I have a problem in setting up Samba 4 Active Directory with MIT Kerberos.
I followed the steps detailed in the page:
The samba daemon won't start.
../../source4/smbd/server.c:622(binary_smbd_main) samba version 4.11.8 started.
Copyright Andrew Tridgell and the Samba Team 1992-2019
../../source4/smbd/server.c:865(binary_smbd_main) binary_smbd_main: samba: using 'prefork' process model
../../source4/smbd/service_task.c:36(task_server_terminate) task_server_terminate: task_server_terminate: [KDC: Initialize kadm5]
../../lib/util/become_daemon.c:135(daemon_ready) daemon_ready: daemon 'samba' finished starting up and ready to serve connections
../../source4/smbd/server.c:370(samba_terminate) samba_terminate: samba_terminate of samba 2012: KDC: Initialize kadm5
I also found a message about missing Kerberos database :
krb5kdc[1432]: Cannot open DB2 database '/var/kerberos/krb5kdc/principal': File o directory non esistente - while initializing database for realm MYDOMAIN.IT
But if I try to create it, I get an error:
# kdb5_util create -s
Loading random data
Initializing database '/var/kerberos/krb5kdc/principal' for realm 'MYDOMAIN.IT',
master key name 'K/[email protected]'
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter KDC database master key:
Re-enter KDC database master key to verify:
kdb5_util: Database type not supported while creating database '/var/kerberos/krb5kdc/principal'
The "samba" database type is not accepted by the kerberos command.
In the [dbmodules] section of kdc.conf configuration file, I see
db_module_dir = /usr/lib64/krb5/plugins/kdb
and
db_library = samba
# ls -l /usr/lib64/krb5/plugins/kdb/samba.so
-rwxr-xr-x 1 root root 45632 28 apr 22.34 /usr/lib64/krb5/plugins/kdb/samba.so
( it exists )
maybe I could remove the [dbmodules] section from the kdc.conf file, using a type of database accepted by MIT Kerberos .... But then I don't know if Samba would still work in the same way
Here is my krb5.conf file:
---------------------------------------------
[libdefaults]
default_realm = MYDOMAIN.IT
dns_lookup_realm = false
dns_lookup_kdc = true
[realms]
MYDOMAIN.IT = {
default_domain = MYDOMAIN.IT
}
[domain_realm]
aecdomain = MYDOMAIN.IT
---------------------------------------------
Here is my /var/kerberos/krb5kdc/kdc.conf file:
---------------------------------------------
[kdcdefaults]
kdc_ports = 88
kdc_tcp_ports = 88
kadmind_port = 464
[realms]
MYDOMAIN.IT = {
}
MYDOMAIN.IT = {
}
MYDOMAIN = {
}
[dbmodules]
db_module_dir = /usr/lib64/krb5/plugins/kdb
MYDOMAIN.IT = {
db_library = samba
}
MYDOMAIN.IT = {
db_library = samba
}
MYDOMAIN = {
db_library = samba
}
[logging]
kdc = FILE:/var/log/samba/mit_kdc.log
admin_server = FILE:/var/log/samba/mit_kadmin.log
---------------------------------------------
Samba version:
samba-4.11.8-0.fc31.x86_64
samba-dc-4.11.8-0.fc31.x86_64
samba-dc-libs-4.11.8-0.fc31.x86_64
samba-dc-provision-4.11.8-0.fc31.noarch
Can you please help me fix?
I followed the steps detailed in the page:
The samba daemon won't start.
../../source4/smbd/server.c:622(binary_smbd_main) samba version 4.11.8 started.
Copyright Andrew Tridgell and the Samba Team 1992-2019
../../source4/smbd/server.c:865(binary_smbd_main) binary_smbd_main: samba: using 'prefork' process model
../../source4/smbd/service_task.c:36(task_server_terminate) task_server_terminate: task_server_terminate: [KDC: Initialize kadm5]
../../lib/util/become_daemon.c:135(daemon_ready) daemon_ready: daemon 'samba' finished starting up and ready to serve connections
../../source4/smbd/server.c:370(samba_terminate) samba_terminate: samba_terminate of samba 2012: KDC: Initialize kadm5
I also found a message about missing Kerberos database :
krb5kdc[1432]: Cannot open DB2 database '/var/kerberos/krb5kdc/principal': File o directory non esistente - while initializing database for realm MYDOMAIN.IT
But if I try to create it, I get an error:
# kdb5_util create -s
Loading random data
Initializing database '/var/kerberos/krb5kdc/principal' for realm 'MYDOMAIN.IT',
master key name 'K/[email protected]'
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter KDC database master key:
Re-enter KDC database master key to verify:
kdb5_util: Database type not supported while creating database '/var/kerberos/krb5kdc/principal'
The "samba" database type is not accepted by the kerberos command.
In the [dbmodules] section of kdc.conf configuration file, I see
db_module_dir = /usr/lib64/krb5/plugins/kdb
and
db_library = samba
# ls -l /usr/lib64/krb5/plugins/kdb/samba.so
-rwxr-xr-x 1 root root 45632 28 apr 22.34 /usr/lib64/krb5/plugins/kdb/samba.so
( it exists )
maybe I could remove the [dbmodules] section from the kdc.conf file, using a type of database accepted by MIT Kerberos .... But then I don't know if Samba would still work in the same way
Here is my krb5.conf file:
---------------------------------------------
[libdefaults]
default_realm = MYDOMAIN.IT
dns_lookup_realm = false
dns_lookup_kdc = true
[realms]
MYDOMAIN.IT = {
default_domain = MYDOMAIN.IT
}
[domain_realm]
aecdomain = MYDOMAIN.IT
---------------------------------------------
Here is my /var/kerberos/krb5kdc/kdc.conf file:
---------------------------------------------
[kdcdefaults]
kdc_ports = 88
kdc_tcp_ports = 88
kadmind_port = 464
[realms]
MYDOMAIN.IT = {
}
MYDOMAIN.IT = {
}
MYDOMAIN = {
}
[dbmodules]
db_module_dir = /usr/lib64/krb5/plugins/kdb
MYDOMAIN.IT = {
db_library = samba
}
MYDOMAIN.IT = {
db_library = samba
}
MYDOMAIN = {
db_library = samba
}
[logging]
kdc = FILE:/var/log/samba/mit_kdc.log
admin_server = FILE:/var/log/samba/mit_kadmin.log
---------------------------------------------
Samba version:
samba-4.11.8-0.fc31.x86_64
samba-dc-4.11.8-0.fc31.x86_64
samba-dc-libs-4.11.8-0.fc31.x86_64
samba-dc-provision-4.11.8-0.fc31.noarch
Can you please help me fix?