Re: [Samba] Samba4 in FreeBSD 9 i386 for Domain controller not working. Samba version 4.1.0 pre1-GIT cf15406
pccom frank pccom.frank at hotmail.com writes: Hi, I have deinstalled bind99 and re-made Samba4But still, Samba4 not working.The following are what I did.Looks like it is the dnsupdate problem. This time, it is the samba4's dnsupdate problem. Do I have to initialize kdc server? Those are copied from FreeBSD handbook for Kerberos 5. .Note that this /etc/krb5.conf file implies that your KDC will have the fully-qualified hostname of kerberos.example.org. You will need to add a CNAME (alias) entry to your zone file to accomplish this if your KDC has a different hostname.Note: For large networks with a properly configured BIND DNS server, ... root at f10:/usr/local/samba/sbin # ./samba -i -M singlesamba version 4.1.0pre1-GIT-e6a100e started.Copyright Andrew Tridgell and the Samba Team 1992-2012samba: using 'single' process model/usr/local/samba/sbin/samba_dnsupdate: Traceback (most recent call last):/usr/local/samba/sbin/samba_dnsupdate: File /usr/local/samba/sbin/samba_dnsupdate, line 507, in module/usr/local/samba/sbin/samba_dnsupdate: get_credentials(lp)/usr/local/samba/sbin/samba_dnsupdate: File /usr/local/samba/sbin/samba_dnsupdate, line 121, in get_credentials/usr/local/samba/sbin/samba_dnsupdate: creds.get_named_ccache(lp, ccachename)/usr/local/samba/sbin/samba_dnsupdate: RuntimeError: kinit for F10$@F10.PCCOM.CA failed (Cannot contact any KDC for requested realm)/usr/local/samba/sbin/samba_dnsupdate: ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_ACCESS_DENIED^C Did you manage to resolve this issue? I am encountering the same problem with FreeBSD9 amd64 and Samba Version 4.1.0pre1-GIT-99efe84, and so far have found no solutions. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 in FreeBSD 9 i386 for Domain controller not working. Samba version 4.1.0 pre1-GIT cf15406
On 20/11/12 02:08, pccom frank wrote: Hi, I have deinstalled bind99 and re-made Samba4 But still, Samba4 not working. The following are what I did. Looks like it is the dnsupdate problem. This time, it is the samba4's dnsupdate problem. Do I have to initialize kdc server? Those are copied from FreeBSD handbook for Kerberos 5. . Note that this /etc/krb5.conf file implies that your KDC will have the fully-qualified hostname of kerberos.example.org. You will need to add a CNAME (alias) entry to your zone file to accomplish this if your KDC has a different hostname. *Note:* For large networks with a properly configured BIND DNS server, the above example could be trimmed to: [libdefaults] default_realm = EXAMPLE.ORG With the following lines being appended to the example.org zonefile: _kerberos._udp IN SRV 01 00 88 kerberos.example.org. _kerberos._tcp IN SRV 01 00 88 kerberos.example.org. _kpasswd._udp IN SRV 01 00 464 kerberos.example.org. _kerberos-adm._tcp IN SRV 01 00 749 kerberos.example.org. _kerberos IN TXT EXAMPLE.ORG *Note:* For clients to be able to find the *Kerberos* services, you /must/ have either a fully configured /etc/krb5.conf or a minimally configured /etc/krb5.conf /and/ a properly configured DNS server. Next we will create the *Kerberos* database. This database contains the keys of all principals encrypted with a master password. You are not required to remember this password, it will be stored in a file (/var/heimdal/m-key). To create the master key, run kstash and enter a password. Once the master key has been created, you can initialize the database using the kadmin program with the -l option (standing for “local”). This option instructs kadmin to modify the database files directly rather than going through the kadmind network service. This handles the chicken-and-egg problem of trying to connect to the database before it is created. Once you have the kadmin prompt, use the init command to create your realms initial database. Lastly, while still in kadmin, create your first principal using the add command. Stick to the defaults options for the principal for now, you can always change them later with the modify command. Note that you can use the ? command at any prompt to see the available options. A sample database creation session is shown below: # kstash Master key: Verifying password - Master key: # kadmin -l kadmininit EXAMPLE.ORG Realm max ticket life [unlimited]: kadminadd tillman Max ticket life [unlimited]: Max renewable life [unlimited]: Attributes []: Password: Verifying password - Password: Now it is time to start up the KDC services. Run /etc/rc.d/kerberos start and /etc/rc.d/kadmind start to bring up the services. Note that you will not have any kerberized daemons running at this point but you should be able to confirm that the KDC is functioning by obtaining and listing a ticket for the principal (user) that you just created from the command-line of the KDC itself: % kinit/tillman/ till...