krb5 + nscd + SRV records
Jack Neely
jjneely at ncsu.edu
Wed Jul 1 01:14:41 UTC 2009
On Tue, Jun 30, 2009 at 10:23:39PM +0000, "Jóhann B. Guðmundsson" wrote:
> On 06/30/2009 09:13 PM, Jack Neely wrote:
>> kinit(v5): Cannot resolve network address for KDS in realm
>>
>
> 3 things on the top of me rusty head..
>
> First broken dns setup make sure you can just test it with usual lookups
> procedures...
I can pull the srv records with dig using an any request. The results
from the f11 box are exactly the same as my RHEL 5 machine right beside
it.
>
> Second Different domains for KDC and LDAP client
>
I'm not using an Active Directory. User information comes from LDAP
using posixAccount schema. So I don't see how this comes into play.
> Try mapping the FQDN ldap domain name with the kdc domain name in
> etc/krb5.conf.
>
> [domain_realm]
> .fqdn.forldap.nscu.edu =eos.nscu.edu
>
> Thirdly try adding “single-request” to the options in /etc/resolv.conf
> #Just some recently made changes I keep in the back of my head
>
> +Boost up the loglevel in ncsd and see if it spits out something useful..
I see it pruning the actual host names of the krb servers. This agrees
with my stracing...kinit is finding the KDCs in both cases. Its just
not happy with nscd.
Jack
--
Jack Neely <jjneely at ncsu.edu>
Linux Czar, OIT Campus Linux Services
Office of Information Technology, NC State University
GPG Fingerprint: 1917 5AC1 E828 9337 7AA4 EA6B 213B 765F 3B6A 5B89
More information about the fedora-test-list
mailing list