Fedora 32 samba active directory kerberos fail

stevell3 · May 2, 2020, 5:51am

Attempting to set up a brand new Fedora 32 server samba server. Installed samba-dc rpms all good. Followed directions from [Setting up Samba as an Active Directory Domain Controller - SambaWiki] and when I attempt the kerberos tests I get errors. Specifically when I run host -t SRV _ldap._tcp.ad.example.org I get the following error: Host _kerberos._udp.ad.example.org not found: 3(NXDOMAIN). Same with host -t SRV _kerberos._udp.ad.example.org. I get the following error: Host _kerberos._udp.ad.example.org. not found: 3(NXDOMAIN)

(BTW, “example” replaces a real domain name)

If I run klist I get the following error: klist: No credentials cache found (filename: /tmp/krb5cc_0)

kinit: kinit: Cannot find KDC for realm “AD.EXAMPLE.ORG” while getting initial credentials

Below is my krb5.conf file created during the samba-tool domain provision process:
[libdefaults]
default_realm = AD.EXAMPLE.ORG
dns_lookup_realm = false
dns_lookup_kdc = true

[realms]
AD.EXAMPLE.ORG = {
default_domain = ad.example.org

[domain_realm]
fedora-ad = AD.EXAMPLE.ORG

Any ideas what could be wrong? I greatly appreciate any help.

thanks in advance.

alciregi · May 2, 2020, 5:54am

What about the DNS?
The samba server is acting as the DNS? These commands are performed from the server itself? Does the DNS configuration points to localhost?

stevell3 · May 2, 2020, 3:14pm

I believe samba itself should act as DNS for the AD? Yes, these commands were performed on the server. Below is my hosts file:

[root@fedora-ad etc]# more hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.123 ad ad.example.org fedora-ad.example.org

thanks in advance.

alciregi · May 2, 2020, 4:48pm

Indeed.

And what about that?
cat /etc/resolv.conf

stevell3 · May 2, 2020, 8:13pm

Results of resolv.conf:

[westbrook@fedora-ad etc]$ more resolv.conf
# Generated by NetworkManager
search example.org
nameserver 192.168.1.250

192.168.1.250 is the router running dhcp and dns.

alciregi · May 2, 2020, 8:27pm

Try to put 127.0.0.1 instead of 192.168.1.250

system · May 30, 2020, 8:27pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Samba ad dc server and KDC server both join to same domain but ad dc is not finding the KDC server Ask Fedora f35	0	220	June 9, 2022
SSH winbind Active Directory logon Ask Fedora	5	1821	January 2, 2022
DNS issues when joining a domain Ask Fedora	8	1374	November 2, 2021
Unable to ssh using AD credentials Ask Fedora f34 , samba	4	3263	October 31, 2021
Can't set up Samba with WSD Ask Fedora	0	888	March 6, 2021

Fedora 32 samba active directory kerberos fail

Related topics