Hi,
As I recall, 3.0.25a creates it's OWN krb5.conf file based on info it gets
back from the DC to try to handle site stuff (so it uses the 'nearest'
kdc, etc). I forget exactly how this mech. works, but if the kdc returned with
the site info (which subsequently gets built into samba's personal
'krb5.conf' file) is down, or replication is off, your kinit would work,
(because it's using the kdc in the /etc/krb5.conf) but the join would fail.
Look for a file like samba_krb5.conf in your samba directory structure, and see
what IT has for the KDC for the realm you're trying to join. Bet if you
plug that into your /etc/krb5.conf file, the kinit would fail as well. I think
this indicates a problem on the ADS side, but hopefully someone on the samba
team can verify this...
Don
----- Original Message ----
From: "s_aiello@comcast.net" <s_aiello@comcast.net>
To: samba@lists.samba.org
Sent: Wednesday, June 20, 2007 10:09:33 AM
Subject: [Samba] KDC Lookup errors only on ads joins.
I have a RedHat Enterprise 4 server with samba 3.0.25a rpms installed
(downloaded from mirror mentioned on samba.org site). I have configured
krb5.conf & smb.conf. I can perform a kinit User@REALM.COM & net ads
status -UUser@REALM.COM perfectly fine. But when attempting to net ads
join -UUser@REALM.COM, I get an, "error on ads_startup: Cannot resolve
network address for KDC in requested realm", error. If there is a KDC
lookup
problem, should it not occur globally ?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
____________________________________________________________________________________
Be a better Heartthrob. Get better relationship answers from someone who knows.
Yahoo! Answers - Check it out.
http://answers.yahoo.com/dir/?link=list&sid=396545433
