f



kinit cannot resolve network address

I'm trying to configure a Solaris 8 system to authenticate Samba against 
Windows 2003 ADS.  I've compiled the appropriate packages; however, I'm 
quickly stuck trying to get my kerberos ticket.   Here's the error:

sumac:/opt/local/kerberos5/bin# ./kinit admin@DCRI.DUKE.NET
kinit(v5): Cannot resolve network address for KDC in requested realm while 
getting initial credentials

Here's the lowdown:
Samba client -- sumac.dcri.duke.edu  152.16.48.61
ADS server - vmsodium.dcri.duke.net 10.0.101.65

My /etc/resolv.conf 

sumac:/opt/local/kerberos5/bin# more /etc/resolv.conf
domain dcri.duke.edu
nameserver 152.16.48.78
nameserver 152.16.49.44
nameserver 152.16.49.47

Although I rather not modify my /etc/resolv.conf, I've read that this 
error is due to DNS lookups.  I am able to resolve using nslookup.   I 
have tried 1) adding my ADS server's IP to /etc/resolv.conf and a "search 
dcri.duke.net" line.  I've also tried using the IP in the krb5.conf file. 
I can't get past that error.  Here is my /etc/krb5.conf.. 

[libdefaults]
        default_realm = dcri.duke.net


[realms]
        dcri.duke.net = {
#       kdc = vmsodium.dcri.duke.net
        kdc = 10.0.101.65
        }

[domain_realms]
        .kerberos.server = dcri.duke.net

Any help would be greatly appreciated. 


________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

0
5/9/2006 7:49:35 PM
comp.protocols.kerberos 5541 articles. 1 followers. jwinius (31) is leader. Post Follow

0 Replies
705 Views

Similar Articles

[PageSpeed] 35

Reply:

Similar Artilces:

MIT Kerberos: Cannot resolve network address for KDC in realm
Hi: I've been having a hard time getting MIT Kerberos up and running on solaris 10. The latest of my problems is this error when i run kinit from the KDC. dsldap01$ /krb5/bin/kinit rob/admin@alezeo.com kinit(v5): Cannot resolve network address for KDC in realm alezeo.com while getting initial credentials This sounds like a DNS problem, but I don't think it is. dsldap01$ host -t A dsldap01.alezeo.com dsldap01.alezeo.com has address 10.93.120.72 Also in my hosts file: 127.0.0.1 localhost 10.93.120.72 dsldap01.alezeo.com dsldap01 loghost Here is my krb5.conf ============= [libdefaults] dns_lookup_realm = false default_realm = ALEZEO.COM ticket_lifetime = 600 kdc_req_checksum_type = 2 checksum_type = 2 ccache_type = 1 default_tkt_enctypes = des-cbc-crc default_tgs_enctypes = des-cbc-crc [kdc] profile = /krb5/var/krb5kdc/kdc.conf [logging] default = FILE:/var/krb5/kdc.log kdc = FILE:/var/krb5/kdc.log admin_server = FILE:/var/krb5/adm.log [realms] ALEZEO.COM = { kdc = dsldap01.alezeo.com:88 admin_server = dsldap01.alezeo.com:749 default_domain = alezeo.com } [domain_realm] .alezeo.com = ALEZEO.COM alezeo.com = ALEZEO.COM [login] krb4_convert = 0 Here is my kdc.conf ============ [kdcdefaults] kdc_ports = 88 [realms] alezeo.com = { ...

samba+kerberos "cannot resolve network address for KDC in requested realm"
Hi, i'm quite new on kerberos and samba so i hope my question is not so stupid and i hope somebody could help me. I'm trying to join a linux machine (3.0.14a-Debian) to a W2K3 domain a member . I would like to have ads security on it but i dont know why i get this message "cannot resolve network address for KDC in requested realm" when i try "net ads join -U myuser%mypassword". Maybe i did not give u enough information to know what's the problem. Thank's in advance --------------------------------- LLama Gratis a cualquier PC del Mundo. Llamadas a fijos y m�viles desde 1 c�ntimo por minuto. http://es.voice.yahoo.com ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ...

