Windows not using SRV rr's to locate KDCs

Richard E. Silverman res at qoxp.net
Sat Feb 2 20:59:24 EST 2008


I have an AD realm, FOO.COM, and an MIT realm, UNIX.FOO.COM, with two-way
trust between them.  I am using kerberized services on hosts in the UNIX
realm from Windows XP clients.  If I explicitly list KDCs with ksetup
thus:

> ksetup /addkdc UNIX.FOO.COM kdc.unix.foo.com

... it works.  However, the ksetup documentation says that if I omit the
KDC:

> ksetup /addkdc UNIX.FOO.COM 

... Windows should use SRV records to locate the KDCs.  It's not doing
that.  I have snooped network traffic on the client; it is not doing any
DNS lookups for SRV records at all.

Any help?

Thanks,

-- 
  Richard Silverman
  res at qoxp.net




More information about the Kerberos mailing list