Re: [Samba] ADS and samba domain member: ads_connect: Cannot resolve network address for KDC in requ
David Shapiro wrote:
/etc/host, resolv.conf are fine. nsswitch.conf does not exist on aix
systems, but I did add the winbindd entry where aix expects it.I
guess we will see if people respond, but I noticed nobody answered this
type of question in the past...
Not that many people using AIX.
Dimitri Yioulos <[EMAIL PROTECTED]> 2/2/2006 10:18 AM >>>
On Thursday February 02 2006 8:49 am, David Shapiro wrote:
Is there no fix for thi? Nobody answers this for me or other people
asking this question.
I really need help with this. Is there anything I can be looking
at?
I would am not getting past doing a simple kinit
[EMAIL PROTECTED] It gives me the Cannot resolve network
address for KDC as well. Does ads not like krb5? Does it need
krb4?
Why doesn't kerberos provide any messages in the logs? Any
suggestions
on ways to figure out what is going on? I tried truss, but that
does
not show much other than I do see it looking in /etc/krb5.conf and
/usr/local/etc/krb5.conf. I can use tcpdump, but I am not sure what
AIX wants krb5.conf in /etc/krb5/krb5.conf.
Doesn't hurt to use a symbolic link:
cd /etc
mkdir krb5
cd /etc/krb5.conf
ln -s krb5.conf ../krb5.conf
to
be looking for?
Dimitri Yioulos <[EMAIL PROTECTED]> 2/1/2006 10:15:49 AM
On Wednesday February 01 2006 9:41 am, David Shapiro wrote:
Hello,
I am having a problem getting my server to join our realm as a
domain
member server. I have read through google, yahoo, and this list,
but I
cannot find the answer yet.
When I run: net join ads -Uadministrator and try to login it gives
the
following error:
kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot
resolve network address for KDC in requested realm
[2006/02/01 09:33:46, 0] ../utils/net_ads.c:ads_startup(191)
ads_connect: Cannot resolve network address for KDC in requested
realm
The details of my setup are:
aix 5.2.0.7
libiconv-1.9.1
autoconf-2.59
libiodbc-3.52.4
bison-2.0
m4-1.4.3
db-4.4.20
mysql-connector-odbc-3.51.12
krb
Not good enough. You need to specify what version Kerberos.
Also it looks like you may be using the linux affinity
toolkit. Did you compile your own Kerberos?
samba-3.0.21a
../configure --prefix=/usr/local/samba --with-ads --with-ldap
--with-winbind --with-acl-support --with-utmp --with-quotas
--with-sendfile-support
openldap-2.3.19
./configure --enable-crypt --without-cyrus-sasl
unixODBC-2.2.11
gcc 3.3.2
/etc/krb5.conf:
[libdefaults]
default_realm = MYREALM.COM
default_etypes = des-cbc-crc des-cbc-md5
default_etypes_des = des-cbc-crc des-cbc-md5
The way it works is this.
If you override the defaults
if your version of Kerberos doesn't support rc4-hmac (<1.3.4),
you must not specify it (doh).
else if your version of Kerberos supports rc4-hmac (>=1.3.4),
you must specify rc4-hmac as one of the allowable enctypes
else userAccountControl in ldap doesn't get set up in
agreement with your manual krb5 spec on net join.
My current 1.3.6 and previous versions of Kerberos use these parameters
default_tgs_enctypes
default_tkt_enctypes
permitted_enctypes
"enctypes" not "etypes"
ticket_lifetime = 24000
clockskew = 300
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
MYREALM.COM = {
kdc = myadsserver.mydomain.com
default_domain = mydomain.com
}
[domain_realm]
.mydomain.com = MYREALM.COM
While it's not be impossible to have a different REALM
than domain name, MS doesn't do it and you're asking
for extra problems. MS sometimes makes assumptions that
have to be worked around. For a first time test, try
[libdefaults]
default_realm = MYDOMAIN.COM
...
{realms]
MYDOMAIN.COM = {
...
Probably already too late.
In krb5.conf, try this:
[realms]
YOURDOMAIN.COM = {
default_domain = yourdomain.com
kdc = xxx.xxx.xxx.xxx (my note - use ip address of AD
server)
admin_server = xxx.xxx.xxx.xxx (my note - use ip address of
AD
server)
}
HTH.
