[Samba] Re: Cannot find KDC for requested realm

Aaron Bostick abostick at zixcorp.com
Mon Sep 20 21:33:31 GMT 2004

Just to let someone know, I resolved this problem by compiling kerberos as a
shared library.  I initially compiled kerberos as static libraries only
because I use Openpkg (www.openpkg.org).  Samba compiles fine this way but
at runtime, it apparently is not picking up the kerberos stuff it needed.

Anyone know how to compile samba using static library dependencies?  For
instance, I have the same problem with openldap.  It only works if its
compiled as a shared library but I would like to make it a static library


Aaron Bostick wrote:

> Hi, I am trying to get samba/winbind setup to do active directory
> authentication.  I am using samba 3.0.7, kerberos 1.3.5, and openldap
> 2.2.17.
> I can kinit and klist just fine.  However, when I try to "net ads join
> -d10 -Uabostick", I get the error listed below:
> [2004/09/16 17:04:26, 3] libads/sasl.c:ads_sasl_spnego_bind(211)
>   ads_sasl_spnego_bind: got server principal name
> =zixit-srv-01s$@MRKTG.ZIXADMIN.COM
> [2004/09/16 17:04:26, 1] libsmb/clikrb5.c:ads_krb5_mk_req(313)
>   krb5_cc_get_principal failed (No credentials cache found)
> [2004/09/16 17:04:26, 0] libads/kerberos.c:ads_kinit_password(136)
>   kerberos_kinit_password abostick at MRKTG.ZIXADMIN.COM failed: Cannot
> find KDC for requested realm
> [2004/09/16 17:04:26, 0] utils/net_ads.c:ads_startup(183)
>   ads_connect: Cannot find KDC for requested realm
> [2004/09/16 17:04:26, 2] utils/net.c:main(792)
>   return code = -1
> I am not using an administrator account but my account has privileges to
> add computer accounts, so this shouldn't matter right?
> If I run kdestroy and clear my ticket, then run "net ads join" and put
> in my password, I get the error, but klist shows no ticket.  The net
> commands is not getting that far I guess.
> Also, like the HOWTO described, I ran kinit, got a ticket.  Then I ran
> "net ads join" but it still prompts me for as password!  It's almost as
> if samba is ignoring my kerberos cache.  I compiled using --with-krb5
> and configure output showed most of the kerberos stuff with yes.
> Any ideas on this?  Is this a bug or did I build samba incorrectly?
> Thanks,
> Aaron

More information about the samba mailing list