[Samba] SAMBA4 kinit fails

Andrew Bartlett abartlet at samba.org
Wed Sep 8 23:30:44 MDT 2010


On Mon, 2010-09-06 at 01:33 -0400, rajat swarup wrote:
> On Mon, Sep 6, 2010 at 12:54 AM, Neil Balchin <neil at neilandjo.com> wrote:
> > I've tried that,  i ran
> >
> > cp /usr/local/samba/private/krb5.conf /etc/krb5.conf
> >
> > contents of /etc/krb5.conf
> > are
> > ......
> >
> > [libdefaults]
> >        default_realm = MYDOMAIN.COM
> >        dns_lookup_realm = false
> >        dns_lookup_kdc = false
> >        ticket_lifetime = 24h
> >        forwardable = yes
> >
> > [realms]
> >        MYDOMAIN.COM = {
> >                kdc = pdc.mydomain.com:88
> >                admin_server = pdc.mydomain.com:749
> >                default_domain = mydomain.com
> >        }
> >
> > [domain_realm]
> >        .mydomain.com = MYDOMAIN.COM
> >        mydomain.com = MYDOMAIN.COM
> >
> 
> Change the contents of /etc/krb5.conf to
> [libdefaults]
>     dns_lookup_realm = true
>     dns_lookup_kdc = true
> 
> Even though the system is using DNS kerberos doesn't use DNS due to
> the settings that you've configured.

I'll fix up the defaults here - they are indeed incorrect.  

Sorry for the bother!

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba/attachments/20100909/6f9c847b/attachment.pgp>


More information about the samba mailing list