[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline
James
lingpanda101 at gmail.com
Wed Dec 9 17:03:50 UTC 2015
On 12/9/2015 11:33 AM, Ole Traupe wrote:
>
>> - But when I try to ssh to a member server, it still takes forever,
>> and a 'kinit' on a member server gives this:
>> "kinit: Cannot contact any KDC for realm 'MY.DOMAIN.TLD' while
>> getting initial credentials"
>>
>>
>> My /etc/krb5.conf looks like this (following your suggestions,
>> Rowland, as everything else are defaults):
>>
>> [libdefaults]
>> default_realm = MY.DOMAIN.TLD
>>
>> And my /etc/resolv.conf is this:
>>
>> search my.domain.tld
>> nameserver IP_of_1st_DC
>> nameserver IP_of_2nd_DC
>
> Any idea why I still get this when trying to log on to a member server
> while the first DC is down?
>
> # kinit: Cannot contact any KDC for realm 'MY.DOMAIN.TLD' while
> getting initial credentials
>
> Ole
>
>
>
Ole,
I was trying to look back through your posts so excuse me if you
have answered this. What was your original krb.conf file contents? A few
things that may work is to specify the kdc and not rely on dns. for
instance.
[libdefaults]
default_realm = MY.DOMAIN.TLD
dns_lookup_kdc = false
dns_lookup_realm = false
[realms]
MY.DOMAIN.TLD = {
kdc = IP of First DC
kdc = IP of Second DC
}
--
-James
More information about the samba
mailing list