[Samba] SAMBA4 kinit fails

[Neil Balchin]

unfortunately even with 
...
[libdefaults]
    dns_lookup_realm = true
    dns_lookup_kdc = true
...
in /etc/krb5.conf

I still get 

kinit: Cannot contact any KDC for realm 'NEILANDJO.COM' while getting initial credentials


error


----- Original Message -----
From: "rajat swarup" <rajats at gmail.com>
To: "Neil Balchin" <neil at neilandjo.com>
Cc: "Aaron Solochek" <aarons-samba at aberrant.org>, samba at lists.samba.org
Sent: Monday, 6 September, 2010 1:33:23 AM
Subject: Re: [Samba] SAMBA4 kinit fails

On Mon, Sep 6, 2010 at 12:54 AM, Neil Balchin <neil at neilandjo.com> wrote:
> I've tried that,  i ran
>
> cp /usr/local/samba/private/krb5.conf /etc/krb5.conf
>
> contents of /etc/krb5.conf
> are
> ......
>
> [libdefaults]
>        default_realm = MYDOMAIN.COM
>        dns_lookup_realm = false
>        dns_lookup_kdc = false
>        ticket_lifetime = 24h
>        forwardable = yes
>
> [realms]
>        MYDOMAIN.COM = {
>                kdc = pdc.mydomain.com:88
>                admin_server = pdc.mydomain.com:749
>                default_domain = mydomain.com
>        }
>
> [domain_realm]
>        .mydomain.com = MYDOMAIN.COM
>        mydomain.com = MYDOMAIN.COM
>

Change the contents of /etc/krb5.conf to
[libdefaults]
    dns_lookup_realm = true
    dns_lookup_kdc = true

Even though the system is using DNS kerberos doesn't use DNS due to
the settings that you've configured.

Hope this helps!
-- 
Rajat Swarup
www.rajatswarup.com