Linux. Kerberos does not find the server


The problem is this: I am translating AD for Linux. I decided to make the servers on OpenSUSE, although this is not essential. There is an iron server with a freshly installed OpenSUSE 42.1.

nt-50:~ # cat /etc/resolv.conf
search npc-mka.local

nt-50:~ # cat /etc/krb5.conf 
    default_realm = NPC-MKA.LOCAL
    dns_lookup_realm = true
    dns_lookup_kdc = true

Server 4 is PDC for Windows Server 2012R2, Server 3 is bdc for 2012R2. So kinit says that it cannot find any server. Although, for the sake of interest, everything works fine on my laptop under Ubuntu with the same settings.

For the sake of interest, I put exactly the same OpenSUSE distribution into a virtual machine, the contents of resolv and krb are exactly the same, and kinit perfectly finds the server and logs in on it.

If you add server addresses to krb5.conf:

        kdc =
        default_domain = npc-mka.local
        admin_server =

Then kinit finds the server and logs in without any problems. Well, and a couple of service checks on this non-working server:

nt-50:~ # host npc-mka.local
npc-mka.local has address
npc-mka.local has address
nt-50:~ # host npc.npc-mka.local
npc.npc-mka.local has address
nt-50:~ # host mka.npc-mka.local
mka.npc-mka.local has address
nt-50:~ # host domain name pointer npc.npc-mka.local.
nt-50:~ # host domain name pointer mka.npc-mka.local.
nt-50:~ # nslookup npc-mka.local

Name:   npc-mka.local
Name:   npc-mka.local

I already broke my whole head what could be the problem, I just haven't caught the network traffic yet, but I feel I will have to soon. Where can the problem lie, please tell me?


Apparently the problem is that modern distributions work out crookedly .local I came across this article: The problem was solved.

Scroll to Top