[Samba] Error: Cannot find KDC for requested realm
Andrew Bartlett
abartlet at samba.org
Fri Oct 17 11:00:03 GMT 2003
On Fri, 2003-10-17 at 20:43, Gavin Davenport wrote:
> You must authenticate using kinit first, and then net ads join with no
> arguments.
> then start winbindd and smb.
No, this isn't required. If you don't kinit first, 'net' does it for
you, using the password is asks for. The issue is exactly as jerry
points out - the kerberos libs can't find the KDC, and without that, we
can go nowhere.
> I've posted extensively about this - search the archives.
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Jonathan Villa wrote:
>
> > [global]
> > workgroup = OURDOMAIN
> > security = ADS
> > realm = OURDOMAIN.com
> > password server = OURSERVER
> ....
> >
> > When I try to join the domain I do the following:
> >
> > ./net ads join -w OURDOMAIN -U administrator
> >
> > and the response is this
> >
> > kerberos_kinit_password administrator at EKI-CONSULTING.COM failed: Cannot
> > find KDC for requested realm
>
> This is a krb5 lib thing. Either hardcode the KDCs in /etc/krb5.conf
> or enable DNS SRV lookups in the krb5 libs. Hope this helps.
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20031017/33ca653e/attachment.bin
More information about the samba
mailing list