On Thursday February 02 2006 8:49 am, David Shapiro wrote: > Is there no fix for thi? Nobody answers this for me or other people > asking this question. > > I really need help with this. Is there anything I can be looking at? > I would am not getting past doing a simple kinit > [EMAIL PROTECTED] It gives me the Cannot resolve network > address for KDC as well. Does ads not like krb5? Does it need krb4? > Why doesn't kerberos provide any messages in the logs? Any suggestions > on ways to figure out what is going on? I tried truss, but that does > not show much other than I do see it looking in /etc/krb5.conf and > /usr/local/etc/krb5.conf. I can use tcpdump, but I am not sure what to > be looking for? > > David Shapiro > Unix Team Lead > 919-765-2011 > > David Shapiro > Unix Team Lead > 919-765-2011 > > >>> Dimitri Yioulos <[EMAIL PROTECTED]> 2/1/2006 10:15:49 AM >>> > > On Wednesday February 01 2006 9:41 am, David Shapiro wrote: > > Hello, > > > > I am having a problem getting my server to join our realm as a > > domain > > > member server. I have read through google, yahoo, and this list, > > but I > > > cannot find the answer yet. > > > > When I run: net join ads -Uadministrator and try to login it gives > > the > > > following error: > > > > kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot > > resolve network address for KDC in requested realm > > [2006/02/01 09:33:46, 0] ../utils/net_ads.c:ads_startup(191) > > ads_connect: Cannot resolve network address for KDC in requested > > realm > > > > The details of my setup are: > > > > aix 5.2.0.7 > > libiconv-1.9.1 > > autoconf-2.59 > > libiodbc-3.52.4 > > bison-2.0 > > m4-1.4.3 > > db-4.4.20 > > mysql-connector-odbc-3.51.12 > > krb > > samba-3.0.21a > > > > ../configure --prefix=/usr/local/samba --with-ads --with-ldap > > --with-winbind --with-acl-support --with-utmp --with-quotas > > --with-sendfile-support > > > > openldap-2.3.19 > > > > ./configure --enable-crypt --without-cyrus-sasl > > > > > > unixODBC-2.2.11 > > gcc 3.3.2 > > > > /etc/krb5.conf: > > > > [libdefaults] > > default_realm = MYREALM.COM > > default_etypes = des-cbc-crc des-cbc-md5 > > default_etypes_des = des-cbc-crc des-cbc-md5 > > ticket_lifetime = 24000 > > clockskew = 300 > > dns_lookup_realm = false > > dns_lookup_kdc = false > > > > [realms] > > MYREALM.COM = { > > kdc = myadsserver.mydomain.com > > default_domain = mydomain.com > > } > > > > [domain_realm] > > .mydomain.com = MYREALM.COM > > > > [logging] > > kdc = FILE:/var/log/kdc.log > > admin_server = FILE:/var/log/kadmin.log > > default = FILE:/var/log/krb5lib.log > > > > /etc/hosts: > > 1.2.3.4 myadsserver.mydomain.com myadsserver > > > > > > Note: Nothing goes into the logs and if I move aisde thekrb5.conf it > > still tries automatically MYREALM.COM. I put an error int he > > krb5.conf > > > file to see if it would notice, and it does warn about it, so it is > > looking in krb5.conf. > > > > > > > > > > David Shapiro > > Unix Team Lead > > 919-765-2011 > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/listinfo/samba > > In krb5.conf, try this: > > [realms] > YOURDOMAIN.COM = { > default_domain = yourdomain.com > kdc = xxx.xxx.xxx.xxx (my note - use ip address of AD server) > admin_server = xxx.xxx.xxx.xxx (my note - use ip address of AD > server) > } > > HTH. > > Dimitri > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba
David, Firstly, be mindful that the list is made up of volunteers who do their best to provide answers as quickly as possible. Sometimes you may have to wait a bit longer, but I've always found these folks to be most kind and helpful. Give 'em a chance. Now, after that mild rebuke: I have little experience with AIX; my responses are based on my work with Samba on Linux. That said, I believe that you should have nsswitch.conf and resolv.conf files on the system. Are these configured correctly? Is pam.d/login configured correctly? Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba