[Samba] Samba 4 Cannot contact any KDC for requested realm
Gémes Géza
geza at kzsdabas.hu
Sun Jan 22 02:19:05 MST 2012
2012-01-21 09:42 keltezéssel, steve írta:
> Version 4.0.0alpha18-GIT-957ec28 with dns hh3.site realm SITE
> After starting samba -i -d3,
> wbinfo -i someuser
> gives this:
>
> ldb_wrap open of secrets.ldb
> using SPNEGO
> Selected protocol [8][NT LANMAN 1.0]
> Cannot reach a KDC we require to contact cifs/hh3.site at SITE : kinit
> for HH3$@SITE failed (Cannot contact any KDC for requested realm)
> SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_NO_LOGON_SERVERS
>
>
> ldb_wrap open of secrets.ldb
> schannel_fetch_session_key_tdb: restored schannel info key
> SECRETS/SCHANNEL/HH3
> Cannot reach a KDC we require to contact host/hh3.site at SITE : kinit
> for HH3$@SITE failed (Cannot contact any KDC for requested realm)
> SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed:
> NT_STATUS_NO_LOGON_SERVERS
>
> wbinfo -u works fine and shows a list of users. Subsequent calls to
> wbinfo do not produce this error. It only happens the first time after
> samba is started.
>
> <dare not mention>
> This may coincide with yesterday's bind 9 update from openSUSE
> </dare not mention>
>
> This seems OK no?
> Calling DNS name update script
> Calling SPN name update script
> Completed SPN update check OK
> Completed DNS update check OK
>
> and all the dns and kinit test stuff on the wiki checks out too.
>
> Any ideas?
> Thanks,
> Steve
Glad you have mentioned bind, in my experience 90% of kerberos related
problems were caused by failure to look up names. On my test system (I
haven't used Samba4 in production yet) I use bind9.8 with thedlz
backend. After I restart samab4 I have to restart bind9 as well, because
otherwise there is no name resolution possible.
Hope that helps
Geza
More information about the samba
mailing list