Re: [Samba] ADS and samba domain member: ads_connect: Cannot resolve network address for KDC in requ
David Shapiro wrote: /etc/host, resolv.conf are fine. nsswitch.conf does not exist on aix systems, but I did add the winbindd entry where aix expects it.I guess we will see if people respond, but I noticed nobody answered this type of question in the past... Not that many people using AIX. Dimitri Yioulos <[EMAIL PROTECTED]> 2/2/2006 10:18 AM >>> On Thursday February 02 2006 8:49 am, David Shapiro wrote: Is there no fix for thi? Nobody answers this for me or other people asking this question. I really need help with this. Is there anything I can be looking at? I would am not getting past doing a simple kinit [EMAIL PROTECTED] It gives me the Cannot resolve network address for KDC as well. Does ads not like krb5? Does it need krb4? Why doesn't kerberos provide any messages in the logs? Any suggestions on ways to figure out what is going on? I tried truss, but that does not show much other than I do see it looking in /etc/krb5.conf and /usr/local/etc/krb5.conf. I can use tcpdump, but I am not sure what AIX wants krb5.conf in /etc/krb5/krb5.conf. Doesn't hurt to use a symbolic link: cd /etc mkdir krb5 cd /etc/krb5.conf ln -s krb5.conf ../krb5.conf to be looking for? Dimitri Yioulos <[EMAIL PROTECTED]> 2/1/2006 10:15:49 AM On Wednesday February 01 2006 9:41 am, David Shapiro wrote: Hello, I am having a problem getting my server to join our realm as a domain member server. I have read through google, yahoo, and this list, but I cannot find the answer yet. When I run: net join ads -Uadministrator and try to login it gives the following error: kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot resolve network address for KDC in requested realm [2006/02/01 09:33:46, 0] ../utils/net_ads.c:ads_startup(191) ads_connect: Cannot resolve network address for KDC in requested realm The details of my setup are: aix 5.2.0.7 libiconv-1.9.1 autoconf-2.59 libiodbc-3.52.4 bison-2.0 m4-1.4.3 db-4.4.20 mysql-connector-odbc-3.51.12 krb Not good enough. You need to specify what version Kerberos. Also it looks like you may be using the linux affinity toolkit. Did you compile your own Kerberos? samba-3.0.21a ../configure --prefix=/usr/local/samba --with-ads --with-ldap --with-winbind --with-acl-support --with-utmp --with-quotas --with-sendfile-support openldap-2.3.19 ./configure --enable-crypt --without-cyrus-sasl unixODBC-2.2.11 gcc 3.3.2 /etc/krb5.conf: [libdefaults] default_realm = MYREALM.COM default_etypes = des-cbc-crc des-cbc-md5 default_etypes_des = des-cbc-crc des-cbc-md5 The way it works is this. If you override the defaults if your version of Kerberos doesn't support rc4-hmac (<1.3.4), you must not specify it (doh). else if your version of Kerberos supports rc4-hmac (>=1.3.4), you must specify rc4-hmac as one of the allowable enctypes else userAccountControl in ldap doesn't get set up in agreement with your manual krb5 spec on net join. My current 1.3.6 and previous versions of Kerberos use these parameters default_tgs_enctypes default_tkt_enctypes permitted_enctypes "enctypes" not "etypes" ticket_lifetime = 24000 clockskew = 300 dns_lookup_realm = false dns_lookup_kdc = false [realms] MYREALM.COM = { kdc = myadsserver.mydomain.com default_domain = mydomain.com } [domain_realm] .mydomain.com = MYREALM.COM While it's not be impossible to have a different REALM than domain name, MS doesn't do it and you're asking for extra problems. MS sometimes makes assumptions that have to be worked around. For a first time test, try [libdefaults] default_realm = MYDOMAIN.COM ... {realms] MYDOMAIN.COM = { ... Probably already too late. In krb5.conf, try this: [realms] YOURDOMAIN.COM = { default_domain = yourdomain.com kdc = xxx.xxx.xxx.xxx (my note - use ip address of AD server) admin_server = xxx.xxx.xxx.xxx (my note - use ip address of AD server) } HTH. Dimitri David, Firstly, be mindful that the list is made up of volunteers who do their best to provide answers as quickly as possible. Sometimes you may have to wait a bit longer, but I've always found these folks to be most kind and helpful. Give 'em a chance. I've come up on deadlines, come to the end of my rope, and not had the budget for paid assistance, and asked the same question out of desperation. Always punish myself afterwards. Bad Doug Bad Dog. Now, after that mild rebuke: I have little experience with AIX; my responses are based on my work with Samba on Linux. That said, I believe that you should have nsswitch.conf and resolv.conf files on the system. Are these configured correctly? Is pam.d/login configured correctly? Dimitri Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ADS and samba domain member: ads_connect: Cannot resolve network address for KDC in requ
/etc/host, resolv.conf are fine. nsswitch.conf does not exist on aix systems, but I did add the winbindd entry where aix expects it.I guess we will see if people respond, but I noticed nobody answered this type of question in the past... David David Shapiro Unix Team Lead 919-765-2011 >>> Dimitri Yioulos <[EMAIL PROTECTED]> 2/2/2006 10:18 AM >>> On Thursday February 02 2006 8:49 am, David Shapiro wrote: > Is there no fix for thi? Nobody answers this for me or other people > asking this question. > > I really need help with this. Is there anything I can be looking at? > I would am not getting past doing a simple kinit > [EMAIL PROTECTED] It gives me the Cannot resolve network > address for KDC as well. Does ads not like krb5? Does it need krb4? > Why doesn't kerberos provide any messages in the logs? Any suggestions > on ways to figure out what is going on? I tried truss, but that does > not show much other than I do see it looking in /etc/krb5.conf and > /usr/local/etc/krb5.conf. I can use tcpdump, but I am not sure what to > be looking for? > > David Shapiro > Unix Team Lead > 919-765-2011 > > David Shapiro > Unix Team Lead > 919-765-2011 > > >>> Dimitri Yioulos <[EMAIL PROTECTED]> 2/1/2006 10:15:49 AM >>> > > On Wednesday February 01 2006 9:41 am, David Shapiro wrote: > > Hello, > > > > I am having a problem getting my server to join our realm as a > > domain > > > member server. I have read through google, yahoo, and this list, > > but I > > > cannot find the answer yet. > > > > When I run: net join ads -Uadministrator and try to login it gives > > the > > > following error: > > > > kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot > > resolve network address for KDC in requested realm > > [2006/02/01 09:33:46, 0] ../utils/net_ads.c:ads_startup(191) > > ads_connect: Cannot resolve network address for KDC in requested > > realm > > > > The details of my setup are: > > > > aix 5.2.0.7 > > libiconv-1.9.1 > > autoconf-2.59 > > libiodbc-3.52.4 > > bison-2.0 > > m4-1.4.3 > > db-4.4.20 > > mysql-connector-odbc-3.51.12 > > krb > > samba-3.0.21a > > > > ../configure --prefix=/usr/local/samba --with-ads --with-ldap > > --with-winbind --with-acl-support --with-utmp --with-quotas > > --with-sendfile-support > > > > openldap-2.3.19 > > > > ./configure --enable-crypt --without-cyrus-sasl > > > > > > unixODBC-2.2.11 > > gcc 3.3.2 > > > > /etc/krb5.conf: > > > > [libdefaults] > > default_realm = MYREALM.COM > > default_etypes = des-cbc-crc des-cbc-md5 > > default_etypes_des = des-cbc-crc des-cbc-md5 > > ticket_lifetime = 24000 > > clockskew = 300 > > dns_lookup_realm = false > > dns_lookup_kdc = false > > > > [realms] > > MYREALM.COM = { > > kdc = myadsserver.mydomain.com > > default_domain = mydomain.com > > } > > > > [domain_realm] > > .mydomain.com = MYREALM.COM > > > > [logging] > > kdc = FILE:/var/log/kdc.log > > admin_server = FILE:/var/log/kadmin.log > > default = FILE:/var/log/krb5lib.log > > > > /etc/hosts: > > 1.2.3.4 myadsserver.mydomain.com myadsserver > > > > > > Note: Nothing goes into the logs and if I move aisde thekrb5.conf it > > still tries automatically MYREALM.COM. I put an error int he > > krb5.conf > > > file to see if it would notice, and it does warn about it, so it is > > looking in krb5.conf. > > > > > > > > > > David Shapiro > > Unix Team Lead > > 919-765-2011 > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/listinfo/samba > > In krb5.conf, try this: > > [realms] > YOURDOMAIN.COM = { >default_domain = yourdomain.com >kdc = xxx.xxx.xxx.xxx (my note - use ip address of AD server) >admin_server = xxx.xxx.xxx.xxx (my note - use ip address of AD > server) > } > > HTH. > > Dimitri > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba David, Firstly, be mindful that the list is made up of volunteers who do their best to provide answers as quickly as possible. Sometimes you may have to wait a bit longer, but I've always found these folks to be most kind and helpful. Give 'em a chance. Now, after that mild rebuke: I have little experience with AIX; my responses are based on my work with Samba on Linux. That said, I believe that you should have nsswitch.conf and resolv.conf files on the system. Are these configured correctly? Is pam.d/login configured correctly? Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is belie
Re: [Samba] ADS and samba domain member: ads_connect: Cannot resolve network address for KDC in requ
On Thu, Feb 02, 2006 at 08:49:55AM -0500, David Shapiro wrote: > Is there no fix for thi? Nobody answers this for me or other people > asking this question. > > I really need help with this. If you really must have help with this, paid support is available here : http://samba.org/samba/support/ Look at the list on your left for your geographic area. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ADS and samba domain member: ads_connect: Cannot resolve network address for KDC in requ
On Thursday February 02 2006 8:49 am, David Shapiro wrote: > Is there no fix for thi? Nobody answers this for me or other people > asking this question. > > I really need help with this. Is there anything I can be looking at? > I would am not getting past doing a simple kinit > [EMAIL PROTECTED] It gives me the Cannot resolve network > address for KDC as well. Does ads not like krb5? Does it need krb4? > Why doesn't kerberos provide any messages in the logs? Any suggestions > on ways to figure out what is going on? I tried truss, but that does > not show much other than I do see it looking in /etc/krb5.conf and > /usr/local/etc/krb5.conf. I can use tcpdump, but I am not sure what to > be looking for? > > David Shapiro > Unix Team Lead > 919-765-2011 > > David Shapiro > Unix Team Lead > 919-765-2011 > > >>> Dimitri Yioulos <[EMAIL PROTECTED]> 2/1/2006 10:15:49 AM >>> > > On Wednesday February 01 2006 9:41 am, David Shapiro wrote: > > Hello, > > > > I am having a problem getting my server to join our realm as a > > domain > > > member server. I have read through google, yahoo, and this list, > > but I > > > cannot find the answer yet. > > > > When I run: net join ads -Uadministrator and try to login it gives > > the > > > following error: > > > > kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot > > resolve network address for KDC in requested realm > > [2006/02/01 09:33:46, 0] ../utils/net_ads.c:ads_startup(191) > > ads_connect: Cannot resolve network address for KDC in requested > > realm > > > > The details of my setup are: > > > > aix 5.2.0.7 > > libiconv-1.9.1 > > autoconf-2.59 > > libiodbc-3.52.4 > > bison-2.0 > > m4-1.4.3 > > db-4.4.20 > > mysql-connector-odbc-3.51.12 > > krb > > samba-3.0.21a > > > > ../configure --prefix=/usr/local/samba --with-ads --with-ldap > > --with-winbind --with-acl-support --with-utmp --with-quotas > > --with-sendfile-support > > > > openldap-2.3.19 > > > > ./configure --enable-crypt --without-cyrus-sasl > > > > > > unixODBC-2.2.11 > > gcc 3.3.2 > > > > /etc/krb5.conf: > > > > [libdefaults] > > default_realm = MYREALM.COM > > default_etypes = des-cbc-crc des-cbc-md5 > > default_etypes_des = des-cbc-crc des-cbc-md5 > > ticket_lifetime = 24000 > > clockskew = 300 > > dns_lookup_realm = false > > dns_lookup_kdc = false > > > > [realms] > > MYREALM.COM = { > > kdc = myadsserver.mydomain.com > > default_domain = mydomain.com > > } > > > > [domain_realm] > > .mydomain.com = MYREALM.COM > > > > [logging] > > kdc = FILE:/var/log/kdc.log > > admin_server = FILE:/var/log/kadmin.log > > default = FILE:/var/log/krb5lib.log > > > > /etc/hosts: > > 1.2.3.4 myadsserver.mydomain.com myadsserver > > > > > > Note: