[Samba] ADS and samba domain member: ads_connect: Cannot resolve
network address for KDC in requ
David Shapiro
David.Shapiro at bcbsnc.com
Wed Feb 1 21:11:31 GMT 2006
I really need help with this. Is there anything I can be looking at? I
would am not getting past doing a simple kinit
Administrator at MYREALM.COM. It gives me the Cannot resolve network
address for KDC as well. Does ads not like krb5? Does it need krb4?
Why doesn't kerberos provide any messages in the logs? Any suggestions
on ways to figure out what is going on? I tried truss, but that does
not show much other than I do see it looking in /etc/krb5.conf and
/usr/local/etc/krb5.conf. I can use tcpdump, but I am not sure what to
be looking for?
David Shapiro
Unix Team Lead
919-765-2011
>>> Dimitri Yioulos <dyioulos at firstbhph.com> 2/1/2006 10:15:49 AM >>>
On Wednesday February 01 2006 9:41 am, David Shapiro wrote:
> Hello,
>
> I am having a problem getting my server to join our realm as a
domain
> member server. I have read through google, yahoo, and this list,
but I
> cannot find the answer yet.
>
> When I run: net join ads -Uadministrator and try to login it gives
the
> following error:
>
> kerberos_kinit_password Administrator at MYREALM.COM failed: Cannot
> resolve network address for KDC in requested realm
> [2006/02/01 09:33:46, 0] ../utils/net_ads.c:ads_startup(191)
> ads_connect: Cannot resolve network address for KDC in requested
> realm
>
> The details of my setup are:
>
> aix 5.2.0.7
> libiconv-1.9.1
> autoconf-2.59
> libiodbc-3.52.4
> bison-2.0
> m4-1.4.3
> db-4.4.20
> mysql-connector-odbc-3.51.12
> krb
> samba-3.0.21a
>
> ../configure --prefix=/usr/local/samba --with-ads --with-ldap
> --with-winbind --with-acl-support --with-utmp --with-quotas
> --with-sendfile-support
>
> openldap-2.3.19
>
> ./configure --enable-crypt --without-cyrus-sasl
>
>
> unixODBC-2.2.11
> gcc 3.3.2
>
> /etc/krb5.conf:
>
> [libdefaults]
> default_realm = MYREALM.COM
> default_etypes = des-cbc-crc des-cbc-md5
> default_etypes_des = des-cbc-crc des-cbc-md5
> ticket_lifetime = 24000
> clockskew = 300
> dns_lookup_realm = false
> dns_lookup_kdc = false
>
> [realms]
> MYREALM.COM = {
> kdc = myadsserver.mydomain.com
> default_domain = mydomain.com
> }
>
> [domain_realm]
> .mydomain.com = MYREALM.COM
>
> [logging]
> kdc = FILE:/var/log/kdc.log
> admin_server = FILE:/var/log/kadmin.log
> default = FILE:/var/log/krb5lib.log
>
> /etc/hosts:
> 1.2.3.4 myadsserver.mydomain.com myadsserver
>
>
> Note: Nothing goes into the logs and if I move aisde thekrb5.conf it
> still tries automatically MYREALM.COM. I put an error int he
krb5.conf
> file to see if it would notice, and it does warn about it, so it is
> looking in krb5.conf.
>
>
>
>
> David Shapiro
> Unix Team Lead
> 919-765-2011
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
In krb5.conf, try this:
[realms]
YOURDOMAIN.COM = {
default_domain = yourdomain.com
kdc = xxx.xxx.xxx.xxx (my note - use ip address of AD server)
admin_server = xxx.xxx.xxx.xxx (my note - use ip address of AD
server)
}
HTH.
Dimitri
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list