[Samba] KDC Lookup errors only on ads joins.
Don McCall
donmccall1 at yahoo.com
Mon Jun 25 21:55:54 GMT 2007
Hi,
As I recall, 3.0.25a creates it's OWN krb5.conf file based on info it gets back from the DC to try to handle site stuff (so it uses the 'nearest' kdc, etc). I forget exactly how this mech. works, but if the kdc returned with the site info (which subsequently gets built into samba's personal 'krb5.conf' file) is down, or replication is off, your kinit would work, (because it's using the kdc in the /etc/krb5.conf) but the join would fail. Look for a file like samba_krb5.conf in your samba directory structure, and see what IT has for the KDC for the realm you're trying to join. Bet if you plug that into your /etc/krb5.conf file, the kinit would fail as well. I think this indicates a problem on the ADS side, but hopefully someone on the samba team can verify this...
Don
----- Original Message ----
From: "s_aiello at comcast.net" <s_aiello at comcast.net>
To: samba at lists.samba.org
Sent: Wednesday, June 20, 2007 10:09:33 AM
Subject: [Samba] KDC Lookup errors only on ads joins.
I have a RedHat Enterprise 4 server with samba 3.0.25a rpms installed
(downloaded from mirror mentioned on samba.org site). I have configured
krb5.conf & smb.conf. I can perform a kinit User at REALM.COM & net ads
status -UUser at REALM.COM perfectly fine. But when attempting to net ads
join -UUser at REALM.COM, I get an, "error on ads_startup: Cannot resolve
network address for KDC in requested realm", error. If there is a KDC lookup
problem, should it not occur globally ?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
____________________________________________________________________________________
Be a better Heartthrob. Get better relationship answers from someone who knows. Yahoo! Answers - Check it out.
http://answers.yahoo.com/dir/?link=list&sid=396545433
More information about the samba
mailing list