Hello
I want to configure Samba AD on Fedora 39.
I have 2 DC replicating correctly. When I try to connect another computer as samba member with:
sudo realm join OFFICE.COMPANY.COM
it fails with this error
* Trying to set computer password with Kerberos kvě 03 14:15:14 smbmem41.office.company.com realmd[315828]: ! Couldn't set password for computer account: SMBMEM41$: Cannot contact any KDC for requested realm kvě 03 14:15:14 smbmem41.office.company.com realmd[315828]: adcli: joining domain office.company.com failed: Couldn't set password for computer account: SMBMEM41$: Cannot contact any KDC for requested realm kvě 03 14:15:14 smbmem41.office.company.com realmd[315828]: process exited: 315924 kvě 03 14:15:14 smbmem41.office.company.com realmd[315828]: ! Failed to join the domain
after investigation I've found there is problem with krb5kdc not listening on public IP on port 464 https://forums.opensuse.org/t/access-denied-between-windows-member-samba-adc...
listening on IPv6 localhost [::1]:464 only
sudo ss -tupln | grep 464 udp UNCONN 0 0 [::1]:464 [::]:* users:(("kdc[master]",pid=209134,fd=38)) tcp LISTEN 0 10 [::1]:464 [::]:* users:(("kdc[master]",pid=209134,fd=37))
I've tried to change configuration in file:
/var/lib/samba/private/kdc.conf
[kdcdefaults] kdc_listen = 0.0.0.0 kdc_tcp_listen = 0.0.0.0 kpasswd_listen = 127.0.0.1:464 192.168.95.111:464 kadmind_listen = 127.0.0.1 192.168.95.111 kdc_ports = 88 kdc_tcp_ports = 88 #kadmind_port = 464 restrict_anonymous_to_tgt = true
when I change "kdc_tcp_listen" or "kadmind_listen" listening IPs are changing
but change of "kpasswd_listen" directive make no difference.
Is it bug in fedora samba package or I'm doing something wrong?
Pavel