[Samba] Error: Cannot find KDC for requested realm

Gavin Davenport gavdav at gavdav.demon.co.uk
Mon Oct 20 07:38:43 GMT 2003

>No, this isn't required.  If you don't kinit first, 'net' does it for
>you, using the password is asks for.

My mistake - I apologise. For some reason klist only showed one ticket
unless I did a kinit first.

-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: 17 October 2003 12:00
To: Gavin Davenport
Cc: Gerald (Jerry) Carter; jvilla at isdesigndev.com; samba at lists.samba.org
Subject: RE: [Samba] Error: Cannot find KDC for requested realm

On Fri, 2003-10-17 at 20:43, Gavin Davenport wrote:
> You must authenticate using kinit first, and then net ads join with no
> arguments.
> then start winbindd and smb.

The issue is exactly as jerry points out - the kerberos libs can't find the
and without that, we can go nowhere.

> I've posted extensively about this - search the archives.
> Hash: SHA1
> Jonathan Villa wrote:
> > [global]
> > workgroup = OURDOMAIN
> > security = ADS
> > realm = OURDOMAIN.com
> > password server = OURSERVER
> ....
> >
> > When I try to join the domain I do the following:
> >
> > ./net ads join -w OURDOMAIN -U administrator
> >
> > and the response is this
> >
> > kerberos_kinit_password administrator at EKI-CONSULTING.COM failed: Cannot
> > find KDC for requested realm
> This is a krb5 lib thing.  Either hardcode the KDCs in /etc/krb5.conf
> or enable DNS SRV lookups in the krb5 libs.  Hope this helps.
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba mailing list