@example.org's Password: % klist Credentials cache: FILE:/tmp/krb5cc_500 Principal: till...@example.org Issued Expires Principal Aug 27 15:37:58 Aug 28 01:37:58 krbtgt/example@example.org The ticket can then be revoked when you have finished: % kdestroy .. I did not do anything about Kerberos5. I am assuming Samba4 taking care about it. root@f10:/etc # cd /usr/ports/dns/bind99 root@f10:/usr/ports/dns/bind99 # make deinstall === Deinstalling for dns/bind99 === Deinstalling bind99-9.9.2 The following packages will be deinstalled: bind99-9.9.2 The deinstallation will free 33 MB Deleting bind99-9.9.2... done root@f10:/usr/ports/dns/bind99 # make clean === Cleaning for bind99-9.9.2 root@f10:/etc # cd /usr/local/samba-master root@f10:/usr/local/samba-master # git pull Already up-to-date. root@f10:/usr/local/samba-master # make clean WAF_MAKE=1 python ./buildtools/bin/waf clean Selected embedded Heimdal build 'clean' finished successfully (8.929s) root@f10:/usr/local/samba-master # make make install WAF_MAKE=1 python ./buildtools/bin/waf build Waf: Entering directory `/usr/local/samba-master/bin' Selected embedded Heimdal build [ 1/3814] Generating replace.vscript .. [3814/3814] Parse::Pidl::Wireshark::NDR.3: pidl/lib/Parse/Pidl/Wireshark/NDR.pm - bin/default/pidl/Parse::Pidl::Wireshark::NDR.3 Waf: Leaving directory `/usr/local/samba-master/bin' 'build' finished successfully (1h5m44.673s) WAF_MAKE=1 python ./buildtools/bin/waf install Waf: Entering directory `/usr/local/samba-master/bin' * creating /usr/local/samba/etc * creating /usr/local/samba/private * creating /usr/local/samba/var * creating /usr/local/samba/private * creating /usr/local/samba/var/lib * creating /usr/local/samba/var/locks * creating
Re: [Samba] Samba4 in FreeBSD 9 i386 for Domain controller not working. Samba version 4.1.0 pre1-GIT cf15406
Thank you Andrew! You are right. Let FreeBSD start its own Kerberos does not make sense since Samba4 has its own Kerberos. I can not get Samba4's Kerberos working. The following is the message I run Samba4. I am using the Samba4's internal DNS. I copied krb5.conf from /usr/local/samba/private to /etc after I run samba-tool domain provision. root@f10:/usr/local/samba/sbin # ./samba -i -M single samba version 4.1.0pre1-GIT-e6a100e started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model /usr/local/samba/sbin/samba_dnsupdate: Traceback (most recent call last): /usr/local/samba/sbin/samba_dnsupdate: File /usr/local/samba/sbin/samba_dnsupdate, line 507, in module /usr/local/samba/sbin/samba_dnsupdate: get_credentials(lp) /usr/local/samba/sbin/samba_dnsupdate: File /usr/local/samba/sbin/samba_dnsupdate, line 121, in get_credentials /usr/local/samba/sbin/samba_dnsupdate: creds.get_named_ccache(lp, ccachename) /usr/local/samba/sbin/samba_dnsupdate: RuntimeError: kinit for F10$@ F10.PCCOM.CA failed (Cannot contact any KDC for requested realm) /usr/local/samba/sbin/samba_dnsupdate: ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_ACCESS_DENIED root@f10:/usr/local/samba/sbin # uname -a FreeBSD f10 10.0-CURRENT FreeBSD 10.0-CURRENT #0: Sat Oct 6 04:49:30 UTC 2012 r...@build-i386-fbsd-2.allbsd.org:/usr/obj/i386.i386/usr/src/sys/GENERIC i386 root@f10:/usr/local/samba/sbin # cat /etc/resolv.conf domain f10.pcccom.ca nameserver 192.168.1.1 root@f10:/usr/local/samba/sbin # nslookup samba.org Server: 192.168.1.1 Address: 192.168.1.1#53 Non-authoritative answer: Name: samba.org Address: 216.83.154.106 It looks the DNS server has no problem. Please help me out! On Sun, Nov 18, 2012 at 6:38 PM, Andrew Bartlett abart...@samba.org wrote: On Fri, 2012-11-16 at 16:42 -0500, Pccom Frank wrote: Hi, Samab gurus! I tried to make Samba4 work on FreeBSD 9.1 i386 but failed to join an XP computer to the domain. What I did is: 1, git clone git://git.samba.org/samba.git samba-master 2, cd /usr/local/samba-master 3, ./configure --enable-debug --enable-selftest make make install 4, /usr/local/samba/sbin/samba-tool domain provision --realm=xyz.pccom.ca--domain=dcxyz --adminpass='123456' --server-role=dc 5, cp /usr/local/samba/private/krb.conf /etc What suggested that you should do this? 6, echo 'kerberos5_server_enable=YES' /etc/rc.conf 7, echo 'kadmind5_server_enable=YES' /etc/rc.conf This step is not included in any official Samba HOWTO. 8, echo 'domain xyz.pccom.ca' /etc/resolv.conf the dns server keep the same as before. 9, /usr/local/samba/bin/samba -i -M single I found Failed to bind to 192.168.1.248 UDP_NT_ADDRESS_ALREADY_ASSOCIATED Our KDC cannot start because you enabled a different KDC and it is listening on port 88 already. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 in FreeBSD 9 i386 for Domain controller not working. Samba version 4.1.0 pre1-GIT cf15406
Thank you Andrew! You are right. Let FreeBSD start its own Kerberos does not make sense since Samba4 has its own Kerberos. I can not get Samba4's Kerberos working. The following is the message I run Samba4. I am using the Samba4's internal DNS. I copied krb5.conf from /usr/local/samba/private to /etc after I run samba-tool domain provision. root@f10:/usr/local/samba/sbin # ./samba -i -M single samba version 4.1.0pre1-GIT-e6a100e started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model /usr/local/samba/sbin/samba_dnsupdate: Traceback (most recent call last): /usr/local/samba/sbin/samba_dnsupdate: File /usr/local/samba/sbin/samba_dnsupdate, line 507, in module /usr/local/samba/sbin/samba_dnsupdate: get_credentials(lp) /usr/local/samba/sbin/samba_dnsupdate: File /usr/local/samba/sbin/samba_dnsupdate, line 121, in get_credentials /usr/local/samba/sbin/samba_dnsupdate: creds.get_named_ccache(lp, ccachename) /usr/local/samba/sbin/samba_dnsupdate: RuntimeError: kinit for F10$@ F10.PCCOM.CA failed (Cannot contact any KDC for requested realm) /usr/local/samba/sbin/samba_dnsupdate: ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_ACCESS_DENIED root@f10:/usr/local/samba/sbin # uname -a FreeBSD f10 10.0-CURRENT FreeBSD 10.0-CURRENT #0: Sat Oct 6 04:49:30 UTC 2012 r...@build-i386-fbsd-2.allbsd.org:/usr/obj/i386.i386/usr/src/sys/GENERIC i386 root@f10:/usr/local/samba/sbin # cat /etc/resolv.conf domain f10.pcccom.ca nameserver 192.168.1.1 root@f10:/usr/local/samba/sbin # nslookup samba.org Server: 192.168.1.1 Address: 192.168.1.1#53 Non-authoritative answer: Name: samba.org Address: 216.83.154.106 It looks the DNS server has no problem. Please help me out! On Sun, Nov 18, 2012 at 6:38 PM, Andrew Bartlett abart...@samba.org wrote: On Fri, 2012-11-16 at 16:42 -0500, Pccom Frank wrote: Hi, Samab gurus! I tried to make Samba4 work on FreeBSD 9.1 i386 but failed to join an XP computer to the domain. What I did is: 1, git clone git://git.samba.org/samba.git samba-master 2, cd /usr/local/samba-master 3, ./configure --enable-debug --enable-selftest make make install 4, /usr/local/samba/sbin/samba-tool domain provision --realm=xyz.pccom.ca--domain=dcxyz --adminpass='123456' --server-role=dc 5, cp /usr/local/samba/private/krb.conf /etc What suggested that you should do this? 6, echo 'kerberos5_server_enable=YES' /etc/rc.conf 7, echo 'kadmind5_server_enable=YES' /etc/rc.conf This step is not included in any official Samba HOWTO. 8, echo 'domain xyz.pccom.ca' /etc/resolv.conf the dns server keep the same as before. 9, /usr/local/samba/bin/samba -i -M single I found Failed to bind to 192.168.1.248 UDP_NT_ADDRESS_ALREADY_ASSOCIATED Our KDC cannot start because you enabled a different KDC and it is listening on port 88 already. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Teamhttp://samba.org -- To unsubscribe from this list go to the following URL and read the instructions:https://lists.samba.org/mailman/options/samba instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 in FreeBSD 9 i386 for Domain controller not working. Samba version 4.1.0 pre1-GIT cf15406
On 11/19/2012 11:03 AM, pccom frank wrote: Thank you Andrew! You are right. Let FreeBSD start its own Kerberos does not make sense since Samba4 has its own Kerberos. I can not get Samba4's Kerberos working. The following is the message I run Samba4. I am using the Samba4's internal DNS. I copied krb5.conf from /usr/local/samba/private to /etc after I run samba-tool domain provision. root@f10:/usr/local/samba/sbin # ./samba -i -M single samba version 4.1.0pre1-GIT-e6a100e started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model /usr/local/samba/sbin/samba_dnsupdate: Traceback (most recent call last): /usr/local/samba/sbin/samba_dnsupdate: File /usr/local/samba/sbin/samba_dnsupdate, line 507, in module /usr/local/samba/sbin/samba_dnsupdate: get_credentials(lp) /usr/local/samba/sbin/samba_dnsupdate: File /usr/local/samba/sbin/samba_dnsupdate, line 121, in get_credentials /usr/local/samba/sbin/samba_dnsupdate: creds.get_named_ccache(lp, ccachename) /usr/local/samba/sbin/samba_dnsupdate: RuntimeError: kinit for F10$@ F10.PCCOM.CA failed (Cannot contact any KDC for requested realm) /usr/local/samba/sbin/samba_dnsupdate: ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_ACCESS_DENIED Have you executed kinit before start samba? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 in FreeBSD 9 i386 for Domain controller not working. Samba version 4.1.0 pre1-GIT cf15406
On 19/11/12 02:50, Pccom Frank wrote: Thank you Andrew! You are right. Let FreeBSD start its own Kerberos does not make sense since Samba4 has its own Kerberos. I can not get Samba4's Kerberos working. The following is the message I run Samba4. I am using the Samba4's internal DNS. I copied krb5.conf from /usr/local/samba/private to /etc after I run samba-tool domain provision. root@f10:/usr/local/samba/sbin # ./samba -i -M single samba version 4.1.0pre1-GIT-e6a100e started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model /usr/local/samba/sbin/samba_dnsupdate: Traceback (most recent call last): /usr/local/samba/sbin/samba_dnsupdate: File /usr/local/samba/sbin/samba_dnsupdate, line 507, in module /usr/local/samba/sbin/samba_dnsupdate: get_credentials(lp) /usr/local/samba/sbin/samba_dnsupdate: File /usr/local/samba/sbin/samba_dnsupdate, line 121, in get_credentials /usr/local/samba/sbin/samba_dnsupdate: creds.get_named_ccache(lp, ccachename) /usr/local/samba/sbin/samba_dnsupdate: RuntimeError: kinit for F10$@ F10.PCCOM.CA failed (Cannot contact any KDC for requested realm) /usr/local/samba/sbin/samba_dnsupdate: ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_ACCESS_DENIED root@f10:/usr/local/samba/sbin # uname -a FreeBSD f10 10.0-CURRENT FreeBSD 10.0-CURRENT #0: Sat Oct 6 04:49:30 UTC 2012 r...@build-i386-fbsd-2.allbsd.org:/usr/obj/i386.i386/usr/src/sys/GENERIC i386 root@f10:/usr/local/samba/sbin # cat /etc/resolv.conf domain f10.pcccom.ca nameserver 192.168.1.1 root@f10:/usr/local/samba/sbin # nslookup samba.org Server: 192.168.1.1 Address: 192.168.1.1#53 Non-authoritative answer: Name: samba.org Address: 216.83.154.106 It looks the DNS server has no problem. Please help me out! On Sun, Nov 18, 2012 at 6:38 PM, Andrew Bartlett abart...@samba.org wrote: On Fri, 2012-11-16 at 16:42 -0500, Pccom Frank wrote: Hi, Samab gurus! I tried to make Samba4 work on FreeBSD 9.1 i386 but failed to join an XP computer to the domain. What I did is: 1, git clone git://git.samba.org/samba.git samba-master 2, cd /usr/local/samba-master 3, ./configure --enable-debug --enable-selftest make make install 4, /usr/local/samba/sbin/samba-tool domain provision --realm=xyz.pccom.ca--domain=dcxyz --adminpass='123456' --server-role=dc 5, cp /usr/local/samba/private/krb.conf /etc What suggested that you should do this? 6, echo 'kerberos5_server_enable=YES' /etc/rc.conf 7, echo 'kadmind5_server_enable=YES' /etc/rc.conf This step is not included in any official Samba HOWTO. 8, echo 'domain xyz.pccom.ca' /etc/resolv.conf the dns server keep the same as before. 9, /usr/local/samba/bin/samba -i -M single I found Failed to bind to 192.168.1.248 UDP_NT_ADDRESS_ALREADY_ASSOCIATED Our KDC cannot start because you enabled a different KDC and it is listening on port 88 already. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Hello, is the ipaddress of the samba 4 server 192.168.1.1 ? because earlier you had a problem connecting to the KDC on 192.168.1.248 If 192.168.1.1 is a different machine, then alter the nameserver line in /etc/resolv.conf to point to either your samba4 servers ipaddress or 127.0.0.1 Rowland -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 in FreeBSD 9 i386 for Domain controller not working. Samba version 4.1.0 pre1-GIT cf15406
Hi,Rowland!Thank you for your help.Change the dns server to the samba server make things better. But still not working. root@f10:/etc # /usr/local/samba/sbin/samba -i -M singlesamba version 4.1.0pre1-GIT-e6a100e started.Copyright Andrew Tridgell and the Samba Team 1992-2012samba: using 'single' process model/usr/local/samba/sbin/samba_dnsupdate: /usr/bin/nsupdate: cannot specify -gor -o, program not linked with GSS API Library/usr/local/samba/sbin/samba_dnsupdate: /usr/bin/nsupdate: cannot specify -g or -o, program not linked with GSS API Library/usr/local/samba/sbin/samba_dnsupdate: /usr/bin/nsupdate: cannot specify -g or -o, program not linked with GSS API Library../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_UNSUCCESSFUL^Croot@f10:/etc # cat /etc/resolv.conf domain f10.pcccom.canameserver 127.0.0.1 root@f10:/etc # /usr/local/samba/sbin/samba -i -M singlesamba version 4.1.0pre1-GIT-e6a100e started.Copyright Andrew Tridgell and the Samba Team 1992-2012samba: using 'single' process model../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_IO_TIMEOUT ^Croot@f10:/etc # cat /etc/resolv.conf domain f10.pcccom.canameserver 192.1681.1.100root@f10:/etc # ifconfigre0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=8209bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE ether 90:e6:ba:88:db:31 inet 192.168.1.100 netmask 0xff00 broadcast 192.168.1.255 inet6 fe80::92e6:baff:fe88:db31%re0 prefixlen 64 scopeid 0x1 nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCALmedia: Ethernet autoselect (100baseTX full-duplex)status: active Date: Mon, 19 Nov 2012 16:33:24 + From: rpe...@f2s.com To: samba@lists.samba.org Subject: Re: [Samba] Samba4 in FreeBSD 9 i386 for Domain controller not working. Samba version 4.1.0 pre1-GIT cf15406 On 19/11/12 02:50, Pccom Frank wrote: Thank you Andrew! You are right. Let FreeBSD start its own Kerberos does not make sense since Samba4 has its own Kerberos. I can not get Samba4's Kerberos working. The following is the message I run Samba4. I am using the Samba4's internal DNS. I copied krb5.conf from /usr/local/samba/private to /etc after I run samba-tool domain provision. root@f10:/usr/local/samba/sbin # ./samba -i -M single samba version 4.1.0pre1-GIT-e6a100e started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model /usr/local/samba/sbin/samba_dnsupdate: Traceback (most recent call last): /usr/local/samba/sbin/samba_dnsupdate: File /usr/local/samba/sbin/samba_dnsupdate, line 507, in module /usr/local/samba/sbin/samba_dnsupdate: get_credentials(lp) /usr/local/samba/sbin/samba_dnsupdate: File /usr/local/samba/sbin/samba_dnsupdate, line 121, in get_credentials /usr/local/samba/sbin/samba_dnsupdate: creds.get_named_ccache(lp, ccachename) /usr/local/samba/sbin/samba_dnsupdate: RuntimeError: kinit for F10$@ F10.PCCOM.CA failed (Cannot contact any KDC for requested realm) /usr/local/samba/sbin/samba_dnsupdate: ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_ACCESS_DENIED root@f10:/usr/local/samba/sbin # uname -a FreeBSD f10 10.0-CURRENT FreeBSD 10.0-CURRENT #0: Sat Oct 6 04:49:30 UTC 2012 r...@build-i386-fbsd-2.allbsd.org:/usr/obj/i386.i386/usr/src/sys/GENERIC i386 root@f10:/usr/local/samba/sbin # cat /etc/resolv.conf domain f10.pcccom.ca nameserver 192.168.1.1 root@f10:/usr/local/samba/sbin # nslookup samba.org Server: 192.168.1.1 Address: 192.168.1.1#53 Non-authoritative answer: Name: samba.org Address: 216.83.154.106 It looks the DNS server has no problem. Please help me out! On Sun, Nov 18, 2012 at 6:38 PM, Andrew Bartlett abart...@samba.org wrote: On Fri, 2012-11-16 at 16:42 -0500, Pccom Frank wrote: Hi, Samab gurus! I tried to make Samba4 work on FreeBSD 9.1 i386 but failed to join an XP computer to the domain. What I did is: 1, git clone git://git.samba.org/samba.git samba-master 2, cd /usr/local/samba-master 3, ./configure --enable-debug --enable-selftest make make install 4, /usr/local/samba/sbin/samba-tool domain provision --realm=xyz.pccom.ca--domain=dcxyz --adminpass='123456' --server-role=dc 5, cp /usr/local/samba/private/krb.conf /etc What suggested that you should do this? 6, echo 'kerberos5_server_enable=YES' /etc/rc.conf 7, echo 'kadmind5_server_enable=YES' /etc/rc.conf This step is not included in any official Samba HOWTO. 8, echo 'domain xyz.pccom.ca' /etc/resolv.conf the dns server keep the same as before. 9, /usr/local/samba/bin/samba -i -M single I found Failed to bind to 192.168.1.248 UDP_NT_ADDRESS_ALREADY_ASSOCIATED Our KDC cannot start because you enabled a different KDC and it is listening on port 88 already. Andrew Bartlett -- Andrew Bartlett
Re: [Samba] Samba4 in FreeBSD 9 i386 for Domain controller not working. Samba version 4.1.0 pre1-GIT cf15406
On 19/11/12 18:46, pccom frank wrote: Hi,Rowland! Thank you for your help. Change the dns server to the samba server make things better. But still not working. root@f10:/etc # /usr/local/samba/sbin/samba -i -M single samba version 4.1.0pre1-GIT-e6a100e started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model /usr/local/samba/sbin/samba_dnsupdate: /usr/bin/nsupdate: cannot specify -gor -o, program not linked with GSS API Library /usr/local/samba/sbin/samba_dnsupdate: /usr/bin/nsupdate: cannot specify -gor -o, program not linked with GSS API Library /usr/local/samba/sbin/samba_dnsupdate: /usr/bin/nsupdate: cannot specify -gor -o, program not linked with GSS API Library ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_UNSUCCESSFUL ^C root@f10:/etc # cat /etc/resolv.conf domain f10.pcccom.ca nameserver 127.0.0.1 root@f10:/etc # /usr/local/samba/sbin/samba -i -M single samba version 4.1.0pre1-GIT-e6a100e started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_IO_TIMEOUT ^C root@f10:/etc # cat /etc/resolv.conf domain f10.pcccom.ca nameserver 192.1681.1.100 root@f10:/etc # ifconfig re0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=8209bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE ether 90:e6:ba:88:db:31 inet 192.168.1.100 netmask 0xff00 broadcast 192.168.1.255 inet6 fe80::92e6:baff:fe88:db31%re0 prefixlen 64 scopeid 0x1 nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL media: Ethernet autoselect (100baseTX full-duplex) status: active Date: Mon, 19 Nov 2012 16:33:24 + From: rpe...