krb5 1.6 beta 3 on Debian Lenny : kinit(v5): Cannot resolve network address for KDC in realm
I have an issue standing, where I am unable to kinit to get my Krb5 TGT locally on the KDC, but have no problems doing the same on one of my client machines. I don't care too much about this issue for as long as we talk Kerberos credentials on the server itself, however I am really puzzled by this behaviour ... Whenever I execute: kinit <user> I get: kinit(v5): Cannot resolve network address for KDC in realm EXAMPLE.COM while getting initial credentials My /etc/resolv.conf looks like this: domain example.com search example.com nameserver 127.0.0.1 My /etc/hostname looks like this: 127.0.0.1 localhost My /etc/krb5.conf looks like this: [libdefaults] default_realm = EXAMPLE.COM ticket_lifetime = 12h renew_lifetime = 7d dns_fallback = no kdc_timesync = 3 ccache_type = 4 renewable = true forwardable = true forward = true proxiable = true noaddresses = true # The following encryption type specification will be used by MIT Kerberos # if uncommented. In general, the defaults in the MIT Kerberos code are # correct and overriding these specifications only serves to disable new # encryption types as they are added, creating interoperability problems. # default_tgs_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5 # default_tkt_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5 # permitted_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-c...

AIX 5.3: kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials
Hi list, kinit (krb5 1.4.2) on an AIX 5.3 gives me # /usr/local/bin/kinit -k -t foobar.keytab foobar/foo.example.net@EXAMPLE.NET kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials From a working Linux krb5 1.4.2 installation I copied /etc/krb5.conf and foobar.keytab to AIX 5.3. The following steps don't defer to the steps I did under Linux. # ./configure --without-krb4 --enable-shared # make && make install Using gcc 3.3.2. I found a patch for krb5 1.4.1 for AIX 5.2 from Ken Raeburn, but as far as I see it is fixed in 1.4.2. My krb5.conf looks like this: [libdefaults] default_realm = EXAMPLE.NET clockskew = 300 [realms] EXAMPLE.NET = { kdc = foo.example.net:88 admin_server = foo.example.net:749 default_domain = example.net kpasswd_server = foo.example.net } [domain_realm] .example.net = EXAMPLE.NET example.net = EXAMPLE.NET [logging] default = SYSLOG:NOTICE:DAEMON kdc = FILE:/var/log/kdc.log kadmind = FILE:/var/log/kadmind.log [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false retain_after_close = false minimum_uid = 0 debug = false } Trying to analyze with tcpdump I s...

Re: AIX 5.3: kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials
Christopher, I had the exact same problem. I was given 2 patches for KRB 1.4.1 and it fixed the problem. I applied the patches to my 1.4.2 source and the problem is resolved there too. Here are the patches: DNSGLUE.C Patch: *** ./src/lib/krb5/os/dnsglue.c.orig Fri Jan 14 17:10:53 2005 --- ./src/lib/krb5/os/dnsglue.c Thu May 5 11:39:52 2005 *************** *** 62,68 **** --- 62,76 ---- char *host, int nclass, int ntype) { #if HAVE_RES_NSEARCH + #ifndef LANL struct __res_state statbuf; + #else /* LANL */ + #ifndef _AIX + struct __res_state statbuf; + #else /* _AIX */ + struct { struct __res_state s; char pad[1024]; } statbuf; + #endif /* AIX */ + #endif /* LANL */ #endif struct krb5int_dns_state *ds; int len, ret; LOCATE_KDC.C Patch: >*** ./src/lib/krb5/os/locate_kdc.c.orig Thu May 5 08:06:45 2005 >--- ./src/lib/krb5/os/locate_kdc.c Thu May 5 11:34:27 2005 >*************** >*** 267,275 **** >--- 267,283 ---- > memset(&hint, 0, sizeof(hint)); > hint.ai_family = family; > hint.ai_socktype = socktype; >+ #ifndef LANL > #ifdef AI_NUMERICSERV > hint.ai_flags = AI_NUMERICSERV; > #endif >+ #else /* LANL */ >+ #ifndef _AIX >+ #ifdef AI_NUMERICSERV >+ hint.ai_flags = AI_NUMERICSERV; >+ #endif >+ #endif /* _AIX */ >+ #endif /* LANL */ > sprintf(portbuf, "%d", ntohs(port)); > sprintf(s...

