We created a krb5.conf but then did not use it?

Mauricio Tavares raubvogel at gmail.com
Fri Aug 9 10:45:53 MDT 2013


On Fri, Aug 9, 2013 at 12:13 PM, Richard Sharpe
<realrichardsharpe at gmail.com> wrote:
> Hi folks,
>
> We have hit an interesting situation with Samba 3.6.x where net ads
> join -k is failing.
>
> We managed to create a krb5.conf.DOM with the locations of the KDCs in
> that realm.
>
> However, when kerberos_kinit_password was called, it seemed to send a
> DNS request for _kerberos._UDP.<realm> anyway, and got back 230 KDC
>
> The code then started going through them randomly, it seems (and they
> were not sorted by locality either) and because they seem to block
> off-site auth traffic, we could not authenticate..
>
> The version of Kerberos being used is Heimdal 1.0 by the look of things.
>
> Has anyone seen this>
>
      Anything interesting in the log file?

> --
> Regards,
> Richard Sharpe
> (何以解憂?唯有杜康。--曹操)


More information about the samba-technical mailing list