[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: krb5 + nscd + SRV records

On Tue, Jun 30, 2009 at 10:23:39PM +0000, "Jóhann B. Guðmundsson" wrote:
> On 06/30/2009 09:13 PM, Jack Neely wrote:
>> kinit(v5): Cannot resolve network address for KDS in realm
> 3 things on the top of me rusty head..
> First broken dns setup make sure you can just test it with usual lookups  
> procedures...

I can pull the srv records with dig using an any request.  The results
from the f11 box are exactly the same as my RHEL 5 machine right beside

> Second Different domains for KDC and LDAP client

I'm not using an Active Directory.  User information comes from LDAP
using posixAccount schema.  So I don't see how this comes into play.

> Try mapping the FQDN ldap domain name with the kdc domain name in  
> etc/krb5.conf.
> [domain_realm]
> .fqdn.forldap.nscu.edu =eos.nscu.edu
> Thirdly try adding “single-request” to the options in /etc/resolv.conf  
> #Just some recently made changes I keep in the back of my head
> +Boost up the loglevel in ncsd and see if it spits out something useful..

I see it pruning the actual host names of the krb servers.  This agrees
with my stracing...kinit is finding the KDCs in both cases.  Its just
not happy with nscd.

Jack Neely <jjneely ncsu edu>
Linux Czar, OIT Campus Linux Services
Office of Information Technology, NC State University
GPG Fingerprint: 1917 5AC1 E828 9337 7AA4  EA6B 213B 765F 3B6A 5B89

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]