krb5 vs Windows trust relationships in AD

Garth T Kidd garthk at
Tue Nov 15 23:04:17 EST 2005

G'day, everyone.

I have a Fedora Core Linux box running kernel 2.6.11-1.1369_FC4smp,
and I'm having trouble authenticating against my Windows domain.

    kinit -V user at DOMAIN.COM


    kinit(v5): Cannot find KDC for requested realm while getting
initial credentials

... which I've Googled a lot without much success. There are a lot of
people asking questions, but not too many answers out there. Some
bloke on the #samba channel suggested I try this list instead.

When I run kinit I can see my box look up the SRV records for
_kerberos._udp.DOMAIN.COM and _kerberos._tcp.DOMAIN.COM, but then it
bombs. No other traffic heads out, in particular none to the hosts
nominated under kdc and admin_server in the realm's entry in the
[realms] section of /etc/krb5.conf.

Setting dns_lookup_realm = false and dns_lookup_kdc = false doesn't
seem to help.

Any ideas?

Where trust comes in: I can successfully authenticate against
OTHERDOMAIN.AU which trusts DOMAIN.COM, but haven't been able to
configure krb5 to authenticate DOMAIN.COM via OTHERDOMAIN.AU. If I
could do so, that'd save me having to get a machine account in


More information about the krbdev mailing list