[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline

James lingpanda101 at gmail.com
Wed Dec 9 17:03:50 UTC 2015

On 12/9/2015 11:33 AM, Ole Traupe wrote:
>> - But when I try to ssh to a member server, it still takes forever, 
>> and a 'kinit' on a member server gives this:
>>   "kinit: Cannot contact any KDC for realm 'MY.DOMAIN.TLD' while 
>> getting initial credentials"
>> My /etc/krb5.conf looks like this (following your suggestions, 
>> Rowland, as everything else are defaults):
>> [libdefaults]
>>  default_realm = MY.DOMAIN.TLD
>> And my /etc/resolv.conf is this:
>> search my.domain.tld
>> nameserver IP_of_1st_DC
>> nameserver IP_of_2nd_DC
> Any idea why I still get this when trying to log on to a member server 
> while the first DC is down?
> # kinit: Cannot contact any KDC for realm 'MY.DOMAIN.TLD' while 
> getting initial credentials
> Ole

     I was trying to look back through your posts so excuse me if you 
have answered this. What was your original krb.conf file contents? A few 
things that may work is to specify the kdc and not rely on dns. for 

default_realm = MY.DOMAIN.TLD
dns_lookup_kdc = false
dns_lookup_realm = false

kdc = IP of First DC
kdc = IP of Second DC


More information about the samba mailing list