RE: [Samba] Error: Cannot find KDC for requested realm
No, this isn't required. If you don't kinit first, 'net' does it for you, using the password is asks for. My mistake - I apologise. For some reason klist only showed one ticket unless I did a kinit first. -Original Message- From: Andrew Bartlett [mailto:[EMAIL PROTECTED] Sent: 17 October 2003 12:00 To: Gavin Davenport Cc: Gerald (Jerry) Carter; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [Samba] Error: Cannot find KDC for requested realm On Fri, 2003-10-17 at 20:43, Gavin Davenport wrote: You must authenticate using kinit first, and then net ads join with no arguments. then start winbindd and smb. The issue is exactly as jerry points out - the kerberos libs can't find the KDC, and without that, we can go nowhere. I've posted extensively about this - search the archives. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jonathan Villa wrote: [global] workgroup = OURDOMAIN security = ADS realm = OURDOMAIN.com password server = OURSERVER When I try to join the domain I do the following: ./net ads join -w OURDOMAIN -U administrator and the response is this kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot find KDC for requested realm This is a krb5 lib thing. Either hardcode the KDCs in /etc/krb5.conf or enable DNS SRV lookups in the krb5 libs. Hope this helps. -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Error: Cannot find KDC for requested realm
On Mon, 2003-10-20 at 17:38, Gavin Davenport wrote: No, this isn't required. If you don't kinit first, 'net' does it for you, using the password is asks for. My mistake - I apologise. For some reason klist only showed one ticket unless I did a kinit first. Quite correct. We do the kinit on an in-memory keytab, so it's gone by the time the command quits. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Error: Cannot find KDC for requested realm
You must authenticate using kinit first, and then net ads join with no arguments. then start winbindd and smb. I've posted extensively about this - search the archives. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jonathan Villa wrote: [global] workgroup = OURDOMAIN security = ADS realm = OURDOMAIN.com password server = OURSERVER When I try to join the domain I do the following: ./net ads join -w OURDOMAIN -U administrator and the response is this kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot find KDC for requested realm This is a krb5 lib thing. Either hardcode the KDCs in /etc/krb5.conf or enable DNS SRV lookups in the krb5 libs. Hope this helps. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Error: Cannot find KDC for requested realm
On Fri, 2003-10-17 at 20:43, Gavin Davenport wrote: You must authenticate using kinit first, and then net ads join with no arguments. then start winbindd and smb. No, this isn't required. If you don't kinit first, 'net' does it for you, using the password is asks for. The issue is exactly as jerry points out - the kerberos libs can't find the KDC, and without that, we can go nowhere. I've posted extensively about this - search the archives. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jonathan Villa wrote: [global] workgroup = OURDOMAIN security = ADS realm = OURDOMAIN.com password server = OURSERVER When I try to join the domain I do the following: ./net ads join -w OURDOMAIN -U administrator and the response is this kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot find KDC for requested realm This is a krb5 lib thing. Either hardcode the KDCs in /etc/krb5.conf or enable DNS SRV lookups in the krb5 libs. Hope this helps. -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Error: Cannot find KDC for requested realm
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jonathan Villa wrote: [global] workgroup = OURDOMAIN security = ADS realm = OURDOMAIN.com password server = OURSERVER When I try to join the domain I do the following: ./net ads join -w OURDOMAIN -U administrator and the response is this kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot find KDC for requested realm This is a krb5 lib thing. Either hardcode the KDCs in /etc/krb5.conf or enable DNS SRV lookups in the krb5 libs. Hope this helps. cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/j1m5IR7qMdg1EfYRAv5rAJ0TcExUz0rz3Vc67CqAePyHmJZjBQCg8uH/ A3NvHUoYB7tur0YCHP7drcA= =JzZY -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba