[Samba] Error: Cannot find KDC for requested realm
gavdav at gavdav.demon.co.uk
Mon Oct 20 07:38:43 GMT 2003
>No, this isn't required. If you don't kinit first, 'net' does it for
>you, using the password is asks for.
My mistake - I apologise. For some reason klist only showed one ticket
unless I did a kinit first.
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: 17 October 2003 12:00
To: Gavin Davenport
Cc: Gerald (Jerry) Carter; jvilla at isdesigndev.com; samba at lists.samba.org
Subject: RE: [Samba] Error: Cannot find KDC for requested realm
On Fri, 2003-10-17 at 20:43, Gavin Davenport wrote:
> You must authenticate using kinit first, and then net ads join with no
> then start winbindd and smb.
The issue is exactly as jerry points out - the kerberos libs can't find the
and without that, we can go nowhere.
> I've posted extensively about this - search the archives.
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Jonathan Villa wrote:
> > [global]
> > workgroup = OURDOMAIN
> > security = ADS
> > realm = OURDOMAIN.com
> > password server = OURSERVER
> > When I try to join the domain I do the following:
> > ./net ads join -w OURDOMAIN -U administrator
> > and the response is this
> > kerberos_kinit_password administrator at EKI-CONSULTING.COM failed: Cannot
> > find KDC for requested realm
> This is a krb5 lib thing. Either hardcode the KDCs in /etc/krb5.conf
> or enable DNS SRV lookups in the krb5 libs. Hope this helps.
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba