net/samba46

Doug Sampson dougs at dawnsign.com
Tue Apr 4 22:10:06 UTC 2017 

Hello,

When I try to join a domain after building samba46, I get this error message:

root at aries:/usr/local/etc # net ads join -U dspadmin%<password>
Failed to join domain: failed to create kerberos keytab
root at aries:/usr/local/etc #


I cannot find anything in any of the samba4 logs.

root at aries:/usr/ports/net/samba46 # make showconfig
===> The following configuration options are available for samba46-4.6.1_2:
     ADS=on: Active Directory client support(implies LDAP)
     AD_DC=on: Active Directory Domain Controller support
     CUPS=off: CUPS printing system support
     DEBUG=on: Build with debugging support
     DEVELOPER=off: With development support(implies NTVFS)
     DOCS=on: Build and/or install documentation
     EXP_MODULES=off: Experimental modules(WANT_EXP_MODULES)
     FAM=on: File Alteration Monitor support
     LDAP=on: LDAP client support
     MANPAGES=off: Build manpages from DOCBOOK templates
     NTVFS=off: Build *DEPRECATED* NTVFS file server
     QUOTAS=on: Disk quota support
     SYSLOG=on: Syslog logging support
     UTMP=on: UTMP accounting support
====> Options available for the radio DNS: you can only select none or one of them
     NSUPDATE=off: Use samba NSUPDATE utility for AD DC
     BIND99=off: Use Bind 9.9 as AD DC DNS server frontend
     BIND910=off: Use Bind 9.10 as AD DC DNS server frontend
     BIND911=off: Use Bind 9.11 as AD DC DNS server frontend
====> Options available for the radio ZEROCONF: you can only select none or one of them
     AVAHI=off: Zeroconf support via Avahi
     MDNSRESPONDER=off: Zeroconf support via mDNSResponder
===> Use 'make config' to modify these settings

Testparm reveals the following:

[global]
        realm = DOMAIN.TLD
        server string = 
        workgroup = DOMAIN
        domain master = No
        local master = No
        preferred master = No
        client ldap sasl wrapping = seal
        log file = /var/log/samba4/log.%m
        disable spoolss = Yes
        load printers = No
        printcap name = /dev/null
        disable netbios = Yes
        max xmit = 65535
        min receivefile size = 16384
        name resolve order = lmhosts hosts bcast
        smb ports = 445
        kerberos method = system keytab
        security = ADS
        server signing = if_required
        deadtime = 15
        max open files = 65535
        socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
        template shell = /bin/bash
        winbind cache time = 10
        winbind enum groups = Yes
        winbind enum users = Yes
        winbind nss info = rfc2307
        winbind offline logon = Yes
        winbind refresh tickets = Yes
        winbind separator = -
        nfs4:chown = yes
        nfs4:acedup = merge
        nfs4:mode = special
        idmap config *:range = 1000-50000
        idmap config dsp:backend = rid
        idmap config dsp:default = yes
        idmap config dsp:range = 50001-60000
        idmap config * : backend = tdb
        map readonly = no
        store dos attributes = Yes
        strict locking = No
        directory name cache size = 0
        map acl inherit = Yes
        admin users = DOMAIN-doug
        hosts allow = 192.168.xxx. 192.168.xxx. 127. 10.8.
        inherit owner = Yes
        inherit permissions = Yes
        read only = No
        aio read size = 16384
        aio write size = 16384
        max connections = 65535
        use sendfile = Yes
        vfs objects = zfsacl acl_xattr audit netatalk

Using the same make configure options and the same smb4.conf on net/samba45 allows me to join a domain successfully.

~Doug

More information about the freebsd-ports mailing list