[Samba] Cannot find KDC for requested realm

Aaron Bostick ABostick at zixcorp.com
Thu Sep 16 22:17:09 GMT 2004

Hi, I am trying to get samba/winbind setup to do active directory
authentication.  I am using samba 3.0.7, kerberos 1.3.5, and openldap

I can kinit and klist just fine.  However, when I try to "net ads join
-d10 -Uabostick", I get the error listed below:

[2004/09/16 17:04:26, 3] libads/sasl.c:ads_sasl_spnego_bind(211)
  ads_sasl_spnego_bind: got server principal name
[2004/09/16 17:04:26, 1] libsmb/clikrb5.c:ads_krb5_mk_req(313)
  krb5_cc_get_principal failed (No credentials cache found)
[2004/09/16 17:04:26, 0] libads/kerberos.c:ads_kinit_password(136)
  kerberos_kinit_password abostick at MRKTG.ZIXADMIN.COM failed: Cannot
find KDC for requested realm
[2004/09/16 17:04:26, 0] utils/net_ads.c:ads_startup(183)
  ads_connect: Cannot find KDC for requested realm
[2004/09/16 17:04:26, 2] utils/net.c:main(792)
  return code = -1

I am not using an administrator account but my account has privileges to
add computer accounts, so this shouldn't matter right?

If I run kdestroy and clear my ticket, then run "net ads join" and put
in my password, I get the error, but klist shows no ticket.  The net
commands is not getting that far I guess.

Also, like the HOWTO described, I ran kinit, got a ticket.  Then I ran
"net ads join" but it still prompts me for as password!  It's almost as
if samba is ignoring my kerberos cache.  I compiled using --with-krb5
and configure output showed most of the kerberos stuff with yes.

Any ideas on this?  Is this a bug or did I build samba incorrectly?


More information about the samba mailing list