Network Security Protocol like Kerberos
Hi All, I have a simple question regarding Kerberos. Is there any Network Security Protocol like Kerberos? If yes please give some examples. -- View this message in context: http://www.nabble.com/Network-Security-Protocol-like-Kerberos-tp25462467p25462467.html Sent from the Kerberos - General mailing list archive at Nabble.com. ...

How to resolve address by host name in corporate network
I need to develop a linux device, and I want to retrieve its IP address by its host name within a corporate network (may have offices at various geographical locations). Here is my idea: I assume every corporate network shall have name server and DHCP server by default, and the linux device shall act as DHCP client. So I should be able to retrieve its IP address from the local name server. As a backup measure, I may retrieve its IP address by the device's MAC address from DHCP server. I would like to know if it makes sense to you, and if there is even better solution around. Is it possible...

Cannot resolve network address for KDC in requested realm while
Dear sir, When I join the windows 2003 domain using the command kinit, while I am getting the error "cannot resolve network address for KDC is requested realm while getting initial credentials" Another one when I join the windows 2003 domain using the command " net ads join -U administrator" I am getting following error "utils/net_ads.c:ads_startup(186) ads_connect:No such file (or) directory" So kindly send the mail How to rectify this problem. With Regards R.Balaji ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ...

[rfc-dist] BCP0135, RFC 5135 on IP Multicast Requirements for a Network Address Translator (NAT) and a Network Address Port Translator (NAPT)
A new Request for Comments is now available in online RFC libraries. BCP 135 RFC 5135 Title: IP Multicast Requirements for a Network Address Translator (NAT) and a Network Address Port Translator (NAPT) Author: D. Wing, T. Eckert Status: Best Current Practice Date: February 2008 Mailbox: dwing@cisco.com, eckert@cisco.com Pages: 16 Characters: 36528 Updates: See-Also: BCP0135 I-D Tag: draft-ietf-behave-multicast-12.txt URL: http://www.rfc-editor.org/rfc/rfc5135.txt This document specifies requirements for a for a Network Address Translator (NAT) and a Network Address Port Translator (NAPT) that support Any Source IP Multicast or Source-Specific IP Multicast. An IP multicast-capable NAT device that adheres to the requirements of this document can optimize the operation of IP multicast applications that are generally unaware of IP multicast NAT devices. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. This document is a product of the Behavior Engineering for Hindrance Avoidance Working Group of the IETF. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and sugg...

Cannot resolve network address for KDC in requested realm while getting initial credentials
On Red Hat linux 2.4.9 krb5-devel-1.2.2-24 krb5-libs-1.2.2-24 krb5-server-1.2.2-24 krb5-workstation-1.2.2-24 running everything on the local host I can run kinit.just fine: kinit test Password for test@host.COM: I can create a keytab file: kadmin.local: ktadd -k /var/kerberos/krb5kdc/kadm5test test Entry for principal test with kvno 5, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5test. Entry for principal test with kvno 5, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5test. However, I can't kinit using this keytab file: [root@host/var/kerberos/krb5kdc]$ kinit -k kadm5test kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials klist shows: [root@bde-idm3 /var/kerberos/krb5kdc]$ klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: test@BDE-IDM3.US.ORACLE.COM Valid starting Expires Service principal 01/20/05 14:53:59 01/21/05 00:53:59 krbtgt/HOST.COM@HOST.COM Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached A secondary problem is now the password seems to have been changed after creating the keytab, and I can no longer kinit (without the keytab): [root@host /var/kerberos/krb5kdc]$ kinit test Password for test@host.US.ORACLE.COM: kinit(v5): Password incorrect while getting initial credentials For testing purposes I'm using my hostname as my realm name. I&#...

[rfc-dist] BCP 150, RFC 5597 on Network Address Translation (NAT) Behavioral Requirements for the Datagram Congestion Control Protocol
A new Request for Comments is now available in online RFC libraries. BCP 150 RFC 5597 Title: Network Address Translation (NAT) Behavioral Requirements for the Datagram Congestion Control Protocol Author: R. Denis-Courmont Status: Best Current Practice Date: September 2009 Mailbox: rem@videolan.org Pages: 9 Characters: 18933 See Also: BCP00150 I-D Tag: draft-ietf-behave-dccp-05.txt URL: http://www.rfc-editor.org/rfc/rfc5597.txt This document defines a set of requirements for NATs handling the Datagram Congestion Control Protocol (DCCP). These requirements allow DCCP applications, such as streaming applications, to operate consistently, and they are very similar to the TCP requirements for NATs, which have already been published by the IETF. Ensuring that NATs meet this set of requirements will greatly increase the likelihood that applications using DCCP will function properly. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. This document is a product of the Behavior Engineering for Hindrance Avoidance Working Group of the IETF. BCP: This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and sugg...

