Fedora 32 samba active directory kerberos fail

Attempting to set up a brand new Fedora 32 server samba server. Installed samba-dc rpms all good. Followed directions from [https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller] and when I attempt the kerberos tests I get errors. Specifically when I run host -t SRV _ldap._tcp.ad.example.org I get the following error: Host _kerberos._udp.ad.example.org not found: 3(NXDOMAIN). Same with host -t SRV _kerberos._udp.ad.example.org. I get the following error: Host _kerberos._udp.ad.example.org. not found: 3(NXDOMAIN)

(BTW, “example” replaces a real domain name)

If I run klist I get the following error: klist: No credentials cache found (filename: /tmp/krb5cc_0)

kinit: kinit: Cannot find KDC for realm “AD.EXAMPLE.ORG” while getting initial credentials

Below is my krb5.conf file created during the samba-tool domain provision process:
[libdefaults]
default_realm = AD.EXAMPLE.ORG
dns_lookup_realm = false
dns_lookup_kdc = true

[realms]
AD.EXAMPLE.ORG = {
default_domain = ad.example.org

}

[domain_realm]
fedora-ad = AD.EXAMPLE.ORG

Any ideas what could be wrong? I greatly appreciate any help.

thanks in advance.

What about the DNS?
The samba server is acting as the DNS? These commands are performed from the server itself? Does the DNS configuration points to localhost?

I believe samba itself should act as DNS for the AD? Yes, these commands were performed on the server. Below is my hosts file:

[root@fedora-ad etc]# more hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.123 ad ad.example.org fedora-ad.example.org

thanks in advance.

Indeed.

And what about that?
cat /etc/resolv.conf

Results of resolv.conf:

[westbrook@fedora-ad etc]$ more resolv.conf
# Generated by NetworkManager
search example.org
nameserver 192.168.1.250

192.168.1.250 is the router running dhcp and dns.

Try to put 127.0.0.1 instead of 192.168.1.250

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.