monsterspecial
Contributor
Contributor

_kerberos-master._udp.domain

After join a ESXi in AD environment, operating system search continually host _kerberos-master._udp.domainname which by default does not exist in an Active Directory-integrated DNS zone.

Is correct???

0 Kudos
2 Replies
stokes81
Contributor
Contributor

Yes. I'm seeing that as well from my ESXi hosts.

"_kerberos-master._udp
This entry should refer to those KDCs, if any, that will immediately see password changes to the Kerberos database. This entry is used only in one case, when the user is logging in and the password appears to be incorrect; the master KDC is then contacted, and the same password used to try to decrypt the response, in case the user's password had recently been changed and the first KDC contacted hadn't been updated. Only if that fails is an "incorrect password" error given."
Source: Kerberos V5 Installation Guide
0 Kudos
pguinan
Contributor
Contributor

Hi, try changing the "dns_lookup_kdc" value in /etc/krb5.conf

0 Kudos