Public bug reported: I am attempting to install Samba 4 for use as a primary domain controller using version 4.0.0~alpha18.dfsg1-4 of samba4 on a new install of Ubuntu Server 12.04 beta 2 for x86-64. Installing the samba4 package, or running /usr/share/samba/setup/provision at any other time, does not configure Keberos for samba4, but this message is printed to standard output:
A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf The official Samba 4 HOWTO http://wiki.samba.org/index.php/Samba4/HOWTO suggests copying this file to /etc/krb.conf to configure Kerberos - it seems that this should be /etc/krb5.conf on Ubuntu 12.04. Unfortunately, the whole /var/lib/samba/private/krb5.conf produced by running sudo /usr/share/samba/setup/provision --realm=irishtown.localonly.rvcomerford.ie --domain=IRISHTOWN --adminpass=[the password] --server-role=dc --host-ip=10.37.55.20 on my system is this: [libdefaults] default_realm = IRISHTOWN.LOCALONLY.RVCOMERFORD.IE dns_lookup_realm = false dns_lookup_kdc = true Old posts on the samba mailing list seem to suggest that this file is incomplete http://lists.samba.org/archive/samba/2010-September/158087.html as well incorrect in other ways (dns_lookup_realm should be set to true?) http://lists.samba.org/archive/samba/2010-September/158088.html . And indeed using kinit to test Kerberos, as suggested in the HOWTO, produces a failure when this is the /etc/krb5.conf : leo@blackbox:~$ kinit -V [email protected] Using default cache: /tmp/krb5cc_1000 Using principal: [email protected] kinit: Cannot contact any KDC for realm 'IRISHTOWN.LOCALONLY.RVCOMERFORD.IE' while getting initial credentials (The kinit is the version from the krb5-clients package.) I tried producing a localised version of the krb.conf at http://lists.samba.org/archive/samba/2010-September/158087.html by hand, putting in the DC's hostname 'blackbox' for 'pdc' and 'irishtown.localonly.rvcomerford.ie' for 'example.com'. This ended up as [libdefaults] default_realm = IRISHTOWN.LOCALONLY.RVCOMERFORD.IE dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h forwardable = yes [realms] IRISHTOWN.LOCALONLY.RVCOMERFORD.IE = { kdc = blackbox.irishtown.localonly.rvcomerford.ie:88 admin_server = blackbox.irishtown.localonly.rvcomerford.ie:749 default_domain = irishtown.localonly.rvcomerford.ie } [domain_realm] .irishtown.localonly.rvcomerford.ie = IRISHTOWN.LOCALONLY.RVCOMERFORD.IE irishtown.localonly.rvcomerford.ie = IRISHTOWN.LOCALONLY.RVCOMERFORD.IE Unfortunately, making this /etc/krb5.conf and rebooting the server did not change the behaviour of kinit, which produces exactly the same result when tested in the new setup. My general network configuration seems to be working. DNS is set up, and the test host commands specified in the HOWTO all seem to work. There doesn't appear to be any firewalling going on. kinit doesn't seem to be generating any messages on /var/log/syslog . There *are* also problems which show up when using smbclient to test the samba4 installation, as suggested in the HOWTO: I have described these in bug 976137 https://bugs.launchpad.net/ubuntu/+source/samba4/+bug/976137 . ** Affects: samba4 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/976138 Title: kerberos setup fails, with broken krb5.conf To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba4/+bug/976138/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
