Hi,Rowland!Thank you for your help.Change the dns server to the samba server make things better. But still not working. root@f10:/etc # /usr/local/samba/sbin/samba -i -M singlesamba version 4.1.0pre1-GIT-e6a100e started.Copyright Andrew Tridgell and the Samba Team 1992-2012samba: using 'single' process model/usr/local/samba/sbin/samba_dnsupdate: /usr/bin/nsupdate: cannot specify -g or -o, program not linked with GSS API Library/usr/local/samba/sbin/samba_dnsupdate: /usr/bin/nsupdate: cannot specify -g or -o, program not linked with GSS API Library/usr/local/samba/sbin/samba_dnsupdate: /usr/bin/nsupdate: cannot specify -g or -o, program not linked with GSS API Library../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_UNSUCCESSFUL^Croot@f10:/etc # cat /etc/resolv.conf domain f10.pcccom.canameserver 127.0.0.1
root@f10:/etc # /usr/local/samba/sbin/samba -i -M singlesamba version 4.1.0pre1-GIT-e6a100e started.Copyright Andrew Tridgell and the Samba Team 1992-2012samba: using 'single' process model../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_IO_TIMEOUT ^Croot@f10:/etc # cat /etc/resolv.conf domain f10.pcccom.canameserver 192.1681.1.100root@f10:/etc # ifconfigre0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE> ether 90:e6:ba:88:db:31 inet 192.168.1.100 netmask 0xffffff00 broadcast 192.168.1.255 inet6 fe80::92e6:baff:fe88:db31%re0 prefixlen 64 scopeid 0x1 nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> media: Ethernet autoselect (100baseTX <full-duplex>) status: active > Date: Mon, 19 Nov 2012 16:33:24 +0000 > From: rpe...@f2s.com > To: samba@lists.samba.org > Subject: Re: [Samba] Samba4 in FreeBSD 9 i386 for Domain controller not > working. Samba version 4.1.0 pre1-GIT cf15406 > > On 19/11/12 02:50, Pccom Frank wrote: > > Thank you Andrew! > > You are right. Let FreeBSD start its own Kerberos does not make sense since > > Samba4 has its own Kerberos. > > I can not get Samba4's Kerberos working. > > The following is the message I run Samba4. > > > > I am using the Samba4's internal DNS. > > I copied krb5.conf from /usr/local/samba/private to /etc after I run > > samba-tool domain provision. > > > > > > > > root@f10:/usr/local/samba/sbin # ./samba -i -M single > > samba version 4.1.0pre1-GIT-e6a100e started. > > Copyright Andrew Tridgell and the Samba Team 1992-2012 > > samba: using 'single' process model > > /usr/local/samba/sbin/samba_dnsupdate: Traceback (most recent call last): > > /usr/local/samba/sbin/samba_dnsupdate: File > > "/usr/local/samba/sbin/samba_dnsupdate", line 507, in <module> > > /usr/local/samba/sbin/samba_dnsupdate: get_credentials(lp) > > /usr/local/samba/sbin/samba_dnsupdate: File > > "/usr/local/samba/sbin/samba_dnsupdate", line 121, in get_credentials > > /usr/local/samba/sbin/samba_dnsupdate: creds.get_named_ccache(lp, > > ccachename) > > /usr/local/samba/sbin/samba_dnsupdate: RuntimeError: kinit for F10$@ > > F10.PCCOM.CA failed (Cannot contact any KDC for requested realm) > > /usr/local/samba/sbin/samba_dnsupdate: > > ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - > > NT_STATUS_ACCESS_DENIED > > > > > > > > root@f10:/usr/local/samba/sbin # uname -a > > FreeBSD f10 10.0-CURRENT FreeBSD 10.0-CURRENT #0: Sat Oct 6 04:49:30 UTC > > 2012 > > r...@build-i386-fbsd-2.allbsd.org:/usr/obj/i386.i386/usr/src/sys/GENERIC > > i386 > > > > > > root@f10:/usr/local/samba/sbin # cat /etc/resolv.conf > > domain f10.pcccom.ca > > nameserver 192.168.1.1 > > > > root@f10:/usr/local/samba/sbin # nslookup samba.org > > Server: 192.168.1.1 > > Address: 192.168.1.1#53 > > > > Non-authoritative answer: > > Name: samba.org > > Address: 216.83.154.106 > > > > It looks the DNS server has no problem. > > > > Please help me out! > > > > On Sun, Nov 18, 2012 at 6:38 PM, Andrew Bartlett <abart...@samba.org> wrote: > > > >> On Fri, 2012-11-16 at 16:42 -0500, Pccom Frank wrote: > >>> Hi, Samab gurus! > >>> > >>> I tried to make Samba4 work on FreeBSD 9.1 i386 but failed to join an XP > >>> computer to the domain. > >>> > >>> What I did is: > >>> > >>> 1, git clone git://git.samba.org/samba.git samba-master > >>> > >>> 2, cd /usr/local/samba-master > >>> 3, ./configure --enable-debug --enable-selftest && make && make install > >>> 4, /usr/local/samba/sbin/samba-tool domain provision > >>> --realm=xyz.pccom.ca--domain=dcxyz --adminpass='123456' > >>> --server-role=dc > >>> 5, cp /usr/local/samba/private/krb.conf /etc > >> What suggested that you should do this? > >> > >>> 6, echo 'kerberos5_server_enable="YES"' >> /etc/rc.conf > >>> 7, echo 'kadmind5_server_enable="YES"' >> /etc/rc.conf > >> This step is not included in any official Samba HOWTO. > >> > >>> 8, echo 'domain xyz.pccom.ca' >> /etc/resolv.conf > >>> the dns server keep the same as before. > >>> 9, /usr/local/samba/bin/samba -i -M single > >>> > >>> I found > >>> > >>> "Failed to bind to 192.168.1.248 UDP_NT_ADDRESS_ALREADY_ASSOCIATED" > >> Our KDC cannot start because you enabled a different KDC and it is > >> listening on port 88 already. > >> > >> Andrew Bartlett > >> > >> -- > >> Andrew Bartlett http://samba.org/~abartlet/ > >> Authentication Developer, Samba Team http://samba.org > >> > >> > >> > Hello, is the ipaddress of the samba 4 server 192.168.1.1 ? because > earlier you had a problem connecting to the KDC on 192.168.1.248 > If 192.168.1.1 is a different machine, then alter the nameserver line in > /etc/resolv.conf to point to either your samba4 servers ipaddress or > 127.0.0.1 > > Rowland > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba