Troubleshooting Samba v4

preliminary notes

start from scratch

pkill samba
    removepkg samba
    rm -rf /etc/samba/ /var/log/samba/ /var/lib/samba/ /var/cache/samba/ /etc/rc.d/rc.samba
    # /usr/lib64/python3.9/site-packages/samba/
slackpkg install samba

provision

WARNING 2021-12-05 19:29:04,070 pid:5017 /usr/lib64/python3.9/site-packages/samba/provision/__init__.py #2110: More than one IPv4 address found. Using 192.168.122.12

==> also define --host-ip

/usr/sbin/samba_dnsupdate: ; TSIG error with server: tsig verify failure

dnsupdate_nameupdate_done: Failed DNS update with exit code 10

==> point your stub-resolver to yourself

/usr/sbin/samba_dnsupdate: ERROR: Record already exist; record could not be added. zone[example.net] name[@]

==> absolutely had to point name resolution of the system against itself to begin with — /etc/resolv.conf needs to use the local DC

kerberos

server_service_startup: Failed to start service 'kdc' - NT_STATUS_INVALID_SYSTEM_SERVICE

==> install krb5 and pam-krb5

mit_kdc.log:
Cannot open DB2 database '/var/kerberos/krb5kdc/principal': No such file or directory - while initializing database for realm v=spf1 mx a -all

==> re-run provisioning after you’ve installed krb5 and deploy the sample krb5.conf

: Operation not permitted /usr/sbin/krb5kdc: Stash file (null) uses DEPRECATED enctype !
: Operation not permitted /usr/sbin/krb5kdc: Stash file (null) uses DEPRECATED enctype !

mit_kdc.log:
Dec 01 20:12:12 slack2 krb5kdc[1871](Error): preauth pkinit failed to initialize: PKINIT initialization failed: No pkinit_identity supplied for realm EXAMPLE.NET
Dec 01 20:12:12 slack2 krb5kdc[1871](Error): preauth spake failed to initialize: No SPAKE preauth groups configured

==> apparently we need a stash file (keytab)

    (Error): Can not fetch master key (error: No such file or directory). - while fetching master key K/M for realm

==> destroy and re-create the principal

    kinit: Cannot find KDC for realm "EXAMPLE.NET" while getting initial credentials

==> define realms/EXAMPLE.NET admin_server and kdc in krb5.conf

kdb5_util: Database type not supported while creating database '/var/kerberos/krb5kdc/principal'

==> could define db_library in kdc.conf but that’s probably not the right thing to do (should keep samba)

kdb5_util: Program lacks support for key type while setting up enctype 511

==> …

bdc

ERROR: Failed to find a writeable DC for domain 'EXAMPLE.NET': The object name is not found.

==> ?

Resources

/usr/sbin/samba_dnsupdate: ERROR: Record already exists on fresh AD with internal DNS setup https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871655

ERROR: “kinit: Cannot find KDC for realm while getting initial credentials” when kinit to generate credential cache fails https://knowledge.informatica.com/s/article/608487?language=en_US

enc types

https://docs.oracle.com/cd/E53394_01/html/E54787/kdc-strongenc.html

https://docs.oracle.com/cd/E86824_01/html/E54775/krb5.conf-4.html

https://www.ibm.com/docs/ru/elm/6.0.5?topic=files-configuring-krb5-file

https://www.ibm.com/docs/en/elm/7.0.3?topic=files-configuring-krb5-file

https://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/krb5_conf.html

https://web.mit.edu/kerberos/krb5-devel/doc/admin/enctypes.html

https://comp.protocols.kerberos.narkive.com/ZRjUzXnL/creating-the-database


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | NU | HTML5
Copyright © 2022 Pierre-Philipp Braun