Hi Jakub,
On Jul 30, 2013, at 07:28 AM, Jakub Hrozek <jhrozek(a)redhat.com> wrote:
On Tue, Jul 30, 2013 at 11:41:41AM +0000, Bryan Harris wrote
When I run kinit -k host/server.ad.domain.com(a)AD.DOMAIN.COM I get the following message:
kinit: Cannot find KDC for requested realm while getting initial credentials
There is no KDC explicitly defined so you rely on DNS lookups for
locating the KDC. Can you check if the other servers that work use the
same DNS servers in resolv.conf?
I'm sorry but I saw Sumit's email first. Also in my other email I tried to
explain the weird Smart Card PIN behavior.
Our resolv.conf is pointing to our BIND servers, which have the following in the zone the
linux servers will search using the domain
sub.domain.com in /etc/resolv.conf. It seems
to work okay but please feel free to let me know if it's not right. I honestly
don't remember if I found this information on the sssd
fedorahosted.org pages, but it
seemed to work thus far. We do realize that if we ever make changes to our
environment's addressing we will need to change the zone in the BIND servers as well.
_ldap._tcp 1D IN SRV 0 100 389 dc01
_ldap._tcp 1D IN SRV 0 100 389 dc02
_kerberos._tcp 1D IN SRV 0 100 88 dc01
_kerberos._tcp 1D IN SRV 0 100 88 dc02
_kpasswd._tcp 1D IN SRV 0 100 464 dc01
_kpasswd._tcp 1D IN SRV 0 100 464 dc02
_kerberos._udp 1D IN SRV 0 100 88 dc01
_kerberos._udp 1D IN SRV 0 100 88 dc02
_kpasswd._udp 1D IN SRV 0 100 464 dc01
_kpasswd._udp 1D IN SRV 0 100 464 dc02
Bryan