thr3ads.net - samba - [Samba] SAMBA4 kinit fails [Sep 2010]

If this information is useful, please help other people find it:
Share via:

Neil Balchin

2010-Sep-06 03:19 UTC

[Samba] SAMBA4 kinit fails

I'm trying to test Samba4 as an AD style pdc.

following the instructions at http://wiki.samba.org/index.php/Samba4/HOWTO


at step 9 I get 

root at pdc:~# kinit administrator at MYDOMAIN.COM
kinit: Cannot contact any KDC for realm 'MYDOMAIN.COM' while getting
initial credentials
root at pdc:~#

and yet

host -t SRV _kerberos._udp.mydomain.com

gives

_kerberos._udp.mydomain.com has SRV record 0 100 88 pdc.mydomain.com.

and 

root at pdc:~# host pdc.mydomain.com
pdc.mydomain.com has address 192.168.1.167

during provisioning I see there is a krb5.conf  file created,  does it need to
be moved anywhere special ?  is this perhaps my issue ?

I can't figure out why kinit isn't working for me


Neil

Aaron Solochek

2010-Sep-06 04:33 UTC

head link

[Samba] SAMBA4 kinit fails

On 09/05/2010 11:19 PM, Neil Balchin wrote:> I'm trying to test Samba4 as an AD style pdc.
> 
> following the instructions at http://wiki.samba.org/index.php/Samba4/HOWTO
> 
> 
> at step 9 I get 
> 
> root at pdc:~# kinit administrator at MYDOMAIN.COM
> kinit: Cannot contact any KDC for realm 'MYDOMAIN.COM' while
getting initial credentials
> root at pdc:~#
> 
> and yet
> 
> host -t SRV _kerberos._udp.mydomain.com
> 
> gives
> 
> _kerberos._udp.mydomain.com has SRV record 0 100 88 pdc.mydomain.com.
> 
> and 
> 
> root at pdc:~# host pdc.mydomain.com
> pdc.mydomain.com has address 192.168.1.167
> 
> during provisioning I see there is a krb5.conf  file created,  does it need
to be moved anywhere special ?  is this perhaps my issue ?
> 
> I can't figure out why kinit isn't working for me
> 
It should be /etc/krb5.conf


> 
> Neil
> 
>

Neil Balchin

2010-Sep-06 04:54 UTC

head link

[Samba] SAMBA4 kinit fails

I've tried that,  i ran

cp /usr/local/samba/private/krb5.conf /etc/krb5.conf

contents of /etc/krb5.conf 
are 
......

[libdefaults]
        default_realm = MYDOMAIN.COM
        dns_lookup_realm = false
        dns_lookup_kdc = false
        ticket_lifetime = 24h
        forwardable = yes

[realms]
        MYDOMAIN.COM = {
                kdc = pdc.mydomain.com:88
                admin_server = pdc.mydomain.com:749
                default_domain = mydomain.com
        }

[domain_realm]
        .mydomain.com = MYDOMAIN.COM
        mydomain.com = MYDOMAIN.COM



----- Original Message -----
From: "Aaron Solochek" <aarons-samba at aberrant.org>
To: samba at lists.samba.org
Sent: Monday, 6 September, 2010 12:33:53 AM
Subject: Re: [Samba] SAMBA4 kinit fails

On 09/05/2010 11:19 PM, Neil Balchin wrote:> I'm trying to test Samba4 as an AD style pdc.
> 
> following the instructions at http://wiki.samba.org/index.php/Samba4/HOWTO
> 
> 
> at step 9 I get 
> 
> root at pdc:~# kinit administrator at MYDOMAIN.COM
> kinit: Cannot contact any KDC for realm 'MYDOMAIN.COM' while
getting initial credentials
> root at pdc:~#
> 
> and yet
> 
> host -t SRV _kerberos._udp.mydomain.com
> 
> gives
> 
> _kerberos._udp.mydomain.com has SRV record 0 100 88 pdc.mydomain.com.
> 
> and 
> 
> root at pdc:~# host pdc.mydomain.com
> pdc.mydomain.com has address 192.168.1.167
> 
> during provisioning I see there is a krb5.conf  file created,  does it need
to be moved anywhere special ?  is this perhaps my issue ?
> 
> I can't figure out why kinit isn't working for me
> 
It should be /etc/krb5.conf


> 
> Neil
> 
> 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Neil Balchin

2010-Sep-06 13:01 UTC

head link

[Samba] SAMBA4 kinit fails

unfortunately even with 
...
[libdefaults]
    dns_lookup_realm = true
    dns_lookup_kdc = true
...
in /etc/krb5.conf

I still get 

kinit: Cannot contact any KDC for realm 'NEILANDJO.COM' while getting
initial credentials


error


----- Original Message -----
From: "rajat swarup" <rajats at gmail.com>
To: "Neil Balchin" <neil at neilandjo.com>
Cc: "Aaron Solochek" <aarons-samba at aberrant.org>, samba at
lists.samba.org
Sent: Monday, 6 September, 2010 1:33:23 AM
Subject: Re: [Samba] SAMBA4 kinit fails

On Mon, Sep 6, 2010 at 12:54 AM, Neil Balchin <neil at neilandjo.com>
wrote:> I've tried that, ?i ran
>
> cp /usr/local/samba/private/krb5.conf /etc/krb5.conf
>
> contents of /etc/krb5.conf
> are
> ......
>
> [libdefaults]
> ? ? ? ?default_realm = MYDOMAIN.COM
> ? ? ? ?dns_lookup_realm = false
> ? ? ? ?dns_lookup_kdc = false
> ? ? ? ?ticket_lifetime = 24h
> ? ? ? ?forwardable = yes
>
> [realms]
> ? ? ? ?MYDOMAIN.COM = {
> ? ? ? ? ? ? ? ?kdc = pdc.mydomain.com:88
> ? ? ? ? ? ? ? ?admin_server = pdc.mydomain.com:749
> ? ? ? ? ? ? ? ?default_domain = mydomain.com
> ? ? ? ?}
>
> [domain_realm]
> ? ? ? ?.mydomain.com = MYDOMAIN.COM
> ? ? ? ?mydomain.com = MYDOMAIN.COM
>
Change the contents of /etc/krb5.conf to
[libdefaults]
    dns_lookup_realm = true
    dns_lookup_kdc = true

Even though the system is using DNS kerberos doesn't use DNS due to
the settings that you've configured.

Hope this helps!
-- 
Rajat Swarup
www.rajatswarup.com

Reasonably Related Threads

Search for more reasonably related threads

samba - Sep 2010 - SAMBA4 kinit fails

[Samba] SAMBA4 kinit fails

[Samba] SAMBA4 kinit fails

[Samba] SAMBA4 kinit fails

[Samba] SAMBA4 kinit fails

Reasonably Related Threads