV record 0 0 389 4ecapsvsg6.test.sg. $# host -t A 4ECAPSVSG6.test.sg 4ECAPSVSG6.test.sg has address 10.153.64.5
My
/etc/samba/smb.conf
:# Global parameters [global] workgroup = TEST realm = TEST.SG netbios name = 4ECAPSVSG6 server role = active directory domain controller dns forwarder = 10.153.64.5 security = ads use kerberos keytab = true password server = 4ecapsvsg6.test.sg allow dns updates = nonsecure and secure bind interfaces only = no server services = +smb -s3fs dcerpc endpoint servers = +winreg +srvsvc passdb backend = samba4 server services = smb, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate, dns
My
/etc/krb5.conf
:[libdefaults] default_realm = TEST.SG krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true [realms] 4ECAP.SG = { kdc = 4ecapsvsg6.test.sg:88 admin_server = 4ecapsvsg6.test.sg:749 default_domain = test.sg } [domain_realm] .test.sg = TEST.SG test.sg = TEST.SG [login] krb4_convert = true krb4_get_tickets = false
My
/etc/hosts
:127.0.0.1 localhost 127.0.1.1 4ecapsvsg6 # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 10.153.64.5 4ecapsvsg6.test.sg 4ecapsvsg6
What is the solution? Without it I cannot run join domain with command:
sudo net ads join
which comes out error like
Failed to join domain: failed to lookup DC info for domain 'TEST' over rpc: Logon failure
I did
kinit administrator
andklist
, result:Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [email protected] Valid starting Expires Service principal 26/03/2015 14:29:04 27/03/2015 00:29:04 krbtgt/[email protected] renew until 27/03/2015 14:29:00
meanwhile i include my
/etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 10.153.64.5 search test.sg domain test.sg