Dimitri
David,
Firstly, be mindful that the list is made up of volunteers who do their
best
to provide answers as quickly as possible. Sometimes you may have to
wait a
bit longer, but I've always found these folks to be most kind and
helpful.
Give 'em a chance.
I've come up on deadlines,
come to the end of my rope,
and not had the budget for paid assistance,
and asked the same question out of desperation.
Always punish myself afterwards.
Bad Doug Bad Dog.
Now, after that mild rebuke: I have little experience with AIX; my
responses
are based on my work with Samba on Linux. That said, I believe that
you
should have nsswitch.conf and resolv.conf files on the system. Are
these
configured correctly? Is pam.d/login configured correctly?
Dimitri
Regards, Doug
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ADS and samba domain member: ads_connect: Cannot resolve network address for KDC in requ
/etc/host, resolv.conf are fine. nsswitch.conf does not exist on aix
systems, but I did add the winbindd entry where aix expects it.I
guess we will see if people respond, but I noticed nobody answered this
type of question in the past...
David
David Shapiro
Unix Team Lead
919-765-2011
>>> Dimitri Yioulos <[EMAIL PROTECTED]> 2/2/2006 10:18 AM >>>
On Thursday February 02 2006 8:49 am, David Shapiro wrote:
> Is there no fix for thi? Nobody answers this for me or other people
> asking this question.
>
> I really need help with this. Is there anything I can be looking
at?
> I would am not getting past doing a simple kinit
> [EMAIL PROTECTED] It gives me the Cannot resolve network
> address for KDC as well. Does ads not like krb5? Does it need
krb4?
> Why doesn't kerberos provide any messages in the logs? Any
suggestions
> on ways to figure out what is going on? I tried truss, but that
does
> not show much other than I do see it looking in /etc/krb5.conf and
> /usr/local/etc/krb5.conf. I can use tcpdump, but I am not sure what
to
> be looking for?
>
> David Shapiro
> Unix Team Lead
> 919-765-2011
>
> David Shapiro
> Unix Team Lead
> 919-765-2011
>
> >>> Dimitri Yioulos <[EMAIL PROTECTED]> 2/1/2006 10:15:49 AM
>>>
>
> On Wednesday February 01 2006 9:41 am, David Shapiro wrote:
> > Hello,
> >
> > I am having a problem getting my server to join our realm as a
>
> domain
>
> > member server. I have read through google, yahoo, and this list,
>
> but I
>
> > cannot find the answer yet.
> >
> > When I run: net join ads -Uadministrator and try to login it gives
>
> the
>
> > following error:
> >
> > kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot
> > resolve network address for KDC in requested realm
> > [2006/02/01 09:33:46, 0] ../utils/net_ads.c:ads_startup(191)
> > ads_connect: Cannot resolve network address for KDC in requested
> > realm
> >
> > The details of my setup are:
> >
> > aix 5.2.0.7
> > libiconv-1.9.1
> > autoconf-2.59
> > libiodbc-3.52.4
> > bison-2.0
> > m4-1.4.3
> > db-4.4.20
> > mysql-connector-odbc-3.51.12
> > krb
> > samba-3.0.21a
> >
> > ../configure --prefix=/usr/local/samba --with-ads --with-ldap
> > --with-winbind --with-acl-support --with-utmp --with-quotas
> > --with-sendfile-support
> >
> > openldap-2.3.19
> >
> > ./configure --enable-crypt --without-cyrus-sasl
> >
> >
> > unixODBC-2.2.11
> > gcc 3.3.2
> >
> > /etc/krb5.conf:
> >
> > [libdefaults]
> > default_realm = MYREALM.COM
> > default_etypes = des-cbc-crc des-cbc-md5
> > default_etypes_des = des-cbc-crc des-cbc-md5
> > ticket_lifetime = 24000
> > clockskew = 300
> > dns_lookup_realm = false
> > dns_lookup_kdc = false
> >
> > [realms]
> > MYREALM.COM = {
> > kdc = myadsserver.mydomain.com
> > default_domain = mydomain.com
> > }
> >
> > [domain_realm]
> > .mydomain.com = MYREALM.COM
> >
> > [logging]
> > kdc = FILE:/var/log/kdc.log
> > admin_server = FILE:/var/log/kadmin.log
> > default = FILE:/var/log/krb5lib.log
> >
> > /etc/hosts:
> > 1.2.3.4 myadsserver.mydomain.com myadsserver
> >
> >
> > Note: Nothing goes into the logs and if I move aisde thekrb5.conf
it
> > still tries automatically MYREALM.COM. I put an error int he
>
> krb5.conf
>
> > file to see if it would notice, and it does warn about it, so it
is
> > looking in krb5.conf.
