[Samba] Can't join Linux host to AD - "Improper format of Kerberos configuration file"

Rowland penny rpenny at samba.org
Tue Jun 11 12:58:41 UTC 2019


On 11/06/2019 13:41, Andreas Habel via samba wrote:
> Hi,
>
> when trying to add a Linux host (CentOS7) that is supposed to act as a file server to AD I get:
>
> # net ads join -U administrator
> Enter administrator's password:
> kerberos_kinit_password administrator at IERLAB.UX.UIS.NO failed: Improper format of Kerberos configuration file
> Failed to join domain: failed to connect to AD: Improper format of Kerberos configuration file
>
> Here's my krb5.conf (it looks the same on the DC and client):
> [libdefaults]
>          default_realm = IERLAB.UX.UIS.NO
>          dns_lookup_realm = false
>          dns_lookup_kdc = true
>
That looks okay, it take it that is /etc/krb5.conf ?

> Here's the output of a couple of Kerberos-related commands (executed on the DC):
>
> # host -t SRV _kerberos._udp.ierlab.ux.uis.no
> _kerberos._udp.ierlab.ux.uis.no has SRV record 0 100 88 geo22.ierlab.ux.uis.no.
>
> # kinit administrator
> Password for administrator at IERLAB.UX.UIS.NO:
> # klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: administrator at IERLAB.UX.UIS.NO
>
> Valid starting       Expires              Service principal
> 06/11/2019 14:00:34  06/12/2019 00:00:34  krbtgt/IERLAB.UX.UIS.NO at IERLAB.UX.UIS.NO
>          renew until 06/12/2019 14:00:30
>
>
>  From other threads on this list I learned that there could be a kdc.conf file; however, I can't find such a file on my DC.
No, you shouldn't  have that file.
>
> So any help with the Kerberos configuration would be appreciated.
>
> Andreas
>
>
Lets start with you posting the smb.conf file from the machine that will 
not join.

Rowland





More information about the samba mailing list