Hi, I have deinstalled bind99 and re-made Samba4But still, Samba4 not working.The following are what I did.Looks like it is the dnsupdate problem. This time, it is the samba4's dnsupdate problem. Do I have to initialize kdc server? Those are copied from FreeBSD handbook for Kerberos 5. .....Note that this /etc/krb5.conf file implies that your KDC will have the fully-qualified hostname of kerberos.example.org. You will need to add a CNAME (alias) entry to your zone file to accomplish this if your KDC has a different hostname.Note: For large networks with a properly configured BIND DNS server, the above example could be trimmed to:[libdefaults] default_realm = EXAMPLE.ORG With the following lines being appended to the example.org zonefile:_kerberos._udp IN SRV 01 00 88 kerberos.example.org. _kerberos._tcp IN SRV 01 00 88 kerberos.example.org. _kpasswd._udp IN SRV 01 00 464 kerberos.example.org. _kerberos-adm._tcp IN SRV 01 00 749 kerberos.example.org. _kerberos IN TXT EXAMPLE.ORG Note: For clients to be able to find the Kerberos services, you must have either a fully configured /etc/krb5.conf or a minimally configured /etc/krb5.conf and a properly configured DNS server.Next we will create the Kerberos database. This database contains the keys of all principals encrypted with a master password. You are not required to remember this password, it will be stored in a file (/var/heimdal/m-key). To create the master key, run kstash and enter a password.Once the master key has been created, you can initialize the database using the kadmin program with the -l option (standing for “local”). This option instructs kadmin to modify the database files directly rather than going through the kadmind network service. This handles the chicken-and-egg problem of trying to connect to the database before it is created. Once you have the kadmin prompt, use the init command to create your realms initial database.Lastly, while still in kadmin, create your first principal using the add command. Stick to the defaults options for the principal for now, you can always change them later with the modify command. Note that you can use the ? command at any prompt to see the available options.A sample database creation session is shown below:# kstash Master key: xxxxxxxx Verifying password - Master key: xxxxxxxx
# kadmin -l kadmin> init EXAMPLE.ORG Realm max ticket life [unlimited]: kadmin> add tillman Max ticket life [unlimited]: Max renewable life [unlimited]: Attributes []: Password: xxxxxxxx Verifying password - Password: xxxxxxxx Now it is time to start up the KDC services. Run /etc/rc.d/kerberos start and /etc/rc.d/kadmind start to bring up the services. Note that you will not have any kerberized daemons running at this point but you should be able to confirm that the KDC is functioning by obtaining and listing a ticket for the principal (user) that you just created from the command-line of the KDC itself:% kinit tillman till...@example.org's Password: % klist Credentials cache: FILE:/tmp/krb5cc_500 Principal: till...@example.org Issued Expires Principal Aug 27 15:37:58 Aug 28 01:37:58 krbtgt/example....@example.org The ticket can then be revoked when you have finished:% kdestroy ================================......I did not do anything about Kerberos5. I am assuming Samba4 taking care about it. root@f10:/etc # cd /usr/ports/dns/bind99root@f10:/usr/ports/dns/bind99 # make deinstall ===> Deinstalling for dns/bind99===> Deinstalling bind99-9.9.2The following packages will be deinstalled: bind99-9.9.2 The deinstallation will free 33 MBDeleting bind99-9.9.2... doneroot@f10:/usr/ports/dns/bind99 # make clean===> Cleaning for bind99-9.9.2root@f10:/etc # cd /usr/local/samba-masterroot@f10:/usr/local/samba-master # git pullAlready up-to-date.root@f10:/usr/local/samba-master # make cleanWAF_MAKE=1 python ./buildtools/bin/waf clean Selected embedded Heimdal build'clean' finished successfully (8.929s)root@f10:/usr/local/samba-master # make && make installWAF_MAKE=1 python ./buildtools/bin/waf buildWaf: Entering directory `/usr/local/samba-master/bin' Selected embedded Heimdal build[ 1/3814] Generating replace.vscript......[3814/3814] Parse::Pidl::Wireshark::NDR.3: pidl/lib/Parse/Pidl/Wireshark/NDR.pm -> bin/default/pidl/Parse::Pidl::Wireshark::NDR.3Waf: Leaving directory `/usr/local/samba-master/bin''build' finished successfully (1h5m44.673s)WAF_MAKE=1 python ./buildtools/bin/waf installWaf: Entering directory `/usr/local/samba-master/bin'* creating /usr/local/samba/etc* creating /usr/local/samba/private* creating /usr/local/samba/var* creating /usr/local/samba/private* creating /usr/local/samba/var/lib* creating /usr/local/samba/var/locks* creating /usr/local/samba/var/cache* creating /usr/local/samba/var/lock* creating /usr/local/samba/var/run* creating /usr/local/samba/var/run Selected embedded Heimdal buildChecking project rules ...Project rules pass[ 1/4121] Generating replace.vscript......* installing bin/default/pidl/Parse::Pidl::Wireshark::NDR.3 as /usr/local/samba/share/man/man3/Parse::Pidl::Wireshark::NDR.3Waf: Leaving directory `/usr/local/samba-master/bin''install' finished successfully (13m48.405s)root@f10:/usr/local/samba-master # rehashroot@f10:/usr/local/samba-master # cd ..root@f10:/usr/local # rm /usr/local/samba/etc/smb.conf root@f10:/usr/local # cd samba root@f10:/usr/local/samba/bin # ./samba-tool domain provision --realm=f10.pccom.ca --domain=dcf10 --adminpass='small@1' --server-role=dcLooking up IPv4 addressesLooking up IPv6 addressesMore than one IPv6 address found. Using fe80:1::92e6:baff:fe88:db31 ....Adding DNS accountsCreating CN=MicrosoftDNS,CN=System,DC=f10,DC=pccom,DC=caCreating DomainDnsZones and ForestDnsZones partitionsPopulating DomainDnsZones and ForestDnsZones partitionsSetting up sam.ldb rootDSE marking as synchronizedFixing provision GUIDsA Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.confOnce the above files are installed, your Samba4 server will be ready to useServer Role: active directory domain controllerHostname: f10NetBIOS Domain: DCF10DNS Domain: f10.pccom.caDOMAIN SID: S-1-5-21-2143356390-769797765-818328211root@f10:/usr/local/samba/bin # cp /usr/local/samba/private/krb5.conf /etc root@f10:/usr/local/samba/sbin # ./samba -i -M singlesamba version 4.1.0pre1-GIT-e6a100e started.Copyright Andrew Tridgell and the Samba Team 1992-2012samba: using 'single' process model/usr/local/samba/sbin/samba_dnsupdate: Traceback (most recent call last):/usr/local/samba/sbin/samba_dnsupdate: File "/usr/local/samba/sbin/samba_dnsupdate", line 507, in <module>/usr/local/samba/sbin/samba_dnsupdate: get_credentials(lp)/usr/local/samba/sbin/samba_dnsupdate: File "/usr/local/samba/sbin/samba_dnsupdate", line 121, in get_credentials/usr/local/samba/sbin/samba_dnsupdate: creds.get_named_ccache(lp, ccachename)/usr/local/samba/sbin/samba_dnsupdate: RuntimeError: kinit for F10$@F10.PCCOM.CA failed (Cannot contact any KDC for requested realm)/usr/local/samba/sbin/samba_dnsupdate: ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_ACCESS_DENIED^C -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba