[Samba] ADS and samba domain member: ads_connect: Cannot resolve network address for KDC in requ

Dimitri Yioulos dyioulos at firstbhph.com
Thu Feb 2 15:18:21 GMT 2006


On Thursday February 02 2006 8:49 am, David Shapiro wrote:
> Is there no fix for thi?  Nobody answers this for me or other people
> asking this question.
>
> I really need help with this.  Is there anything I can be looking at?
> I would am not getting past doing a simple kinit
> Administrator at MYREALM.COM.  It gives me the Cannot resolve network
> address for KDC as well.  Does ads not like krb5?  Does it need krb4?
> Why doesn't kerberos provide any messages in the logs?  Any suggestions
> on ways to figure out what is going on?  I tried truss, but that does
> not show much other than I do see it looking in /etc/krb5.conf and
> /usr/local/etc/krb5.conf.  I can use tcpdump, but I am not sure what to
> be looking for?
>
> David Shapiro
> Unix Team Lead
> 919-765-2011
>
> David Shapiro
> Unix Team Lead
> 919-765-2011
>
> >>> Dimitri Yioulos <dyioulos at firstbhph.com> 2/1/2006 10:15:49 AM >>>
>
> On Wednesday February 01 2006 9:41 am, David Shapiro wrote:
> > Hello,
> >
> > I am having a problem getting my server to join our realm as a
>
> domain
>
> > member server.   I have read through google, yahoo, and this list,
>
> but I
>
> > cannot find the answer yet.
> >
> > When I run: net join ads -Uadministrator and try to login it gives
>
> the
>
> > following error:
> >
> >  kerberos_kinit_password Administrator at MYREALM.COM failed: Cannot
> > resolve network address for KDC in requested realm
> > [2006/02/01 09:33:46, 0] ../utils/net_ads.c:ads_startup(191)
> >   ads_connect: Cannot resolve network address for KDC in requested
> > realm
> >
> > The details of my setup are:
> >
> > aix 5.2.0.7
> > libiconv-1.9.1
> > autoconf-2.59
> > libiodbc-3.52.4
> > bison-2.0
> > m4-1.4.3
> > db-4.4.20
> > mysql-connector-odbc-3.51.12
> > krb
> > samba-3.0.21a
> >
> > ../configure --prefix=/usr/local/samba --with-ads --with-ldap
> > --with-winbind --with-acl-support --with-utmp --with-quotas
> > --with-sendfile-support
> >
> > openldap-2.3.19
> >
> > ./configure --enable-crypt --without-cyrus-sasl
> >
> >
> > unixODBC-2.2.11
> > gcc 3.3.2
> >
> > /etc/krb5.conf:
> >
> > [libdefaults]
> >         default_realm = MYREALM.COM
> >         default_etypes = des-cbc-crc des-cbc-md5
> >         default_etypes_des = des-cbc-crc des-cbc-md5
> >         ticket_lifetime = 24000
> >         clockskew = 300
> >         dns_lookup_realm = false
> >         dns_lookup_kdc = false
> >
> > [realms]
> >         MYREALM.COM = {
> >                 kdc = myadsserver.mydomain.com
> >                 default_domain = mydomain.com
> >         }
> >
> > [domain_realm]
> >         .mydomain.com = MYREALM.COM
> >
> > [logging]
> >         kdc = FILE:/var/log/kdc.log
> >         admin_server = FILE:/var/log/kadmin.log
> >         default = FILE:/var/log/krb5lib.log
> >
> > /etc/hosts:
> > 1.2.3.4   myadsserver.mydomain.com myadsserver
> >
> >
> > Note: Nothing goes into the logs and if I move aisde thekrb5.conf it
> > still tries automatically MYREALM.COM.  I put an error int he
>
> krb5.conf
>
> > file to see if it would notice, and it does warn about it, so it is
> > looking in krb5.conf.
> >
> >
> >
> >
> > David Shapiro
> > Unix Team Lead
> > 919-765-2011
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
>
> In krb5.conf, try this:
>
> [realms]
>   YOURDOMAIN.COM = {
>        default_domain = yourdomain.com
>        kdc = xxx.xxx.xxx.xxx   (my note - use ip address of AD server)
>        admin_server = xxx.xxx.xxx.xxx  (my note - use ip address of AD
> server)
> }
>
> HTH.
>
> Dimitri
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba


David,

Firstly, be mindful that the list is made up of volunteers who do their best 
to provide answers as quickly as possible.  Sometimes you may have to wait a 
bit longer, but I've always found these folks to be most kind and helpful.  
Give 'em a chance.

Now, after that mild rebuke:  I have little experience with AIX; my responses 
are based on my work with Samba on Linux.  That said, I believe that you 
should have nsswitch.conf and resolv.conf files on the system.  Are these 
configured correctly?  Is pam.d/login configured correctly?

Dimitri

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the samba mailing list