Thank you Andrew! You are right. Let FreeBSD start its own Kerberos does not make sense since Samba4 has its own Kerberos. I can not get Samba4's Kerberos working. The following is the message I run Samba4.
I am using the Samba4's internal DNS. I copied krb5.conf from /usr/local/samba/private to /etc after I run samba-tool domain provision. root@f10:/usr/local/samba/sbin # ./samba -i -M single samba version 4.1.0pre1-GIT-e6a100e started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model /usr/local/samba/sbin/samba_dnsupdate: Traceback (most recent call last): /usr/local/samba/sbin/samba_dnsupdate: File "/usr/local/samba/sbin/samba_dnsupdate", line 507, in <module> /usr/local/samba/sbin/samba_dnsupdate: get_credentials(lp) /usr/local/samba/sbin/samba_dnsupdate: File "/usr/local/samba/sbin/samba_dnsupdate", line 121, in get_credentials /usr/local/samba/sbin/samba_dnsupdate: creds.get_named_ccache(lp, ccachename) /usr/local/samba/sbin/samba_dnsupdate: RuntimeError: kinit for F10$@ F10.PCCOM.CA failed (Cannot contact any KDC for requested realm) /usr/local/samba/sbin/samba_dnsupdate: ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_ACCESS_DENIED root@f10:/usr/local/samba/sbin # uname -a FreeBSD f10 10.0-CURRENT FreeBSD 10.0-CURRENT #0: Sat Oct 6 04:49:30 UTC 2012 r...@build-i386-fbsd-2.allbsd.org:/usr/obj/i386.i386/usr/src/sys/GENERIC i386 root@f10:/usr/local/samba/sbin # cat /etc/resolv.conf domain f10.pcccom.ca nameserver 192.168.1.1 root@f10:/usr/local/samba/sbin # nslookup samba.org Server: 192.168.1.1 Address: 192.168.1.1#53 Non-authoritative answer: Name: samba.org Address: 216.83.154.106 It looks the DNS server has no problem. Please help me out! On Sun, Nov 18, 2012 at 6:38 PM, Andrew Bartlett <abart...@samba.org> wrote: > On Fri, 2012-11-16 at 16:42 -0500, Pccom Frank wrote: > > Hi, Samab gurus! > > > > I tried to make Samba4 work on FreeBSD 9.1 i386 but failed to join an XP > > computer to the domain. > > > > What I did is: > > > > 1, git clone git://git.samba.org/samba.git samba-master > > > > 2, cd /usr/local/samba-master > > 3, ./configure --enable-debug --enable-selftest && make && make install > > 4, /usr/local/samba/sbin/samba-tool domain provision > > --realm=xyz.pccom.ca--domain=dcxyz --adminpass='123456' > > --server-role=dc > > 5, cp /usr/local/samba/private/krb.conf /etc > > What suggested that you should do this? > > > 6, echo 'kerberos5_server_enable="YES"' >> /etc/rc.conf > > 7, echo 'kadmind5_server_enable="YES"' >> /etc/rc.conf > > This step is not included in any official Samba HOWTO. > > > 8, echo 'domain xyz.pccom.ca' >> /etc/resolv.conf > > the dns server keep the same as before. > > 9, /usr/local/samba/bin/samba -i -M single > > > > I found > > > > "Failed to bind to 192.168.1.248 UDP_NT_ADDRESS_ALREADY_ASSOCIATED" > > Our KDC cannot start because you enabled a different KDC and it is > listening on port 88 already. > > Andrew Bartlett > > -- > Andrew Bartlett http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba