On Fri, Feb 21, 2014 at 11:17:38PM +0200, Genadi Postrilko wrote:
> I would like to clarify myself, i wasn't accurate when i compared it to :
> https://bugzilla.redhat.com/show_bug.cgi?id=878564.


> *But kinit with AD users failed:*
> [root@ipaserver1 ~]# kinit gen...@adexample.com
> kinit: Cannot resolve servers for KDC in realm "ADEXAMPLE.COM" while
> getting initial credentials
> *But after few minutes i was able to to kinit with AD users agian:*
> [root@ipaserver1 ~]# kinit gen...@adexample.com
> Password for gen...@adexample.com:

The AD KDC is resolved by doing DNS SRV lookup, e.g.

dig SRV _kerberos._udp.adexample.com

So I would assume a DNS related issue. Did the IP address of you AD
server changed after the reboot? Or did you call kinit early during the
AD boot process so that the DNS server were not running?

If you see this isse again, please call

KRB5_TRACE=/dev/stdout kinit gen...@adexample.com

This will print lots of debug information what libkrb5 is doing and
might help to identify the origin of the issue.


> I think i was too fast on making conclusions.
> Not sure if opening a bug is needed.

Freeipa-users mailing list

Reply via email to