[Samba] winbind and smb tries to auth as pdc$ rather than local name when using ADS

Jonathan Petersson jpetersson at garnser.se
Thu Oct 1 20:07:13 MDT 2009

So I've looked further at this and noticed that samba seams to create
it's own krb5 config-file in

It seams that if I add custom information to this file it gets
overwritten upon restart of samba.

The contents of this file is
	default_realm = GARNSER.SE
	default_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
	default_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
	preferred_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5

		kdc =

I'm guessing winbind tries to bind with PRESIDIO given the name of the file.

Anyone else seen this before?


On Mon, Sep 28, 2009 at 4:14 AM, Andrew Masterson
<Andrew.Masterson at nuvistaenergy.com> wrote:
>> [root at presidio3 ~]# net ads join -U Administrator
>> Enter Administrator's password:
>> [2009/09/23 23:58:48,  0] libads/kerberos.c:ads_kinit_password(362)
>>   kerberos_kinit_password Administrator at GARNSER.SE failed: Cannot find
>> KDC for requested realm
>> Failed to join domain: failed to connect to AD: Cannot find KDC for
>> requested realm
>> Any idea why this is?
> Do you have
> kdc = pdc.domain.name:88
> ...
> }
> In your krb5.conf?  Is your firewall allowing traffic to/from on port 88? Or do you have
> dns_lookup_kdc = no
> in your krb5.conf file? (the default is supposed to be "yes")
> And can you ping the kdc from your box?  Is DNS resolving properly?
> -=Andrew
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list