> >
> >
> >
> >
> > David Shapiro
> > Unix Team Lead
> > 919-765-2011
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/listinfo/samba
>
> In krb5.conf, try this:
>
> [realms]
> YOURDOMAIN.COM = {
>default_domain = yourdomain.com
>kdc = xxx.xxx.xxx.xxx (my note - use ip address of AD
server)
>admin_server = xxx.xxx.xxx.xxx (my note - use ip address of
AD
> server)
> }
>
> HTH.
>
> Dimitri
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
David,
Firstly, be mindful that the list is made up of volunteers who do their
best
to provide answers as quickly as possible. Sometimes you may have to
wait a
bit longer, but I've always found these folks to be most kind and
helpful.
Give 'em a chance.
Now, after that mild rebuke: I have little experience with AIX; my
responses
are based on my work with Samba on Linux. That said, I believe that
you
should have nsswitch.conf and resolv.conf files on the system. Are
these
configured correctly? Is pam.d/login configured correctly?
Dimitri
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
belie
Re: [Samba] ADS and samba domain member: ads_connect: Cannot resolve network address for KDC in requ
On Thu, Feb 02, 2006 at 08:49:55AM -0500, David Shapiro wrote: > Is there no fix for thi? Nobody answers this for me or other people > asking this question. > > I really need help with this. If you really must have help with this, paid support is available here : http://samba.org/samba/support/ Look at the list on your left for your geographic area. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ADS and samba domain member: ads_connect: Cannot resolve network address for KDC in requ
On Thursday February 02 2006 8:49 am, David Shapiro wrote:
> Is there no fix for thi? Nobody answers this for me or other people
> asking this question.
>
> I really need help with this. Is there anything I can be looking at?
> I would am not getting past doing a simple kinit
> [EMAIL PROTECTED] It gives me the Cannot resolve network
> address for KDC as well. Does ads not like krb5? Does it need krb4?
> Why doesn't kerberos provide any messages in the logs? Any suggestions
> on ways to figure out what is going on? I tried truss, but that does
> not show much other than I do see it looking in /etc/krb5.conf and
> /usr/local/etc/krb5.conf. I can use tcpdump, but I am not sure what to
> be looking for?
>
> David Shapiro
> Unix Team Lead
> 919-765-2011
>
> David Shapiro
> Unix Team Lead
> 919-765-2011
>
> >>> Dimitri Yioulos <[EMAIL PROTECTED]> 2/1/2006 10:15:49 AM >>>
>
> On Wednesday February 01 2006 9:41 am, David Shapiro wrote:
> > Hello,
> >
> > I am having a problem getting my server to join our realm as a
>
> domain
>
> > member server. I have read through google, yahoo, and this list,
>
> but I
>
> > cannot find the answer yet.
> >
> > When I run: net join ads -Uadministrator and try to login it gives
>
> the
>
> > following error:
> >
> > kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot
> > resolve network address for KDC in requested realm
> > [2006/02/01 09:33:46, 0] ../utils/net_ads.c:ads_startup(191)
> > ads_connect: Cannot resolve network address for KDC in requested
> > realm
> >
> > The details of my setup are:
> >
> > aix 5.2.0.7
> > libiconv-1.9.1
> > autoconf-2.59
> > libiodbc-3.52.4
> > bison-2.0
> > m4-1.4.3
> > db-4.4.20
> > mysql-connector-odbc-3.51.12
> > krb
> > samba-3.0.21a
> >
> > ../configure --prefix=/usr/local/samba --with-ads --with-ldap
> > --with-winbind --with-acl-support --with-utmp --with-quotas
> > --with-sendfile-support
> >
> > openldap-2.3.19
> >
> > ./configure --enable-crypt --without-cyrus-sasl
> >
> >
> > unixODBC-2.2.11
> > gcc 3.3.2
> >
> > /etc/krb5.conf:
> >
> > [libdefaults]
> > default_realm = MYREALM.COM
> > default_etypes = des-cbc-crc des-cbc-md5
> > default_etypes_des = des-cbc-crc des-cbc-md5
> > ticket_lifetime = 24000
> > clockskew = 300
> > dns_lookup_realm = false
> > dns_lookup_kdc = false
> >
> > [realms]
> > MYREALM.COM = {
> > kdc = myadsserver.mydomain.com
> > default_domain = mydomain.com
> > }
> >
> > [domain_realm]
> > .mydomain.com = MYREALM.COM
> >
> > [logging]
> > kdc = FILE:/var/log/kdc.log
> > admin_server = FILE:/var/log/kadmin.log
> > default = FILE:/var/log/krb5lib.log
> >
> > /etc/hosts:
> > 1.2.3.4 myadsserver.mydomain.com myadsserver
> >
> >
> > Note: Nothing goes into the logs and if I move aisde thekrb5.conf it
> > still tries automatically MYREALM.COM. I put an error int he
>
> krb5.conf
>
> > file to see if it would notice, and it does warn about it, so it is
> > looking in krb5.conf.
> >
> >
> >
> >
> > David Shapiro
> > Unix Team Lead
> > 919-765-2011
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/listinfo/samba
>
> In krb5.conf, try this:
>
> [realms]
> YOURDOMAIN.COM = {
>default_domain = yourdomain.com
>kdc = xxx.xxx.xxx.xxx (my note - use ip address of AD server)
>admin_server = xxx.xxx.xxx.xxx (my note - use ip address of AD
> server)
> }
>
> HTH.
>
> Dimitri
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
David,
Firstly, be mindful that the list is made up of volunteers who do their best
to provide answers as quickly as possible. Sometimes you may have to wait a
bit longer, but I've always found these folks to be most kind and helpful.
Give 'em a chance.
Now, after that mild rebuke: I have little experience with AIX; my responses
are based on my work with Samba on Linux. That said, I believe that you
should have nsswitch.conf and resolv.conf files on the system. Are these
configured correctly? Is pam.d/login configured correctly?
Dimitri
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ADS and samba domain member: ads_connect: Cannot resolve network address for KDC in requ
Is there no fix for thi? Nobody answers this for me or other people
asking this question.
I really need help with this. Is there anything I can be looking at?
I would am not getting past doing a simple kinit
[EMAIL PROTECTED] It gives me the Cannot resolve network
address for KDC as well. Does ads not like krb5? Does it need krb4?
Why doesn't kerberos provide any messages in the logs? Any suggestions
on ways to figure out what is going on? I tried truss, but that does
not show much other than I do see it looking in /etc/krb5.conf and
/usr/local/etc/krb5.conf. I can use tcpdump, but I am not sure what to
be looking for?
David Shapiro
Unix Team Lead
919-765-2011
David Shapiro
Unix Team Lead
919-765-2011
>>> Dimitri Yioulos <[EMAIL PROTECTED]> 2/1/2006 10:15:49 AM >>>
On Wednesday February 01 2006 9:41 am, David Shapiro wrote:
> Hello,
>
> I am having a problem getting my server to join our realm as a
domain
> member server. I have read through google, yahoo, and this list,
but I
> cannot find the answer yet.
>
> When I run: net join ads -Uadministrator and try to login it gives
the
> following error:
>
> kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot
> resolve network address for KDC in requested realm
> [2006/02/01 09:33:46, 0] ../utils/net_ads.c:ads_startup(191)
> ads_connect: Cannot resolve network address for KDC in requested
> realm
>
> The details of my setup are:
>
> aix 5.2.0.7
> libiconv-1.9.1
> autoconf-2.59
> libiodbc-3.52.4
> bison-2.0
> m4-1.4.3
> db-4.4.20
> mysql-connector-odbc-3.51.12
> krb
> samba-3.0.21a
>
> ../configure --prefix=/usr/local/samba --with-ads --with-ldap
> --with-winbind --with-acl-support --with-utmp --with-quotas
> --with-sendfile-support
>
> openldap-2.3.19
>
> ./configure --enable-crypt --without-cyrus-sasl
>
>
> unixODBC-2.2.11
> gcc 3.3.2
>
> /etc/krb5.conf:
>
> [libdefaults]
> default_realm = MYREALM.COM
> default_etypes = des-cbc-crc des-cbc-md5
> default_etypes_des = des-cbc-crc des-cbc-md5
> ticket_lifetime = 24000
> clockskew = 300
> dns_lookup_realm = false
> dns_lookup_kdc = false
>
> [realms]
> MYREALM.COM = {
> kdc = myadsserver.mydomain.com
> default_domain = mydomain.com
> }
>
> [domain_realm]
> .mydomain.com = MYREALM.COM
>
> [logging]
> kdc = FILE:/var/log/kdc.log
> admin_server = FILE:/var/log/kadmin.log
> default = FILE:/var/log/krb5lib.log
>
> /etc/hosts:
> 1.2.3.4 myadsserver.mydomain.com myadsserver
>
>
> Note: Nothing goes into the logs and if I move aisde thekrb5.conf it
> still tries automatically MYREALM.COM. I put an error int he
krb5.conf
> file to see if it would notice, and it does warn about it, so it is
> looking in krb5.conf.
>
>
>
>
> David Shapiro
> Unix Team Lead
> 919-765-2011
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
In krb5.conf, try this:
[realms]
YOURDOMAIN.COM = {
default_domain = yourdomain.com
kdc = xxx.xxx.xxx.xxx (my note - use ip address of AD server)
admin_server = xxx.xxx.xxx.xxx (my note - use ip address of AD
server)
}
HTH.
Dimitri
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ADS and samba domain member: ads_connect: Cannot resolve network address for KDC in requ
I really need help with this. Is there anything I can be looking at? I
would am not getting past doing a simple kinit
[EMAIL PROTECTED] It gives me the Cannot resolve network
address for KDC as well. Does ads not like krb5? Does it need krb4?
Why doesn't kerberos provide any messages in the logs? Any suggestions
on ways to figure out what is going on? I tried truss, but that does
not show much other than I do see it looking in /etc/krb5.conf and
/usr/local/etc/krb5.conf. I can use tcpdump, but I am not sure what to
be looking for?
David Shapiro
Unix Team Lead
919-765-2011
>>> Dimitri Yioulos <[EMAIL PROTECTED]> 2/1/2006 10:15:49 AM >>>
On Wednesday February 01 2006 9:41 am, David Shapiro wrote:
> Hello,
>
> I am having a problem getting my server to join our realm as a
domain
> member server. I have read through google, yahoo, and this list,
but I
> cannot find the answer yet.
>
> When I run: net join ads -Uadministrator and try to login it gives
the
> following error:
>
> kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot
> resolve network address for KDC in requested realm
> [2006/02/01 09:33:46, 0] ../utils/net_ads.c:ads_startup(191)
> ads_connect: Cannot resolve network address for KDC in requested
> realm
>
> The details of my setup are:
>
> aix 5.2.0.7
> libiconv-1.9.1
> autoconf-2.59
> libiodbc-3.52.4
> bison-2.0
> m4-1.4.3
> db-4.4.20
> mysql-connector-odbc-3.51.12
> krb
> samba-3.0.21a
>
> ../configure --prefix=/usr/local/samba --with-ads --with-ldap
> --with-winbind --with-acl-support --with-utmp --with-quotas
> --with-sendfile-support
>
> openldap-2.3.19
>
> ./configure --enable-crypt --without-cyrus-sasl
>
>
> unixODBC-2.2.11
> gcc 3.3.2
>
> /etc/krb5.conf:
>
> [libdefaults]
> default_realm = MYREALM.COM
> default_etypes = des-cbc-crc des-cbc-md5
> default_etypes_des = des-cbc-crc des-cbc-md5
> ticket_lifetime = 24000
> clockskew = 300
> dns_lookup_realm = false
> dns_lookup_kdc = false
>
> [realms]
> MYREALM.COM = {
> kdc = myadsserver.mydomain.com
> default_domain = mydomain.com
> }
>
> [domain_realm]
> .mydomain.com = MYREALM.COM
>
> [logging]
> kdc = FILE:/var/log/kdc.log
> admin_server = FILE:/var/log/kadmin.log
> default = FILE:/var/log/krb5lib.log
>
> /etc/hosts:
> 1.2.3.4 myadsserver.mydomain.com myadsserver
>
>
> Note: Nothing goes into the logs and if I move aisde thekrb5.conf it
> still tries automatically MYREALM.COM. I put an error int he
krb5.conf
> file to see if it would notice, and it does warn about it, so it is
> looking in krb5.conf.
