Critical KDC service error - should I really worry?

CABrouwers · October 1, 2018, 3:25am

My UCS system has successfully taken over an AD domain from a Window 2012 server. Everything seems to be working fine however the system diagnostics show a critical KDC service error ?

samba/interfaces does not contain lo, 127.0.0.1 or 0.0.0.0.

KDCedited

Is this really as serious as it says? All seem fine to me…

1. The AD domains is apparently working well.

2. Registry variables are correct:
samba/interfaces = lo <interfaces/primary>
kerberos/kdc = 127.0.0.1

3. Conf files also seem OK.
smb.conf includes the line
interfaces = lo eth0

… and krc5.conf includes the line.
kdc = 127.0.0.1

4. Finally I can generate a ticket from the console using kinit

This is puzzling !

Christian_Voelker · October 1, 2018, 7:02am

Hi,

I guess your second variable is correctly set so Samba is still listening to lo interface.

Check this article and verify the mentioned UCR-variables there.

Does ist help?

CABrouwers · October 1, 2018, 11:41am

Thanks for your reply.
Yes the variable “samba/interfaces/bindonly” is set to “yes”

Christian_Voelker · October 2, 2018, 8:46am

I am indeed a little bit confused. To me it looks like a setup bug currently.

Your configured value for “samba/interfaces” looks weird. And this is the reason why the diagnostic tool reports the warning.
As this value is apparently not correct Samba (or ucr) ignores this value and binds to all interfaces- regardless of samba/interfaces/bindonly.

Set the variables as follows:

ucr set samba/interfaces=lo 
ucr unset samba/interfaces/bindonly
/etc/init.d/samba restart

After this your setup should be fine.

I am investigating why there is such a strange value in samba/interfaces.

/CV

Christian_Voelker · October 2, 2018, 10:34am

Ok,

I was mislead. The value of “lo <interfaces/primary>” is absolutely fine as the second entry will be replaced by ucr variable “interfaces/primary”. Could you let me know the output of “ucr search --brief interfaces/primary”?

/CV

CABrouwers · October 2, 2018, 11:45am

This is the output of the command you suggested

$ ucr search --brief interfaces/primary`
interfaces/primary: eth0

If helpful, I attach the smb.conf and krb5.cong files
smb.conf.txt (4.6 KB)
krb5.conf.txt (2.2 KB)

Christian_Voelker · October 2, 2018, 12:35pm

Thanks.

Yes, it is all fine on your system. Samba listens on lo and eth0 and the setting of bindonly has no effect.

So all appears to be good- even though I can not explain why the diagnostic module complains about the assumed missing “lo”…

/CV

CABrouwers · October 2, 2018, 12:52pm

Thanks a little red doesn’t bother me as long as the issue doesn’t bug the next version update!