[Samba] SAMBA4 kinit fails
Neil Balchin
following the instructions at http://wiki.samba.org/index.php/Samba4/HOWTO
at step 9 I get
root@pdc:~# kinit admini...@MYDOMAIN.COM
kinit: Cannot contact any KDC for realm 'MYDOMAIN.COM' while getting initial credentials
root@pdc:~#
and yet
host -t SRV _kerberos._udp.mydomain.com
gives
_kerberos._udp.mydomain.com has SRV record 0 100 88 pdc.mydomain.com.
and
root@pdc:~# host pdc.mydomain.com
pdc.mydomain.com has address 192.168.1.167
during provisioning I see there is a krb5.conf file created, does it need to be moved anywhere special ? is this perhaps my issue ?
I can't figure out why kinit isn't working for me
Neil
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Aaron Solochek
> I'm trying to test Samba4 as an AD style pdc.
>
> following the instructions at http://wiki.samba.org/index.php/Samba4/HOWTO
>
>
> at step 9 I get
>
> root@pdc:~# kinit admini...@MYDOMAIN.COM
> kinit: Cannot contact any KDC for realm 'MYDOMAIN.COM' while getting initial credentials
> root@pdc:~#
>
> and yet
>
> host -t SRV _kerberos._udp.mydomain.com
>
> gives
>
> _kerberos._udp.mydomain.com has SRV record 0 100 88 pdc.mydomain.com.
>
> and
>
> root@pdc:~# host pdc.mydomain.com
> pdc.mydomain.com has address 192.168.1.167
>
> during provisioning I see there is a krb5.conf file created, does it need to be moved anywhere special ? is this perhaps my issue ?
>
> I can't figure out why kinit isn't working for me
>
It should be /etc/krb5.conf
Neil Balchin
cp /usr/local/samba/private/krb5.conf /etc/krb5.conf
contents of /etc/krb5.conf
are
......
[libdefaults]
default_realm = MYDOMAIN.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
MYDOMAIN.COM = {
kdc = pdc.mydomain.com:88
admin_server = pdc.mydomain.com:749
default_domain = mydomain.com
}
[domain_realm]
.mydomain.com = MYDOMAIN.COM
mydomain.com = MYDOMAIN.COM
rajat swarup
> I've tried that, i ran
>
> cp /usr/local/samba/private/krb5.conf /etc/krb5.conf
>
> contents of /etc/krb5.conf
> are
> ......
>
> [libdefaults]
> default_realm = MYDOMAIN.COM
> dns_lookup_realm = false
> dns_lookup_kdc = false
> ticket_lifetime = 24h
> forwardable = yes
>
> [realms]
> MYDOMAIN.COM = {
> kdc = pdc.mydomain.com:88
> admin_server = pdc.mydomain.com:749
> default_domain = mydomain.com
> }
>
> [domain_realm]
> .mydomain.com = MYDOMAIN.COM
> mydomain.com = MYDOMAIN.COM
>
Change the contents of /etc/krb5.conf to
[libdefaults]
dns_lookup_realm = true
dns_lookup_kdc = true
Even though the system is using DNS kerberos doesn't use DNS due to
the settings that you've configured.
Hope this helps!
--
Rajat Swarup
www.rajatswarup.com
Neil Balchin
...
[libdefaults]
dns_lookup_realm = true
dns_lookup_kdc = true
in /etc/krb5.conf
I still get
kinit: Cannot contact any KDC for realm 'NEILANDJO.COM' while getting initial credentials
error
----- Original Message -----
From: "rajat swarup" <raj...@gmail.com>
To: "Neil Balchin" <ne...@neilandjo.com>
Cc: "Aaron Solochek" <aarons...@aberrant.org>, sa...@lists.samba.org
Sent: Monday, 6 September, 2010 1:33:23 AM
Subject: Re: [Samba] SAMBA4 kinit fails
Daniel Müller
-rwxrwxrwx 1 root named 389 11. Aug 14:33 /etc/krb5.conf
On Mon, 6 Sep 2010 09:01:45 -0400 (EDT), Neil Balchin <ne...@neilandjo.com>
wrote:
Michael Wood
> can your bind read from your krb5.conf??
> -rwxrwxrwx 1 root named 389 11. Aug 14:33 /etc/krb5.conf
777 is a bad idea for your /etc/krb5.conf.
This should work:
-rw-r--r-- 1 root root 3564 2010-06-30 18:02 /etc/krb5.conf
--
Michael Wood <esio...@gmail.com>
Andrew Bartlett
I'll fix up the defaults here - they are indeed incorrect.
Sorry for the bother!
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.