[Samba] winbind and smb tries to auth as pdc$ rather than local name when using ADS
Jonathan Petersson
jpetersson at garnser.se
Thu Oct 1 20:07:13 MDT 2009
So I've looked further at this and noticed that samba seams to create
it's own krb5 config-file in
/var/lib/samba/smb_krb5/krb5.conf.PRESIDIO
It seams that if I add custom information to this file it gets
overwritten upon restart of samba.
The contents of this file is
[libdefaults]
default_realm = GARNSER.SE
default_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
default_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
preferred_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
[realms]
GARNSER.SE = {
kdc = 172.16.1.2
}
I'm guessing winbind tries to bind with PRESIDIO given the name of the file.
Anyone else seen this before?
/Jonathan
On Mon, Sep 28, 2009 at 4:14 AM, Andrew Masterson
<Andrew.Masterson at nuvistaenergy.com> wrote:
>> [root at presidio3 ~]# net ads join -U Administrator
>> Enter Administrator's password:
>> [2009/09/23 23:58:48, 0] libads/kerberos.c:ads_kinit_password(362)
>> kerberos_kinit_password Administrator at GARNSER.SE failed: Cannot find
>> KDC for requested realm
>> Failed to join domain: failed to connect to AD: Cannot find KDC for
>> requested realm
>>
>> Any idea why this is?
>
> Do you have
> DOMAIN.NAME = {
> kdc = pdc.domain.name:88
> ...
> }
> In your krb5.conf? Is your firewall allowing traffic to/from on port 88? Or do you have
> dns_lookup_kdc = no
> in your krb5.conf file? (the default is supposed to be "yes")
> And can you ping the kdc from your box? Is DNS resolving properly?
> -=Andrew
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list