[Samba] kinit: Cannot contact any KDC for realm 'MY.LOCAL.' while getting initial credentials
Lluís Danés
lluisdanes at gmail.com
Tue Sep 15 08:40:34 UTC 2015
Well, I downloaded it manually without using git. I've compiled it with the
"--with-acl-support" because I thought it was not included as default (I
remember that I read it from the wiki that it was said to build samba by
yourself if you want to use windows ACL's). How can I see the default
options before run ./configure?
Otherwise, I've a dot on my realm MY.LOCAL. but it was a mistake when I
create this mail. I've the same problem without the dot. This dot was
introduced because I've tried it using a dot without success. So if I've
/etc/krb5.conf
[libdefaults]
default_realm = MY.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = true
and then i run: kinit administrator at MY.LOCAL
I get: kinit: Cannot contact any KDC for realm 'MY.LOCAL' while getting
initial credentials
Perhaps something was wrong during my compilation and kerberos fails. So
strange :S
2015-09-15 10:15 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com>:
> On 14/09/15 23:59, Lluís Danés wrote:
>
>> Hi,
>>
>> I've compiled and build samba 4.3.0 source using the samba wiki page and I
>> have run the next comands:
>>
>> (outside of the source folder)
>> 1- ./configure --with-acl-support
>> 2- make
>>
>> (also outside of the source4 folder since it give me some errors, the wiki
>> was wrong becuase it says inside)
>>
>
> Yes, that page is a bit misleading, If you are building samba from a git
> pull or a tarball, you usually end up with a directory holding all the
> samba source files i.e. samba-master for a git pull and samba-<version> for
> a tarball. You should cd into that directory and run the compile commands
> there. You also do not need to add '--with-acl-support' to the configure
> command, it is the default setting.
>
> 3- make install
>>
>> After that i set up the AD DC using the wiki page. All works but when i
>> try:
>>
>> kinit administrator at MY.LOCAL it gives kinit: Cannot contact any KDC for
>> realm 'MY.LOCAL.' while getting initial credentials
>>
>
> It will probably help if you remove the trailing dot from the realm name
> in /etc/krb5.conf
>
> Rowland
>
>
>
>> this is my configurations:
>>
>> /etc/hosts
>> 127.0.0.1 localhost.localdomain localhost
>> 192.168.0.197 DEBIAN.my.local DEBIAN
>>
>> /etc/resolv.conf
>> domain my.local
>> nameserver 192.168.0.197
>>
>> /usr/local/samba/etc/smb.conf
>> # Global parameters
>> [global]
>> workgroup = MY
>> realm = MY.LOCAL
>> netbios name = DEBIAN
>> server role = active directory domain controller
>> dns forwarder = 8.8.8.8
>> idmap_ldb:use rfc2307 = yes
>>
>> [netlogon]
>> path = /usr/local/samba/var/locks/sysvol/my.local/scripts
>> read only = No
>> write ok = Yes
>>
>> [sysvol]
>> path = /usr/local/samba/var/locks/sysvol
>> read only = No
>> write ok = Yes
>>
>>
>> /etc/krb5.conf
>> [libdefaults]
>> default_realm = MY.LOCAL.
>> dns_lookup_realm = false
>> dns_lookup_kdc = true
>>
>>
>> This was the output of provision
>>
>> A Kerberos configuration suitable for Samba 4 has been generated at
>> /usr/local/samba/private/krb5.conf
>> Setting up fake yp server settings
>> Once the above files are installed, your Samba4 server will be ready to
>> use
>> Server Role: active directory domain controller
>> Hostname: DEBIAN
>> NetBIOS Domain: MY
>> DNS Domain: my.local
>>
>>
>>
>> I dont know what happens :s, it was working yesterday using the debian
>> vendor's samba package (4.1.17-debian). Using the same steps. But now
>> kinit
>> doesn't work anymore. The dns is resolved properely. I've tested all the
>> other things that the wiki setup for active directroy domain controller
>> says and all of them work.
>>
>>
>> Thanks in advance.
>>
>>
>>
>>
>>
>>
>>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
Lluís Danés
More information about the samba
mailing list