[Samba] kinit: Cannot contact any KDC for realm 'MY.LOCAL.' while getting initial credentials

Rowland Penny rowlandpenny241155 at gmail.com
Tue Sep 15 08:15:53 UTC 2015 

On 14/09/15 23:59, Lluís Danés wrote:
> Hi,
>
> I've compiled and build samba 4.3.0 source using the samba wiki page and I
> have run the next comands:
>
> (outside of the source folder)
> 1- ./configure --with-acl-support
> 2- make
>
> (also outside of the source4 folder since it give me some errors, the wiki
> was wrong becuase it says inside)

Yes, that page is a bit misleading, If you are building samba from a git 
pull or a tarball, you usually end up with a directory holding all the 
samba source files i.e. samba-master for a git pull and samba-<version> 
for a tarball. You should cd into that directory and run the compile 
commands there. You also do not need to add '--with-acl-support' to the 
configure command, it is the default setting.

> 3- make install
>
> After that i set up the AD DC using the wiki page. All works but when i try:
>
> kinit administrator at MY.LOCAL it gives kinit: Cannot contact any KDC for
> realm 'MY.LOCAL.' while getting initial credentials

It will probably help if you remove the trailing dot from the realm name 
in /etc/krb5.conf

Rowland

>
> this is my configurations:
>
> /etc/hosts
> 127.0.0.1       localhost.localdomain   localhost
> 192.168.0.197   DEBIAN.my.local      DEBIAN
>
> /etc/resolv.conf
> domain my.local
> nameserver 192.168.0.197
>
> /usr/local/samba/etc/smb.conf
> # Global parameters
> [global]
>          workgroup = MY
>          realm = MY.LOCAL
>          netbios name = DEBIAN
>          server role = active directory domain controller
>          dns forwarder = 8.8.8.8
>          idmap_ldb:use rfc2307 = yes
>
> [netlogon]
>          path = /usr/local/samba/var/locks/sysvol/my.local/scripts
>          read only = No
>          write ok = Yes
>
> [sysvol]
>          path = /usr/local/samba/var/locks/sysvol
>          read only = No
>          write ok = Yes
>
>
> /etc/krb5.conf
> [libdefaults]
>          default_realm = MY.LOCAL.
>          dns_lookup_realm = false
>          dns_lookup_kdc = true
>
>
> This was the output of provision
>
> A Kerberos configuration suitable for Samba 4 has been generated at
> /usr/local/samba/private/krb5.conf
> Setting up fake yp server settings
> Once the above files are installed, your Samba4 server will be ready to use
> Server Role:           active directory domain controller
> Hostname:              DEBIAN
> NetBIOS Domain:        MY
> DNS Domain:            my.local
>
>
>
> I dont know what happens :s, it was working yesterday using the debian
> vendor's samba package (4.1.17-debian). Using the same steps. But now kinit
> doesn't work anymore. The dns is resolved properely. I've tested all the
> other things that the wiki setup for active directroy domain controller
> says and all of them work.
>
>
> Thanks in advance.
>
>
>
>
>
>

More information about the samba mailing list