samba - Feb 2006 - ADS and samba domain member: ads_connect: Cannot resolve network address for KDC in requ

Thanks,
 
Unfortunately, I still got the same error.  I may be wrong, but it is
like it does the automatic lookup process of kdc instead of using the
krb5.conf file.  However, as per my note below, if I do add bad config
info to the krb5.conf, it does complain.
 
David
 
 
David Shapiro
Unix Team Lead
919-765-2011
>>> Dimitri Yioulos <dyioulos@firstbhph.com> 2/1/2006 10:15:49 AM
>>>
On Wednesday February 01 2006 9:41 am, David Shapiro
wrote:
> Hello,
>
> I am having a problem getting my server to join our realm as a
domain
> member server.   I have read through google, yahoo, and this list,
but I
> cannot find the answer yet.
>
> When I run: net join ads -Uadministrator and try to login it gives
the
> following error:
>
>  kerberos_kinit_password Administrator@MYREALM.COM failed: Cannot
> resolve network address for KDC in requested realm
> [2006/02/01 09:33:46, 0] ../utils/net_ads.c:ads_startup(191)
>   ads_connect: Cannot resolve network address for KDC in requested
> realm
>
> The details of my setup are:
>
> aix 5.2.0.7
> libiconv-1.9.1
> autoconf-2.59
> libiodbc-3.52.4
> bison-2.0
> m4-1.4.3
> db-4.4.20
> mysql-connector-odbc-3.51.12
> krb
> samba-3.0.21a
>
> ../configure --prefix=/usr/local/samba --with-ads --with-ldap
> --with-winbind --with-acl-support --with-utmp --with-quotas
> --with-sendfile-support
>
> openldap-2.3.19
>
> ./configure --enable-crypt --without-cyrus-sasl
>
>
> unixODBC-2.2.11
> gcc 3.3.2
>
> /etc/krb5.conf:
>
> [libdefaults]
>         default_realm = MYREALM.COM
>         default_etypes = des-cbc-crc des-cbc-md5
>         default_etypes_des = des-cbc-crc des-cbc-md5
>         ticket_lifetime = 24000
>         clockskew = 300
>         dns_lookup_realm = false
>         dns_lookup_kdc = false
>
> [realms]
>         MYREALM.COM = {
>                 kdc = myadsserver.mydomain.com
>                 default_domain = mydomain.com
>         }
>
> [domain_realm]
>         .mydomain.com = MYREALM.COM
>
> [logging]
>         kdc = FILE:/var/log/kdc.log
>         admin_server = FILE:/var/log/kadmin.log
>         default = FILE:/var/log/krb5lib.log
>
> /etc/hosts:
> 1.2.3.4   myadsserver.mydomain.com myadsserver
>
>
> Note: Nothing goes into the logs and if I move aisde thekrb5.conf it
> still tries automatically MYREALM.COM.  I put an error int he
krb5.conf
> file to see if it would notice, and it does warn about it, so it is
> looking in krb5.conf.
>
>
>
>
> David Shapiro
> Unix Team Lead
> 919-765-2011
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
In krb5.conf, try this:

[realms]
  YOURDOMAIN.COM = {
       default_domain = yourdomain.com
       kdc = xxx.xxx.xxx.xxx   (my note - use ip address of AD server)
       admin_server = xxx.xxx.xxx.xxx  (my note - use ip address of AD
server)
}

HTH.

Dimitri

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

I really need help with this.  Is there anything I can be looking at?  I
would am not getting past doing a simple kinit
Administrator@MYREALM.COM.  It gives me the Cannot resolve network
address for KDC as well.  Does ads not like krb5?  Does it need krb4? 
Why doesn't kerberos provide any messages in the logs?  Any suggestions
on ways to figure out what is going on?  I tried truss, but that does
not show much other than I do see it looking in /etc/krb5.conf and
/usr/local/etc/krb5.conf.  I can use tcpdump, but I am not sure what to
be looking for?  
 
