[Samba] kinit: Cannot contact any KDC for realm 'MY.LOCAL.' while getting initial credentials

James lingpanda101 at gmail.com
Tue Sep 15 12:58:17 UTC 2015 

On 9/15/2015 8:30 AM, Lluís Danés wrote:
> Solved! It was related to .local TLD. (perhaps avahi (I have an
> avahi-daemon running)... I don't know since I have never used it and I
> don't know what is)
> 
> Since I've replaced by a new one (ad.example.com using EXAMPLE NetBIOS
> domain) all works again and kinit administrator at AD.EXAMPLE.COM works again.
> 
> Thanks
> 
> 
> 2015-09-15 12:21 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com>:
> 
>> On 15/09/15 10:59, Lluís Danés wrote:
>>
>>>
>>> 2015-09-15 11:39 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com
>>> <mailto:rowlandpenny241155 at gmail.com>>:
>>>
>>>     On 15/09/15 09:40, Lluís Danés wrote:
>>>
>>>         Well, I downloaded it manually without using git. I've
>>>         compiled it with the "--with-acl-support" because I thought it
>>>         was not included as default (I remember that I read it from
>>>         the wiki that it was said to build samba by yourself if you
>>>         want to use windows ACL's).
>>>
>>>
>>>     Can you remember just where on the wiki it said that ?
>>>     You can use distro packages (well except red-hat packages and only
>>>     then if you want to setup a DC) or the packages from Sernet.
>>>
>>>
>>> I read this wiki
>>> https://wiki.samba.org/index.php/Shares_with_Windows_ACLs  This line:
>>> "To use the advanced features of Samba, it has to be compiled with ACL
>>> support (e. g. RHEL requires the libacl-devel to be installed, when
>>> compiling)." confused me.
>>>
>>
>> Would you have understood this better:
>>
>> To use the advanced features of Samba, it needs to have been compiled with
>> ACL support. As far as is known, all available Samba 4 packages are
>> compiled in this way. Unfortunately there are no Samba 4 RHEL AD DC distro
>> packages available at this time, so if you require to install an AD DC on a
>> RHEL based system you will need to compile Samba4 yourself, or use the
>> Sernet packages. If you do compile Samba 4, you will need to install the
>> relevant libacl development package for your distro (e.g. RHEL requires the
>> libacl-devel package to be installed).
>>
>> Rowland
>>
>>
>>
>>>
>>>         How can I see the default options before run ./configure?
>>>
>>>
>>>     ./configure --help
>>>
>>>     You usually don't have to add anything, unless you need to specify
>>>     something that isn't a default or is different from the default
>>>     i.e. use a different prefix.
>>>
>>>
>>>
>>>         Otherwise, I've a dot on my realm MY.LOCAL. but it was a
>>>         mistake when I create this mail. I've the same problem without
>>>         the dot. This dot was introduced because I've tried it using a
>>>         dot without success.  So if I've
>>>
>>>         /etc/krb5.conf
>>>         [libdefaults]
>>>                 default_realm = MY.LOCAL
>>>                 dns_lookup_realm = false
>>>                 dns_lookup_kdc = true
>>>
>>>
>>>         and then i run: kinit administrator at MY.LOCAL
>>>         I get: kinit: Cannot contact any KDC for realm 'MY.LOCAL'
>>>         while getting initial credentials
>>>
>>>
>>>     Is your 'TLD' actually '.local' and if so, try stopping avahi
>>>
>>>
>>> Yes, its my TLD. I will check by stopping avahi.Perhaps .LOCAL is a bad
>>> TLD for samba as I've read right now.
>>>
>>>     Is Samba running at this stage ? if it isn't, then your KDC isn't
>>>     either.
>>>
>>>
>>>  Samba is running. These 2 commands also works:
>>> smbclient -L localhost -U%
>>> smbclient //localhost/netlogon -UAdministrator -c 'ls'
>>>
>>>
>>>
>>>     Rowland
>>>
>>>     --     To unsubscribe from this list go to the following URL and read
>>> the
>>>     instructions: https://lists.samba.org/mailman/options/samba
>>>
>>>
>>>
>>>
>>> --
>>> Lluís Danés
>>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
> 
> 
> 
I ran into this problem on a member server. I searched but didn't find
mention of Avahi and .local in the Wiki. Could this be added to

https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller

Under 'Testing Kerberos' as a note if possible failure? I wish I didn't
use .local when I started.

-- 
-James

More information about the samba mailing list