[Samba] Error: Cannot find KDC for requested realm

Andrew Bartlett abartlet at samba.org
Fri Oct 17 11:00:03 GMT 2003


On Fri, 2003-10-17 at 20:43, Gavin Davenport wrote:
> You must authenticate using kinit first, and then net ads join with no
> arguments.
> then start winbindd and smb.

No, this isn't required.  If you don't kinit first, 'net' does it for
you, using the password is asks for.  The issue is exactly as jerry
points out - the kerberos libs can't find the KDC, and without that, we
can go nowhere.

> I've posted extensively about this - search the archives.
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Jonathan Villa wrote:
> 
> > [global]
> > workgroup = OURDOMAIN
> > security = ADS
> > realm = OURDOMAIN.com
> > password server = OURSERVER
> ....
> >
> > When I try to join the domain I do the following:
> >
> > ./net ads join -w OURDOMAIN -U administrator
> >
> > and the response is this
> >
> > kerberos_kinit_password administrator at EKI-CONSULTING.COM failed: Cannot
> > find KDC for requested realm
> 
> This is a krb5 lib thing.  Either hardcode the KDCs in /etc/krb5.conf
> or enable DNS SRV lookups in the krb5 libs.  Hope this helps.
-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20031017/33ca653e/attachment.bin


More information about the samba mailing list