Centos – Samba 4x domain. No logon servers available

bindcentosdomaindomain-name-systemsamba

I've been migrating a server that was RHEL 5 32 bit to a Centos 7 64 bit server. This a file sharing / domain server, and I have experience setting up Windows Domains, but not samba domains.

My issue right now is that I can add a client windows machine to the domain, but when i attempt to add a user, I get the Trust relationship has been broken with the domain controller.
I looked into some peoples questions that had the same issue, and it seemed as though that just logging in would fix that, so i attempted to log in with a domain user, and I got there were no logon servers found.

What I've done so far:

I Have copied DNS, and SMB confs to new server
Ran into issue where client couldn't resolve hostname, was related to DNS
Could not find user… Users password had not been set
Client pc is now able to join domain except I cannot add a user (get trust has been broken)
On attempted logon I get no logon servers available.

Other than dns I cant seem to think what would be causing this issue, besides having the other domain /dns on.

another note, I have edited the dns conf on the old server to have the new servers information, and its the only dns running, as having the second dns server running at the same time might be problematic. I am new to doing DNS and Samba as a domain controller, so pardon any ignorance.

Best Answer

The samba4 packages that ship with both CentOS 6 and 7 do not have domain controller functionality. If you look inside, eg, samba-dc-4.2.3-10.el7.x86_64.rpm, you'll find it contains exactly one file, /usr/share/doc/samba-dc-4.2.3/README.dc. This file reads as follows:

MIT Kerberos 5 Support

Fedora is using MIT Kerberos implementation as its Kerberos infrastructure of choice. The Samba build in Fedora is using MIT Kerberos implementation in order to allow system-wide interoperability between both desktop and server applications running on the same machine.

At the moment the Samba Active Directory Domain Controller implementation is not available with MIT Kereberos. FreeIPA and Samba Team members are currently working on Samba MIT Kerberos support as this is a requirement for a GNU/Linux distribution integration of Samba AD DC features.

We have just finished migrating the file server and all client utilities to MIT Kerberos. The result of this work is available in samba-* packages in Fedora. We'll provide Samba AD DC functionality as soon as its support of MIT Kerberos KDC will be ready.

In case of further questions do not hesitate to send your inquiries to samba-owner@fedoraproject.org

If you want to run a SaMBa4 domain controller on CentOS, you will need to build SaMBa from source yourself. The samba project wiki contains excellent instructions for doing this, and there are doubtless other such guides around the 'net.

Related Topic