>
>
>
>
> David Shapiro
> Unix Team Lead
> 919-765-2011
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
In krb5.conf, try this:
[realms]
YOURDOMAIN.COM = {
default_domain = yourdomain.com
kdc = xxx.xxx.xxx.xxx (my note - use ip address of AD server)
admin_server = xxx.xxx.xxx.xxx (my note - use ip address of AD
server)
}
HTH.
Dimitri
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ADS and samba domain member: ads_connect: Cannot resolve network address for KDC in requ
Thanks,
Unfortunately, I still got the same error. I may be wrong, but it is
like it does the automatic lookup process of kdc instead of using the
krb5.conf file. However, as per my note below, if I do add bad config
info to the krb5.conf, it does complain.
David
David Shapiro
Unix Team Lead
919-765-2011
>>> Dimitri Yioulos <[EMAIL PROTECTED]> 2/1/2006 10:15:49 AM >>>
On Wednesday February 01 2006 9:41 am, David Shapiro wrote:
> Hello,
>
> I am having a problem getting my server to join our realm as a
domain
> member server. I have read through google, yahoo, and this list,
but I
> cannot find the answer yet.
>
> When I run: net join ads -Uadministrator and try to login it gives
the
> following error:
>
> kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot
> resolve network address for KDC in requested realm
> [2006/02/01 09:33:46, 0] ../utils/net_ads.c:ads_startup(191)
> ads_connect: Cannot resolve network address for KDC in requested
> realm
>
> The details of my setup are:
>
> aix 5.2.0.7
> libiconv-1.9.1
> autoconf-2.59
> libiodbc-3.52.4
> bison-2.0
> m4-1.4.3
> db-4.4.20
> mysql-connector-odbc-3.51.12
> krb
> samba-3.0.21a
>
> ../configure --prefix=/usr/local/samba --with-ads --with-ldap
> --with-winbind --with-acl-support --with-utmp --with-quotas
> --with-sendfile-support
>
> openldap-2.3.19
>
> ./configure --enable-crypt --without-cyrus-sasl
>
>
> unixODBC-2.2.11
> gcc 3.3.2
>
> /etc/krb5.conf:
>
> [libdefaults]
> default_realm = MYREALM.COM
> default_etypes = des-cbc-crc des-cbc-md5
> default_etypes_des = des-cbc-crc des-cbc-md5
> ticket_lifetime = 24000
> clockskew = 300
> dns_lookup_realm = false
> dns_lookup_kdc = false
>
> [realms]
> MYREALM.COM = {
> kdc = myadsserver.mydomain.com
> default_domain = mydomain.com
> }
>
> [domain_realm]
> .mydomain.com = MYREALM.COM
>
> [logging]
> kdc = FILE:/var/log/kdc.log
> admin_server = FILE:/var/log/kadmin.log
> default = FILE:/var/log/krb5lib.log
>
> /etc/hosts:
> 1.2.3.4 myadsserver.mydomain.com myadsserver
>
>
> Note: Nothing goes into the logs and if I move aisde thekrb5.conf it
> still tries automatically MYREALM.COM. I put an error int he
krb5.conf
> file to see if it would notice, and it does warn about it, so it is
> looking in krb5.conf.
>
>
>
>
> David Shapiro
> Unix Team Lead
> 919-765-2011
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
In krb5.conf, try this:
[realms]
YOURDOMAIN.COM = {
default_domain = yourdomain.com
kdc = xxx.xxx.xxx.xxx (my note - use ip address of AD server)
admin_server = xxx.xxx.xxx.xxx (my note - use ip address of AD
server)
}
HTH.
Dimitri
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