@f2s.com To: samba@lists.samba.org Subject: Re: [Samba] Samba4 in FreeBSD 9 i386 for Domain controller not working. Samba version 4.1.0 pre1-GIT cf15406 On 19/11/12 02:50, Pccom Frank wrote: Thank you Andrew! You are right. Let FreeBSD start its own Kerberos does not make sense since Samba4 has its own Kerberos. I can not get Samba4's Kerberos working. The following is the message I run Samba4. I am using the Samba4's internal DNS. I copied krb5.conf from /usr/local/samba/private to /etc after I run samba-tool domain provision. root@f10:/usr/local/samba/sbin # ./samba -i -M single samba version 4.1.0pre1-GIT-e6a100e started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model /usr/local/samba/sbin/samba_dnsupdate: Traceback (most recent call last): /usr/local/samba/sbin/samba_dnsupdate: File /usr/local/samba/sbin/samba_dnsupdate, line 507, in module /usr/local/samba/sbin/samba_dnsupdate: get_credentials(lp) /usr/local/samba/sbin/samba_dnsupdate: File /usr/local/samba/sbin/samba_dnsupdate, line 121, in get_credentials /usr/local/samba/sbin/samba_dnsupdate: creds.get_named_ccache(lp, ccachename) /usr/local/samba/sbin/samba_dnsupdate: RuntimeError: kinit for F10$@ F10.PCCOM.CA failed (Cannot contact any KDC for requested realm) /usr/local/samba/sbin/samba_dnsupdate: ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_ACCESS_DENIED root@f10:/usr/local/samba/sbin # uname -a FreeBSD f10 10.0-CURRENT FreeBSD 10.0-CURRENT #0: Sat Oct 6 04:49:30 UTC 2012 r...@build-i386-fbsd-2.allbsd.org:/usr/obj/i386.i386/usr/src/sys/GENERIC i386 root@f10:/usr/local/samba/sbin # cat /etc/resolv.conf domain f10.pcccom.ca nameserver 192.168.1.1 root@f10:/usr/local/samba/sbin # nslookup samba.org Server: 192.168.1.1 Address: 192.168.1.1#53 Non-authoritative answer: Name: samba.org Address: 216.83.154.106 It looks the DNS server has no problem. Please help me out! On Sun, Nov 18, 2012 at 6:38 PM, Andrew Bartlett abart...@samba.org wrote: On Fri, 2012-11-16 at 16:42 -0500, Pccom Frank wrote: Hi, Samab gurus! I tried to make Samba4 work on FreeBSD 9.1 i386 but failed to join an XP computer to the domain. What I did is: 1, git clone git://git.samba.org/samba.git samba-master 2, cd /usr/local/samba-master 3, ./configure --enable-debug --enable-selftest make make install 4, /usr/local/samba/sbin/samba-tool domain provision --realm=xyz.pccom.ca--domain=dcxyz --adminpass='123456' --server-role=dc 5, cp /usr/local/samba/private/krb.conf /etc What suggested that you should do this? 6, echo 'kerberos5_server_enable=YES' /etc/rc.conf 7, echo 'kadmind5_server_enable=YES' /etc/rc.conf This step is not included in any official Samba HOWTO. 8, echo 'domain xyz.pccom.ca' /etc/resolv.conf the dns server keep the same as before. 9, /usr/local/samba/bin/samba -i -M single I found Failed to bind to 192.168.1.248 UDP_NT_ADDRESS_ALREADY_ASSOCIATED Our KDC cannot start because you enabled a different KDC and it is listening on port 88 already. Andrew Bartlett -- Andrew
Re: [Samba] Samba4 in FreeBSD 9 i386 for Domain controller not working. Samba version 4.1.0 pre1-GIT cf15406
On 19/11/12 19:15, Rowland Penny wrote: On 19/11/12 18:46, pccom frank wrote: Hi,Rowland! Thank you for your help. Change the dns server to the samba server make things better. But still not working. root@f10:/etc # /usr/local/samba/sbin/samba -i -M single samba version 4.1.0pre1-GIT-e6a100e started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model /usr/local/samba/sbin/samba_dnsupdate: /usr/bin/nsupdate: cannot specify -gor -o, program not linked with GSS API Library /usr/local/samba/sbin/samba_dnsupdate: /usr/bin/nsupdate: cannot specify -gor -o, program not linked with GSS API Library /usr/local/samba/sbin/samba_dnsupdate: /usr/bin/nsupdate: cannot specify -gor -o, program not linked with GSS API Library ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_UNSUCCESSFUL ^C root@f10:/etc # cat /etc/resolv.conf domain f10.pcccom.ca nameserver 127.0.0.1 root@f10:/etc # /usr/local/samba/sbin/samba -i -M single samba version 4.1.0pre1-GIT-e6a100e started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_IO_TIMEOUT ^C root@f10:/etc # cat /etc/resolv.conf domain f10.pcccom.ca nameserver 192.1681.1.100 root@f10:/etc # ifconfig re0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=8209bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE ether 90:e6:ba:88:db:31 inet 192.168.1.100 netmask 0xff00 broadcast 192.168.1.255 inet6 fe80::92e6:baff:fe88:db31%re0 prefixlen 64 scopeid 0x1 nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL media: Ethernet autoselect (100baseTX full-duplex) status: active Date: Mon, 19 Nov 2012 16:33:24 + From: rpe...@f2s.com To: samba@lists.samba.org Subject: Re: [Samba] Samba4 in FreeBSD 9 i386 for Domain controller not working. Samba version 4.1.0 pre1-GIT cf15406 On 19/11/12 02:50, Pccom Frank wrote: Thank you Andrew! You are right. Let FreeBSD start its own Kerberos does not make sense since Samba4 has its own Kerberos. I can not get Samba4's Kerberos working. The following is the message I run Samba4. I am using the Samba4's internal DNS. I copied krb5.conf from /usr/local/samba/private to /etc after I run samba-tool domain provision. root@f10:/usr/local/samba/sbin # ./samba -i -M single samba version 4.1.0pre1-GIT-e6a100e started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model /usr/local/samba/sbin/samba_dnsupdate: Traceback (most recent call last): /usr/local/samba/sbin/samba_dnsupdate: File /usr/local/samba/sbin/samba_dnsupdate, line 507, in module /usr/local/samba/sbin/samba_dnsupdate: get_credentials(lp) /usr/local/samba/sbin/samba_dnsupdate: File /usr/local/samba/sbin/samba_dnsupdate, line 121, in get_credentials /usr/local/samba/sbin/samba_dnsupdate: creds.get_named_ccache(lp, ccachename) /usr/local/samba/sbin/samba_dnsupdate: RuntimeError: kinit for F10$@ F10.PCCOM.CA failed (Cannot contact any KDC for requested realm) /usr/local/samba/sbin/samba_dnsupdate: ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_ACCESS_DENIED root@f10:/usr/local/samba/sbin # uname -a FreeBSD f10 10.0-CURRENT FreeBSD 10.0-CURRENT #0: Sat Oct 6 04:49:30 UTC 2012 r...@build-i386-fbsd-2.allbsd.org:/usr/obj/i386.i386/usr/src/sys/GENERIC i386 root@f10:/usr/local/samba/sbin # cat /etc/resolv.conf domain f10.pcccom.ca nameserver 192.168.1.1 root@f10:/usr/local/samba/sbin # nslookup samba.org Server: 192.168.1.1 Address: 192.168.1.1#53 Non-authoritative answer: Name: samba.org Address: 216.83.154.106 It looks the DNS server has no problem. Please help me out! On Sun, Nov 18, 2012 at 6:38 PM, Andrew Bartlett abart...@samba.org wrote: On Fri, 2012-11-16 at 16:42 -0500, Pccom Frank wrote: Hi, Samab gurus! I tried to make Samba4 work on FreeBSD 9.1 i386 but failed to join an XP computer to the domain. What I did is: 1, git clone git://git.samba.org/samba.git samba-master 2, cd /usr/local/samba-master 3, ./configure --enable-debug --enable-selftest make make install 4, /usr/local/samba/sbin/samba-tool domain provision --realm=xyz.pccom.ca--domain=dcxyz --adminpass='123456' --server-role=dc 5, cp /usr/local/samba/private/krb.conf /etc What suggested that you should do this? 6, echo 'kerberos5_server_enable=YES' /etc/rc.conf 7, echo 'kadmind5_server_enable=YES' /etc/rc.conf This step is not included in any official Samba HOWTO. 8, echo 'domain xyz.pccom.ca' /etc/resolv.conf the dns server keep the same as before. 9, /usr/local/samba/bin/samba -i -M single I found Failed to bind to 192.168.1.248 UDP_NT_ADDRESS_ALREADY_ASSOCIATED Our KDC cannot start because you enabled a different KDC and it is listening on port 88
Re: [Samba] Samba4 in FreeBSD 9 i386 for Domain controller not working. Samba version 4.1.0 pre1-GIT cf15406
Hi, I have deinstalled bind99 and re-made Samba4But still, Samba4 not working.The following are what I did.Looks like it is the dnsupdate problem. This time, it is the samba4's dnsupdate problem. Do I have to initialize kdc server? Those are copied from FreeBSD handbook for Kerberos 5. .Note that this /etc/krb5.conf file implies that your KDC will have the fully-qualified hostname of kerberos.example.org. You will need to add a CNAME (alias) entry to your zone file to accomplish this if your KDC has a different hostname.Note: For large networks with a properly configured BIND DNS server, the above example could be trimmed to:[libdefaults] default_realm = EXAMPLE.ORG With the following lines being appended to the example.org zonefile:_kerberos._udp IN SRV 01 00 88 kerberos.example.org. _kerberos._tcp IN SRV 01 00 88 kerberos.example.org. _kpasswd._udp IN SRV 01 00 464 kerberos.example.org. _kerberos-adm._tcp IN SRV 01 00 749 kerberos.example.org. _kerberos IN TXT EXAMPLE.ORG Note: For clients to be able to find the Kerberos services, you must have either a fully configured /etc/krb5.conf or a minimally configured /etc/krb5.conf and a properly configured DNS server.Next we will create the Kerberos database. This database contains the keys of all principals encrypted with a master password. You are not required to remember this password, it will be stored in a file (/var/heimdal/m-key). To create the master key, run kstash and enter a password.Once the master key has been created, you can initialize the database using the kadmin program with the -l option (standing for “local”). This option instructs kadmin to modify the database files directly rather than going through the kadmind network service. This handles the chicken-and-egg problem of trying to connect to the database before it is created. Once you have the kadmin prompt, use the init command to create your realms initial database.Lastly, while still in kadmin, create your first principal using the add command. Stick to the defaults options for the principal for now, you can always change them later with the modify command. Note that you can use the ? command at any prompt to see the available options.A sample database creation session is shown below:# kstash Master key: Verifying password - Master key: # kadmin -l kadmin init EXAMPLE.ORG Realm max ticket life [unlimited]: kadmin add tillman Max ticket life [unlimited]: Max renewable life [unlimited]: Attributes []: Password: Verifying password - Password: Now it is time to start up the KDC services. Run /etc/rc.d/kerberos start and /etc/rc.d/kadmind start to bring up the services. Note that you will not have any kerberized daemons running at this point but you should be able to confirm that the KDC is functioning by obtaining and listing a ticket for the principal (user) that you just created from the command-line of the KDC itself:% kinit tillman till...@example.org's Password: % klist Credentials cache: FILE:/tmp/krb5cc_500 Principal: till...@example.org Issued Expires Principal Aug 27 15:37:58 Aug 28 01:37:58 krbtgt/example@example.org The ticket can then be revoked when you have finished:% kdestroy ..I did not do anything about Kerberos5. I am assuming Samba4 taking care about it. root@f10:/etc # cd /usr/ports/dns/bind99root@f10:/usr/ports/dns/bind99 # make deinstall === Deinstalling for dns/bind99=== Deinstalling bind99-9.9.2The following packages will be deinstalled: bind99-9.9.2 The deinstallation will free 33 MBDeleting bind99-9.9.2... doneroot@f10:/usr/ports/dns/bind99 # make clean=== Cleaning for bind99-9.9.2root@f10:/etc # cd /usr/local/samba-masterroot@f10:/usr/local/samba-master # git pullAlready up-to-date.root@f10:/usr/local/samba-master # make cleanWAF_MAKE=1 python ./buildtools/bin/waf clean Selected embedded Heimdal build'clean' finished successfully (8.929s)root@f10:/usr/local/samba-master # make make installWAF_MAKE=1 python ./buildtools/bin/waf buildWaf: Entering directory `/usr/local/samba-master/bin' Selected embedded Heimdal build[ 1/3814] Generating replace.vscript..[3814/3814] Parse::Pidl::Wireshark::NDR.3: pidl/lib/Parse/Pidl/Wireshark/NDR.pm - bin/default/pidl/Parse::Pidl::Wireshark::NDR.3Waf: Leaving directory `/usr/local/samba-master/bin''build' finished successfully (1h5m44.673s)WAF_MAKE=1 python ./buildtools/bin/waf installWaf: Entering directory `/usr/local/samba-master/bin'* creating /usr/local/samba/etc* creating /usr/local/samba/private* creating /usr/local/samba/var* creating /usr/local/samba/private* creating /usr/local/samba/var/lib* creating /usr/local/samba/var/locks* creating /usr/local/samba/var/cache* creating /usr/local/samba/var/lock* creating /usr/local/samba/var/run* creating /usr/local/samba/var/run
Re: [Samba] Samba4 in FreeBSD 9 i386 for Domain controller not working. Samba version 4.1.0 pre1-GIT cf15406
On Fri, 2012-11-16 at 16:42 -0500, Pccom Frank wrote: Hi, Samab gurus! I tried to make Samba4 work on FreeBSD 9.1 i386 but failed to join an XP computer to the domain. What I did is: 1, git clone git://git.samba.org/samba.git samba-master 2, cd /usr/local/samba-master 3, ./configure --enable-debug --enable-selftest make make install 4, /usr/local/samba/sbin/samba-tool domain provision --realm=xyz.pccom.ca--domain=dcxyz --adminpass='123456' --server-role=dc 5, cp /usr/local/samba/private/krb.conf /etc What suggested that you should do this? 6, echo 'kerberos5_server_enable=YES' /etc/rc.conf 7, echo 'kadmind5_server_enable=YES' /etc/rc.conf This step is not included in any official Samba HOWTO. 8, echo 'domain xyz.pccom.ca' /etc/resolv.conf the dns server keep the same as before. 9, /usr/local/samba/bin/samba -i -M single I found Failed to bind to 192.168.1.248 UDP_NT_ADDRESS_ALREADY_ASSOCIATED Our KDC cannot start because you enabled a different KDC and it is listening on port 88 already. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 in FreeBSD 9 i386 for Domain controller not working. Samba version 4.1.0 pre1-GIT cf15406
Hi, Samab gurus! I tried to make Samba4 work on FreeBSD 9.1 i386 but failed to join an XP computer to the domain. What I did is: 1, git clone git://git.samba.org/samba.git samba-master 2, cd /usr/local/samba-master 3, ./configure --enable-debug --enable-selftest make make install 4, /usr/local/samba/sbin/samba-tool domain provision --realm=xyz.pccom.ca--domain=dcxyz --adminpass='123456' --server-role=dc 5, cp /usr/local/samba/private/krb.conf /etc 6, echo 'kerberos5_server_enable=YES' /etc/rc.conf 7, echo 'kadmind5_server_enable=YES' /etc/rc.conf 8, echo 'domain xyz.pccom.ca' /etc/resolv.conf the dns server keep the same as before. 9, /usr/local/samba/bin/samba -i -M single I found Failed to bind to 192.168.1.248 UDP_NT_ADDRESS_ALREADY_ASSOCIATED I do git pull every day. In the samba-master directory, I did a make test, many failures and errors. If any one can help me, I can send the st/summary files to him. Your help will be appreciated. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
