[Samba] winbind and smb tries to auth as pdc$ rather than local name when using ADS
adam.nielsen at uq.edu.au
Thu Sep 24 16:29:10 MDT 2009
> [root at presidio3 ~]# net ads join -U Administrator
> Enter Administrator's password:
> [2009/09/23 23:58:48, 0] libads/kerberos.c:ads_kinit_password(362)
> kerberos_kinit_password Administrator at GARNSER.SE failed: Cannot find
> KDC for requested realm
> Failed to join domain: failed to connect to AD: Cannot find KDC for
> requested realm
> Any idea why this is?
Well I've never seen that before, but according to the list archives:
"This is a krb5 lib thing. Either hardcode the KDCs in /etc/krb5.conf
or enable DNS SRV lookups in the krb5 libs."
Since I don't have /etc/krb5.conf it would seem that my Kerberos libs
are compiled with DNS SRV lookups enabled. It looks like using kinit
first is a way around it, but I'd then be worried that further
authentication issues may arise if Samba doesn't know where the KDC is.
More information about the samba