[Samba] winbind and smb tries to auth as pdc$ rather than local name when using ADS

Adam Nielsen adam.nielsen at uq.edu.au
Thu Sep 24 16:29:10 MDT 2009

> [root at presidio3 ~]# net ads join -U Administrator
> Enter Administrator's password:
> [2009/09/23 23:58:48,  0] libads/kerberos.c:ads_kinit_password(362)
>   kerberos_kinit_password Administrator at GARNSER.SE failed: Cannot find
> KDC for requested realm
> Failed to join domain: failed to connect to AD: Cannot find KDC for
> requested realm
> Any idea why this is?

Well I've never seen that before, but according to the list archives:

"This is a krb5 lib thing.  Either hardcode the KDCs in /etc/krb5.conf
or enable DNS SRV lookups in the krb5 libs."

Since I don't have /etc/krb5.conf it would seem that my Kerberos libs
are compiled with DNS SRV lookups enabled.  It looks like using kinit
first is a way around it, but I'd then be worried that further
authentication issues may arise if Samba doesn't know where the KDC is.


More information about the samba mailing list