Your company here ā€” click to reach over 10,000 unique daily visitors

winbind_krb5_locator - Man Page

A plugin for MIT and Heimdal Kerberos for detecting KDCs using Windows semantics.


This plugin is part of the samba(7) suite.

winbind_krb5_locator is a plugin that permits MIT and Heimdal Kerberos libraries to detect Kerberos Servers (for the KDC and kpasswd service) using the same semantics that other tools of the Samba suite use. This include site-aware DNS service record lookups and caching of closest dc. The plugin uses the public locator API provided by most modern Kerberos implementations.


MIT Kerberos (at least version 1.5) or Heimdal Kerberos (at least version 1.0) is required.

The plugin queries the winbindd(8) daemon which needs to be configured and started separately.

The winbind_krb5_locator.so file needs to be manually copied to the plugin directory of the system Kerberos library. For MIT Kerberos this is often: /usr/lib/krb5/plugins/libkrb5/. For Heimdal Kerberos this is often: /usr/lib/plugin/krb5/. Please check your local Kerberos installation for the correct paths. No modification in /etc/krb5.conf is required to enable the use of this plugin.

After copying the locator plugin to the appropriate plugin directory it should immediately be available for use. Users should be able to kinit into their kerberized Windows environment without any modification or servers being put manually into /etc/krb5.conf.


This man page is part of version 4.20.1 of the Samba suite.


The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

The winbind_krb5_locator manpage was written by Guenther Deschner.


06/10/2024 Samba 4.20.1