Network Infrastructure IP address re-addressing
Hi everyone, Would anyone kindly share their experience or related information (web, doc, etc) on this topic? e.g. 1. Initial planning for time usage, human resources usage and requirement specification. 2. Rough estimation or forecast of the impact to current equipment (hardware and software configuration. 3. Action plan, etc Greatly appreciate for any bit of information about this topic. Thanks alot! Cheers~ In article <d874e92f.0501111859.386e0718@posting.google.com>, Niche <jackyliu419@gmail.com> wrote: :Would anyone kindly share their experience or related information :(w...

How to resolve all queries from ip address to 1 address?
Hi all, Is it possible to resolve all queries from a specific IP range / IP = address to 1 specific IP address? If so, is there an example named.conf / docs available? --=20 Joost In article <cchr68$21tu$1@sf1.isc.org>, "Joost Kraaijeveld" <J.Kraaijeveld@Askesis.nl> wrote: > Hi all, > > Is it possible to resolve all queries from a specific IP range / IP = > address > to 1 specific IP address? If so, is there an example named.conf / docs > available? Use views, and put the following in the view that matches those IP's: zone "." { type master; file "db.root"; }; The file db.root should contain: @ IN SOA <usual SOA stuff> IN NS <yourservername> * IN A <specific IP address> -- Barry Margolin, barmar@alum.mit.edu Arlington, MA *** PLEASE post questions in newsgroups, not directly to me *** ...

Difference between network protocol hierarchy and a protocol stack
Hi all, I was wondering if somebody could give me a definitive guide as to the difference between a protocol hierarchy and a protocol stack. It appears that there is a blurred boundary between the two when I search on the net. Kind regards, Chris <christopher.bloomfield@bt.com> wrote: > I was wondering if somebody could give me a definitive guide as to the > difference between a protocol hierarchy and a protocol stack. It > appears that there is a blurred boundary between the two when I search > on the net. One is a concept, the other an impleme...

Network Protocol
Hi! Could somebody tell me if any network protocol can be implemented in Mathematica. I am trying to control a continuous system using any of the available network protocls. Thanks, Raj ...

Network Protocols
I can't get the network protocol to list the available network protocols to pick from. Version: Filemaker Pro 5.5 Operating System: Windows 98 Protocols Loaded: TCP/IP, IPX/SPX Is there a difference between the setup procedures to recognize these protoocols that is different between Windows2000 and Windows98. I ask because I have a system with Windows2000 and I have no problem listing the network protocols, but the Windows 98 system can't seem to find them. They do list in the Network Properties of the Windows 98 System. Any suggestions? von http://home.comcast.net/~redbai/ ...

Address resolve...
Hi, I've a problem: my linuxbox resolve in two different ip address the same email address. In first case it's correct and the mail are delivered, but in the second case the mail are bounced and the error is "Relaying not allowed - please use SMTP AUTH". I've called the admin of the provider and he said that the second mail server is reserved for the office and is just for internals users. Can I solve the problem of bad resolve???? Thank's and sorry for english big mistake :) Willy In article <jkc3e.3608$aH3.2453@news.edisontel.com> Willy <willy@nospa...

Network Protocols
Hello I need detailed information on different network protocols. I have found an article that describes protocols in general here: http://www.customessay.org/computer.htm and now I need more detailed infos. Thank you. In article <1108146792.941352.167960@z14g2000cwz.googlegroups.com>, Glen <vb_research@yahoo.de> wrote: :I need detailed information on different network protocols. I have :found an article that describes protocols in general here: :[url] and now I need more detailed :infos. Which protocols do you need information about and what information do you ne...

