[Samba] winbind and smb tries to auth as pdc$ rather than local name when using ADS
Adam Nielsen
adam.nielsen at uq.edu.au
Thu Sep 24 16:29:10 MDT 2009
> [root at presidio3 ~]# net ads join -U Administrator
> Enter Administrator's password:
> [2009/09/23 23:58:48, 0] libads/kerberos.c:ads_kinit_password(362)
> kerberos_kinit_password Administrator at GARNSER.SE failed: Cannot find
> KDC for requested realm
> Failed to join domain: failed to connect to AD: Cannot find KDC for
> requested realm
>
> Any idea why this is?
Well I've never seen that before, but according to the list archives:
"This is a krb5 lib thing. Either hardcode the KDCs in /etc/krb5.conf
or enable DNS SRV lookups in the krb5 libs."
Since I don't have /etc/krb5.conf it would seem that my Kerberos libs
are compiled with DNS SRV lookups enabled. It looks like using kinit
first is a way around it, but I'd then be worried that further
authentication issues may arise if Samba doesn't know where the KDC is.
Cheers,
Adam.
More information about the samba
mailing list