[Samba] Error: Cannot find KDC for requested realm
Gavin Davenport
gavdav at gavdav.demon.co.uk
Mon Oct 20 07:38:43 GMT 2003
>No, this isn't required. If you don't kinit first, 'net' does it for
>you, using the password is asks for.
My mistake - I apologise. For some reason klist only showed one ticket
unless I did a kinit first.
-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: 17 October 2003 12:00
To: Gavin Davenport
Cc: Gerald (Jerry) Carter; jvilla at isdesigndev.com; samba at lists.samba.org
Subject: RE: [Samba] Error: Cannot find KDC for requested realm
On Fri, 2003-10-17 at 20:43, Gavin Davenport wrote:
> You must authenticate using kinit first, and then net ads join with no
> arguments.
> then start winbindd and smb.
The issue is exactly as jerry points out - the kerberos libs can't find the
KDC,
and without that, we can go nowhere.
> I've posted extensively about this - search the archives.
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Jonathan Villa wrote:
>
> > [global]
> > workgroup = OURDOMAIN
> > security = ADS
> > realm = OURDOMAIN.com
> > password server = OURSERVER
> ....
> >
> > When I try to join the domain I do the following:
> >
> > ./net ads join -w OURDOMAIN -U administrator
> >
> > and the response is this
> >
> > kerberos_kinit_password administrator at EKI-CONSULTING.COM failed: Cannot
> > find KDC for requested realm
>
> This is a krb5 lib thing. Either hardcode the KDCs in /etc/krb5.conf
> or enable DNS SRV lookups in the krb5 libs. Hope this helps.
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba
mailing list