Networking Protocols
Click to view all networking protocols Link: http://www.webtechnoworld.com/Network-Protocols.php ...

network protocols
Hey I was surprised not to find any way to list all protocol names listed in /etc/protocols in Python We have socket.getprotobyname(NAME) But there's no way to get the list of names Any ideas if this is available in the stdlib somehwere ? Thx Tarek ...

Address of address
If I have an array of int: int array[8]; I suppose the correct way to clear it using memset() would be: memset(array, 0, 8 * sizeof(int)); However, I've seen the following in a piece of code: memset(&array, 0, 8 * sizeof(int)); What does (or shall) the compiler do in this case? Is the behaviour defined? /Krister krister@kalleanka.se said: > If I have an array of int: > > int array[8]; > > I suppose the correct way to clear it using memset() would be: > memset(array, 0, 8 * sizeof(int)); You can initialise it like this: int array[8] = {0}; If you need to ...

Network Protocol?
I know this is the wrong group but I need a little pointing in a direction please. I need to write an implementation of a yet to be published protocol. It is transported over the internet via IP. Can any one help me with ideas of how to write such drivers in Windows? or if that's not doable should I develop it in Linux? This is just for testing. Thanks DaveC "DaveC" <bobason456@hotmail.com> wrote in message news:Xns9521C3784D510ohirohotmailcom@203.96.16.33... > I know this is the wrong group but I need a little pointing in a direction > please. > > I ne...

Are "Domain of sender address does not resolve" errors really resolver errors?
I am running RedHat Linux 8.0, sendmail Version: 8.12.8 RedHat RPM: sendmail-8.12.8-5.80, and BIND Version: 9.2.1 RedHat RPM: bind-9.2.1-9 I am having problems sending and receiving mail from specific domains. Here is a sample error from the maillog: Aug 12 12:53:26 hostname sendmail[3962]: h7CIrO35003962: ruleset=check_rcpt, arg1=<someone@somewhere.org>, relay=hidden-user@stopper [10.0.0.x], reject=451 4.1.8 Domain of sender address someone@bgcppr.org does not resolve I have tried increasing the timeout values in the /etc/mail/sendmail.mc files, as I am seeing timeouts sending mail ...

US-TX-Austin: Network Specialist, Managing a local area network, protocol manage (45293932404)
US-TX-Austin: Network Specialist, Managing a local area network, protocol manage (45293932404) ============================================================================================== Position: Network Specialist Reference: JGG00083 Location: Austin TX Duration: 1600 h Skills: Managing a local area network, protocol management, and server performance tuning activities, (Extensive experience (5+ years). Managing a wide area network, Experience (3+ years). Support of personal computer hardware and so...

Web resources about - kinit cannot resolve network address - comp.protocols.kerberos

Halifax Resolves - Wikipedia, the free encyclopedia
The creation and ratification of the resolves was the result of a strong movement in the colonies advocating separation from Britain. These separatists, ...

Facebook and Yahoo in talks to resolve patent dispute, court filing confirms
Facebook and Yahoo are looking to settle two patent-infringement suits between the companies, according to a court filing from Yahoo. Yahoo’s ...

2014 Zodiac great resolve on the App Store on iTunes
Get 2014 Zodiac great resolve on the App Store. See screenshots and ratings, and read customer reviews.


Power cuts and high temperatures test Ramadan resolve in Tehran - The National
... until they are allowed to quench their thirst. TEHRAN // A combination of long days and regular power outages appear to have weakened the resolve ...

NEWS ROUND-UP: Kroll Ontrack, Express Online, SoftLayer, Resolve and Juniper Networks
Kroll Ontrack and TES-AMM team to support Queensland skills and recycling initiative

OZ Minerals hopes Korean talks will resolve stalemate at Sandfire
OZ Minerals hopes Korean talks will resolve stalemate at Sandfire

Market turbulence will test the Fed’s resolve
Global monetary policies since the crisis have created significant vulnerabilities within the global economy and there is no painless way for ...

China, Japan in secret talks to resolve dispute
China, Japan in secret talks to resolve dispute

Europe won't resolve its 'migrant crisis' until it faces its own past
Warwick University Professor of Sociology Gurminder K. Bhambra asks if the world would be doing more if the migrants at the centre of Europe's ...

Resources last updated: 3/10/2016 2:22:16 PM