David Shapiro
Unix Team Lead
919-765-2011
>>> Dimitri Yioulos <dyioulos@firstbhph.com> 2/1/2006 10:15:49 AM
>>>
On Wednesday February 01 2006 9:41 am, David Shapiro
wrote:
> Hello,
>
> I am having a problem getting my server to join our realm as a
domain
> member server.   I have read through google, yahoo, and this list,
but I
> cannot find the answer yet.
>
> When I run: net join ads -Uadministrator and try to login it gives
the
> following error:
>
>  kerberos_kinit_password Administrator@MYREALM.COM failed: Cannot
> resolve network address for KDC in requested realm
> [2006/02/01 09:33:46, 0] ../utils/net_ads.c:ads_startup(191)
>   ads_connect: Cannot resolve network address for KDC in requested
> realm
>
> The details of my setup are:
>
> aix 5.2.0.7
> libiconv-1.9.1
> autoconf-2.59
> libiodbc-3.52.4
> bison-2.0
> m4-1.4.3
> db-4.4.20
> mysql-connector-odbc-3.51.12
> krb
> samba-3.0.21a
>
> ../configure --prefix=/usr/local/samba --with-ads --with-ldap
> --with-winbind --with-acl-support --with-utmp --with-quotas
> --with-sendfile-support
>
> openldap-2.3.19
>
> ./configure --enable-crypt --without-cyrus-sasl
>
>
> unixODBC-2.2.11
> gcc 3.3.2
>
> /etc/krb5.conf:
>
> [libdefaults]
>         default_realm = MYREALM.COM
>         default_etypes = des-cbc-crc des-cbc-md5
>         default_etypes_des = des-cbc-crc des-cbc-md5
>         ticket_lifetime = 24000
>         clockskew = 300
>         dns_lookup_realm = false
>         dns_lookup_kdc = false
>
> [realms]
>         MYREALM.COM = {
>                 kdc = myadsserver.mydomain.com
>                 default_domain = mydomain.com
>         }
>
> [domain_realm]
>         .mydomain.com = MYREALM.COM
>
> [logging]
>         kdc = FILE:/var/log/kdc.log
>         admin_server = FILE:/var/log/kadmin.log
>         default = FILE:/var/log/krb5lib.log
>
> /etc/hosts:
> 1.2.3.4   myadsserver.mydomain.com myadsserver
>
>
> Note: Nothing goes into the logs and if I move aisde thekrb5.conf it
> still tries automatically MYREALM.COM.  I put an error int he
krb5.conf
> file to see if it would notice, and it does warn about it, so it is
> looking in krb5.conf.
>
>
>
>
> David Shapiro
> Unix Team Lead
> 919-765-2011
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
In krb5.conf, try this:

[realms]
  YOURDOMAIN.COM = {
       default_domain = yourdomain.com
       kdc = xxx.xxx.xxx.xxx   (my note - use ip address of AD server)
       admin_server = xxx.xxx.xxx.xxx  (my note - use ip address of AD
server)
}

HTH.

Dimitri

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Is there no fix for thi?  Nobody answers this for me or other people
asking this question.

I really need help with this.  Is there anything I can be looking at? 
I would am not getting past doing a simple kinit
Administrator@MYREALM.COM.  It gives me the Cannot resolve network
address for KDC as well.  Does ads not like krb5?  Does it need krb4? 
Why doesn't kerberos provide any messages in the logs?  Any suggestions
on ways to figure out what is going on?  I tried truss, but that does
not show much other than I do see it looking in /etc/krb5.conf and
/usr/local/etc/krb5.conf.  I can use tcpdump, but I am not sure what to
be looking for?  
 
David Shapiro
Unix Team Lead
919-765-2011
 
David Shapiro
Unix Team Lead
919-765-2011
>>> Dimitri Yioulos <dyioulos@firstbhph.com> 2/1/2006 10:15:49 AM
>>>
On Wednesday February 01 2006 9:41 am, David Shapiro
wrote:
> Hello,
>
> I am having a problem getting my server to join our realm as a
domain
> member server.   I have read through google, yahoo, and this list,
but I
> cannot find the answer yet.
>
> When I run: net join ads -Uadministrator and try to login it gives
the
> following error:
>
>  kerberos_kinit_password Administrator@MYREALM.COM failed: Cannot
> resolve network address for KDC in requested realm
> [2006/02/01 09:33:46, 0] ../utils/net_ads.c:ads_startup(191)
>   ads_connect: Cannot resolve network address for KDC in requested
> realm
>
> The details of my setup are:
>
> aix 5.2.0.7
> libiconv-1.9.1
> autoconf-2.59
> libiodbc-3.52.4
> bison-2.0
> m4-1.4.3
> db-4.4.20
> mysql-connector-odbc-3.51.12
> krb
> samba-3.0.21a
>
> ../configure --prefix=/usr/local/samba --with-ads --with-ldap
> --with-winbind --with-acl-support --with-utmp --with-quotas
> --with-sendfile-support
>
> openldap-2.3.19
>
> ./configure --enable-crypt --without-cyrus-sasl
>
>
> unixODBC-2.2.11
> gcc 3.3.2
>
> /etc/krb5.conf:
>
> [libdefaults]
>         default_realm = MYREALM.COM
>         default_etypes = des-cbc-crc des-cbc-md5
>         default_etypes_des = des-cbc-crc des-cbc-md5
>         ticket_lifetime = 24000
>         clockskew = 300
>         dns_lookup_realm = false
>         dns_lookup_kdc = false
>
> [realms]
>         MYREALM.COM = {
>                 kdc = myadsserver.mydomain.com
>                 default_domain = mydomain.com
>         }
>
> [domain_realm]
>         .mydomain.com = MYREALM.COM
>
> [logging]
>         kdc = FILE:/var/log/kdc.log
>         admin_server = FILE:/var/log/kadmin.log
>         default = FILE:/var/log/krb5lib.log
>
> /etc/hosts:
> 1.2.3.4   myadsserver.mydomain.com myadsserver
>
>
> Note: Nothing goes into the logs and if I move aisde thekrb5.conf it
> still tries automatically MYREALM.COM.  I put an error int he
krb5.conf
> file to see if it would notice, and it does warn about it, so it is
> looking in krb5.conf.
>
>
>
>
> David Shapiro
> Unix Team Lead
> 919-765-2011
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
In krb5.conf, try this:

[realms]
  YOURDOMAIN.COM = {
       default_domain = yourdomain.com
       kdc = xxx.xxx.xxx.xxx   (my note - use ip address of AD server)
       admin_server = xxx.xxx.xxx.xxx  (my note - use ip address of AD
server)
}

HTH.

Dimitri

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

On Thu, Feb 02, 2006 at 08:49:55AM -0500, David Shapiro
wrote:
> Is there no fix for thi?  Nobody answers this for me or other people
> asking this question.
> 
> I really need help with this.
If you really must have help with this, paid support is
available here :

http://samba.org/samba/support/

Look at the list on your left for your geographic area.

Jeremy.

/etc/host, resolv.conf are fine.  nsswitch.conf does not exist on aix
systems, but I did add the winbindd entry where aix expects it.    I
guess we will see if people respond, but I noticed nobody answered this
type of question in the past...
 
David
 
 
David Shapiro
Unix Team Lead
919-765-2011 
>>> Dimitri Yioulos <dyioulos@firstbhph.com> 2/2/2006 10:18 AM
>>>
On Thursday February 02 2006 8:49 am, David Shapiro
wrote:
> Is there no fix for thi?  Nobody answers this for me or other people
> asking this question.
>
> I really need help with this.  Is there anything I can be looking
at?
> I would am not getting past doing a simple kinit
> Administrator@MYREALM.COM.  It gives me the Cannot resolve network
> address for KDC as well.  Does ads not like krb5?  Does it need
krb4?
> Why doesn't kerberos provide any messages in the logs?  Any
suggestions
> on ways to figure out what is going on?  I tried truss, but that
does
> not show much other than I do see it looking in /etc/krb5.conf and
> /usr/local/etc/krb5.conf.  I can use tcpdump, but I am not sure what
to
> be looking for?
>
> David Shapiro
> Unix Team Lead
> 919-765-2011
>
> David Shapiro
> Unix Team Lead
> 919-765-2011
>
> >>> Dimitri Yioulos <dyioulos@firstbhph.com> 2/1/2006
10:15:49 AM
>>>
>
> On Wednesday February 01 2006 9:41 am, David Shapiro wrote:
> > Hello,
> >
> > I am having a problem getting my server to join our realm as a
>
> domain
>
> > member server.   I have read through google, yahoo, and this list,
>
> but I
>
> > cannot find the answer yet.
> >
> > When I run: net join ads -Uadministrator and try to login it gives
>
> the
>
> > following error:
> >
> >  kerberos_kinit_password Administrator@MYREALM.COM failed: Cannot
> > resolve network address for KDC in requested realm
> > [2006/02/01 09:33:46, 0] ../utils/net_ads.c:ads_startup(191)
> >   ads_connect: Cannot resolve network address for KDC in requested
> > realm
> >
> > The details of my setup are:
> >
> > aix 5.2.0.7
> > libiconv-1.9.1
> > autoconf-2.59
> > libiodbc-3.52.4
> > bison-2.0
> > m4-1.4.3
> > db-4.4.20
> > mysql-connector-odbc-3.51.12
> > krb
> > samba-3.0.21a
> >
> > ../configure --prefix=/usr/local/samba --with-ads --with-ldap
> > --with-winbind --with-acl-support --with-utmp --with-quotas
> > --with-sendfile-support
> >
> > openldap-2.3.19
> >
> > ./configure --enable-crypt --without-cyrus-sasl
> >
> >
> > unixODBC-2.2.11
> > gcc 3.3.2
> >
> > /etc/krb5.conf:
> >
> > [libdefaults]
> >         default_realm = MYREALM.COM
> >         default_etypes = des-cbc-crc des-cbc-md5
> >         default_etypes_des = des-cbc-crc des-cbc-md5
> >         ticket_lifetime = 24000
> >         clockskew = 300
> >         dns_lookup_realm = false
> >         dns_lookup_kdc = false
> >
> > [realms]
> >         MYREALM.COM = {
> >                 kdc = myadsserver.mydomain.com
> >                 default_domain = mydomain.com
> >         }
> >
> > [domain_realm]
> >         .mydomain.com = MYREALM.COM
> >
> > [logging]
> >         kdc = FILE:/var/log/kdc.log
> >         admin_server = FILE:/var/log/kadmin.log
> >         default = FILE:/var/log/krb5lib.log
> >
> > /etc/hosts:
> > 1.2.3.4   myadsserver.mydomain.com myadsserver
> >
> >
> > Note: Nothing goes into the logs and if I move aisde thekrb5.conf
it
> > still tries automatically MYREALM.COM.  I put an error int he
>
> krb5.conf
>
> > file to see if it would notice, and it does warn about it, so it
is
> > looking in krb5.conf.
> >
> >
> >
> >
> > David Shapiro
> > Unix Team Lead
> > 919-765-2011
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
>
> In krb5.conf, try this:
>
> [realms]
>   YOURDOMAIN.COM = {
>        default_domain = yourdomain.com
>        kdc = xxx.xxx.xxx.xxx   (my note - use ip address of AD
server)
>        admin_server = xxx.xxx.xxx.xxx  (my note - use ip address of
AD
> server)
> }
>
> HTH.
>
> Dimitri
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

David,

Firstly, be mindful that the list is made up of volunteers who do their
best 
to provide answers as quickly as possible.  Sometimes you may have to
wait a 
bit longer, but I've always found these folks to be most kind and
helpful.  
Give 'em a chance.

Now, after that mild rebuke:  I have little experience with AIX; my
responses 
are based on my work with Samba on Linux.  That said, I believe that
you 
should have nsswitch.conf and resolv.conf files on the system.  Are
these 
configured correctly?  Is pam.d/login configured correctly?

Dimitri

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba