[Samba] ADS and samba domain member: ads_connect: Cannot resolve
network address for KDC in requ
Dimitri Yioulos
dyioulos at firstbhph.com
Thu Feb 2 15:18:21 GMT 2006
On Thursday February 02 2006 8:49 am, David Shapiro wrote:
> Is there no fix for thi? Nobody answers this for me or other people
> asking this question.
>
> I really need help with this. Is there anything I can be looking at?
> I would am not getting past doing a simple kinit
> Administrator at MYREALM.COM. It gives me the Cannot resolve network
> address for KDC as well. Does ads not like krb5? Does it need krb4?
> Why doesn't kerberos provide any messages in the logs? Any suggestions
> on ways to figure out what is going on? I tried truss, but that does
> not show much other than I do see it looking in /etc/krb5.conf and
> /usr/local/etc/krb5.conf. I can use tcpdump, but I am not sure what to
> be looking for?
>
> David Shapiro
> Unix Team Lead
> 919-765-2011
>
> David Shapiro
> Unix Team Lead
> 919-765-2011
>
> >>> Dimitri Yioulos <dyioulos at firstbhph.com> 2/1/2006 10:15:49 AM >>>
>
> On Wednesday February 01 2006 9:41 am, David Shapiro wrote:
> > Hello,
> >
> > I am having a problem getting my server to join our realm as a
>
> domain
>
> > member server. I have read through google, yahoo, and this list,
>
> but I
>
> > cannot find the answer yet.
> >
> > When I run: net join ads -Uadministrator and try to login it gives
>
> the
>
> > following error:
> >
> > kerberos_kinit_password Administrator at MYREALM.COM failed: Cannot
> > resolve network address for KDC in requested realm
> > [2006/02/01 09:33:46, 0] ../utils/net_ads.c:ads_startup(191)
> > ads_connect: Cannot resolve network address for KDC in requested
> > realm
> >
> > The details of my setup are:
> >
> > aix 5.2.0.7
> > libiconv-1.9.1
> > autoconf-2.59
> > libiodbc-3.52.4
> > bison-2.0
> > m4-1.4.3
> > db-4.4.20
> > mysql-connector-odbc-3.51.12
> > krb
> > samba-3.0.21a
> >
> > ../configure --prefix=/usr/local/samba --with-ads --with-ldap
> > --with-winbind --with-acl-support --with-utmp --with-quotas
> > --with-sendfile-support
> >
> > openldap-2.3.19
> >
> > ./configure --enable-crypt --without-cyrus-sasl
> >
> >
> > unixODBC-2.2.11
> > gcc 3.3.2
> >
> > /etc/krb5.conf:
> >
> > [libdefaults]
> > default_realm = MYREALM.COM
> > default_etypes = des-cbc-crc des-cbc-md5
> > default_etypes_des = des-cbc-crc des-cbc-md5
> > ticket_lifetime = 24000
> > clockskew = 300
> > dns_lookup_realm = false
> > dns_lookup_kdc = false
> >
> > [realms]
> > MYREALM.COM = {
> > kdc = myadsserver.mydomain.com
> > default_domain = mydomain.com
> > }
> >
> > [domain_realm]
> > .mydomain.com = MYREALM.COM
> >
> > [logging]
> > kdc = FILE:/var/log/kdc.log
> > admin_server = FILE:/var/log/kadmin.log
> > default = FILE:/var/log/krb5lib.log
> >
> > /etc/hosts:
> > 1.2.3.4 myadsserver.mydomain.com myadsserver
> >
> >
> > Note: Nothing goes into the logs and if I move aisde thekrb5.conf it
> > still tries automatically MYREALM.COM. I put an error int he
>
> krb5.conf
>
> > file to see if it would notice, and it does warn about it, so it is
> > looking in krb5.conf.
> >
> >
> >
> >
> > David Shapiro
> > Unix Team Lead
> > 919-765-2011
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/listinfo/samba
>
> In krb5.conf, try this:
>
> [realms]
> YOURDOMAIN.COM = {
> default_domain = yourdomain.com
> kdc = xxx.xxx.xxx.xxx (my note - use ip address of AD server)
> admin_server = xxx.xxx.xxx.xxx (my note - use ip address of AD
> server)
> }
>
> HTH.
>
> Dimitri
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
David,
Firstly, be mindful that the list is made up of volunteers who do their best
to provide answers as quickly as possible. Sometimes you may have to wait a
bit longer, but I've always found these folks to be most kind and helpful.
Give 'em a chance.
Now, after that mild rebuke: I have little experience with AIX; my responses
are based on my work with Samba on Linux. That said, I believe that you
should have nsswitch.conf and resolv.conf files on the system. Are these
configured correctly? Is pam.d/login configured correctly?
Dimitri
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the samba
mailing list