just a quick message to point out a slight error in the documentation for installing a secondary Active Directory. In krb5.conf, you need to set "dns_lookup_kdc = true" and not "false", otherwise it causes some problems.
Regards
[RESOLVED] Minor error in the documentation
Good morning,
No, it's not a mistake
The KDC servers are defined below for the Kerberos realm of the domain:
Normally, kinit should work. Otherwise, there might be a problem with /etc/resolv.conf, depending on your error?
Good day,
Yohannes
No, it's not a mistake
The KDC servers are defined below for the Kerberos realm of the domain:
Code: Select all
[libdefaults]
default_realm = NOM_DE_DOMAINE_LONG
dns_lookup_kdc = false
dns_lookup_realm=false
[realms]
NOM_DE_DOMAINE_LONG = {
kdc = 127.0.0.1
kdc = IP_SERVUR_AD1
}Good day,
Yohannes
-
dcardon
- WAPT Expert
- Messages: 1929
- Registration: June 18, 2014 - 09:58
- Location: Saint Sébastien sur Loire
- Contact :
Hi Vincent,
The nss library (which handles routing system DNS queries) isn't site-aware by default, so if we let it perform DC detection, we're not guaranteed it will find the one we want. There's a module to add (winbind_krb5_locator), but there were bugs in previous versions of the pre-packaged modules, so hardcoding it (especially on a DC) is the most robust solution.
The nss library (which handles routing system DNS queries) isn't site-aware by default, so if we let it perform DC detection, we're not guaranteed it will find the one we want. There's a module to add (winbind_krb5_locator), but there were bugs in previous versions of the pre-packaged modules, so hardcoding it (especially on a DC) is the most robust solution.
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Hello
, sorry, it's my fault. I went a bit too fast; I forgot to replace "MYDOMAIN.LAN" in the "realms" section with the correct domain, so of course it wasn't going to work.
Quick question: the official Samba documentation recommends putting the DC's IP address in resolv.conf after joining the domain, rather than 127.0.0.1. Do you know why?
Regards
, sorry, it's my fault. I went a bit too fast; I forgot to replace "MYDOMAIN.LAN" in the "realms" section with the correct domain, so of course it wasn't going to work.
Quick question: the official Samba documentation recommends putting the DC's IP address in resolv.conf after joining the domain, rather than 127.0.0.1. Do you know why?
Regards
-
dcardon
- WAPT Expert
- Messages: 1929
- Registration: June 18, 2014 - 09:58
- Location: Saint Sébastien sur Loire
- Contact :
Hello Vincent,
Sincerely,
Denis
It's a convenient way to write the text. It ensures it's the correct IP address and it works very wellVincent38 wrote: ↑Oct 9, 2025 - 12:42 Sorry, it's my fault, I went a bit too fast, I forgot to replace "MYDOMAIN.LAN" in the "realms" section with the correct domain, so of course it wasn't going to work.
Quick question: the official Samba documentation recommends putting the IP address of the DC in question in resolv.conf after joining the domain, rather than 127.0.0.1. Do you know why?
Sincerely,
Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
