start from scratch
pkill samba removepkg samba rm -rf /etc/samba/ /var/log/samba/ /var/lib/samba/ /var/cache/samba/ /etc/rc.d/rc.samba # /usr/lib64/python3.9/site-packages/samba/ slackpkg install samba
WARNING 2021-12-05 19:29:04,070 pid:5017 /usr/lib64/python3.9/site-packages/samba/provision/__init__.py #2110: More than one IPv4 address found. Using 192.168.122.12
==> also define --host-ip
/usr/sbin/samba_dnsupdate: ; TSIG error with server: tsig verify failure dnsupdate_nameupdate_done: Failed DNS update with exit code 10
==> point your stub-resolver to yourself
/usr/sbin/samba_dnsupdate: ERROR: Record already exist; record could not be added. zone[example.net] name[@]
==> absolutely had to point name resolution of the system against itself to begin with — /etc/resolv.conf
needs to use the local DC
server_service_startup: Failed to start service 'kdc' - NT_STATUS_INVALID_SYSTEM_SERVICE
==> install krb5 and pam-krb5
mit_kdc.log: Cannot open DB2 database '/var/kerberos/krb5kdc/principal': No such file or directory - while initializing database for realm v=spf1 mx a -all
==> re-run provisioning after you’ve installed krb5 and deploy the sample krb5.conf
: Operation not permitted /usr/sbin/krb5kdc: Stash file (null) uses DEPRECATED enctype ! : Operation not permitted /usr/sbin/krb5kdc: Stash file (null) uses DEPRECATED enctype ! mit_kdc.log: Dec 01 20:12:12 slack2 krb5kdc[1871](Error): preauth pkinit failed to initialize: PKINIT initialization failed: No pkinit_identity supplied for realm EXAMPLE.NET Dec 01 20:12:12 slack2 krb5kdc[1871](Error): preauth spake failed to initialize: No SPAKE preauth groups configured
==> apparently we need a stash file (keytab)
(Error): Can not fetch master key (error: No such file or directory). - while fetching master key K/M for realm
==> destroy and re-create the principal
kinit: Cannot find KDC for realm "EXAMPLE.NET" while getting initial credentials
==> define realms/EXAMPLE.NET admin_server
and kdc
in krb5.conf
kdb5_util: Database type not supported while creating database '/var/kerberos/krb5kdc/principal'
==> could define db_library
in kdc.conf but that’s probably not the right thing to do (should keep samba
)
kdb5_util: Program lacks support for key type while setting up enctype 511
==> …
ERROR: Failed to find a writeable DC for domain 'EXAMPLE.NET': The object name is not found.
==> ?
/usr/sbin/samba_dnsupdate: ERROR: Record already exists on fresh AD with internal DNS setup https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871655
ERROR: “kinit: Cannot find KDC for realm
https://docs.oracle.com/cd/E53394_01/html/E54787/kdc-strongenc.html
https://docs.oracle.com/cd/E86824_01/html/E54775/krb5.conf-4.html
https://www.ibm.com/docs/ru/elm/6.0.5?topic=files-configuring-krb5-file
https://www.ibm.com/docs/en/elm/7.0.3?topic=files-configuring-krb5-file
https://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/krb5_conf.html
https://web.mit.edu/kerberos/krb5-devel/doc/admin/enctypes.html
https://comp.protocols.kerberos.narkive.com/ZRjUzXnL/creating-the-database