Nothing goes into the logs and if I move aisde thekrb5.conf it > > still tries automatically MYREALM.COM. I put an error int he > > krb5.conf > > > file to see if it would notice, and it does warn about it, so it is > > looking in krb5.conf. > > > > > > > > > > David Shapiro > > Unix Team Lead > > 919-765-2011 > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/listinfo/samba > > In krb5.conf, try this: > > [realms] > YOURDOMAIN.COM = { >default_domain = yourdomain.com >kdc = xxx.xxx.xxx.xxx (my note - use ip address of AD server) >admin_server = xxx.xxx.xxx.xxx (my note - use ip address of AD > server) > } > > HTH. > > Dimitri > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba David, Firstly, be mindful that the list is made up of volunteers who do their best to provide answers as quickly as possible. Sometimes you may have to wait a bit longer, but I've always found these folks to be most kind and helpful. Give 'em a chance. Now, after that mild rebuke: I have little experience with AIX; my responses are based on my work with Samba on Linux. That said, I believe that you should have nsswitch.conf and resolv.conf files on the system. Are these configured correctly? Is pam.d/login configured correctly? Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ADS and samba domain member: ads_connect: Cannot resolve network address for KDC in requ
Is there no fix for thi? Nobody answers this for me or other people asking this question. I really need help with this. Is there anything I can be looking at? I would am not getting past doing a simple kinit [EMAIL PROTECTED] It gives me the Cannot resolve network address for KDC as well. Does ads not like krb5? Does it need krb4? Why doesn't kerberos provide any messages in the logs? Any suggestions on ways to figure out what is going on? I tried truss, but that does not show much other than I do see it looking in /etc/krb5.conf and /usr/local/etc/krb5.conf. I can use tcpdump, but I am not sure what to be looking for? David Shapiro Unix Team Lead 919-765-2011 David Shapiro Unix Team Lead 919-765-2011 >>> Dimitri Yioulos <[EMAIL PROTECTED]> 2/1/2006 10:15:49 AM >>> On Wednesday February 01 2006 9:41 am, David Shapiro wrote: > Hello, > > I am having a problem getting my server to join our realm as a domain > member server. I have read through google, yahoo, and this list, but I > cannot find the answer yet. > > When I run: net join ads -Uadministrator and try to login it gives the > following error: > > kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot > resolve network address for KDC in requested realm > [2006/02/01 09:33:46, 0] ../utils/net_ads.c:ads_startup(191) > ads_connect: Cannot resolve network address for KDC in requested > realm > > The details of my setup are: > > aix 5.2.0.7 > libiconv-1.9.1 > autoconf-2.59 > libiodbc-3.52.4 > bison-2.0 > m4-1.4.3 > db-4.4.20 > mysql-connector-odbc-3.51.12 > krb > samba-3.0.21a > > ../configure --prefix=/usr/local/samba --with-ads --with-ldap > --with-winbind --with-acl-support --with-utmp --with-quotas > --with-sendfile-support > > openldap-2.3.19 > > ./configure --enable-crypt --without-cyrus-sasl > > > unixODBC-2.2.11 > gcc 3.3.2 > > /etc/krb5.conf: > > [libdefaults] > default_realm = MYREALM.COM > default_etypes = des-cbc-crc des-cbc-md5 > default_etypes_des = des-cbc-crc des-cbc-md5 > ticket_lifetime = 24000 > clockskew = 300 > dns_lookup_realm = false > dns_lookup_kdc = false > > [realms] > MYREALM.COM = { > kdc = myadsserver.mydomain.com > default_domain = mydomain.com > } > > [domain_realm] > .mydomain.com = MYREALM.COM > > [logging] > kdc = FILE:/var/log/kdc.log > admin_server = FILE:/var/log/kadmin.log > default = FILE:/var/log/krb5lib.log > > /etc/hosts: > 1.2.3.4 myadsserver.mydomain.com myadsserver > > > Note: Nothing goes into the logs and if I move aisde thekrb5.conf it > still tries automatically MYREALM.COM. I put an error int he krb5.conf > file to see if it would notice, and it does warn about it, so it is > looking in krb5.conf. > > > > > David Shapiro > Unix Team Lead > 919-765-2011 > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba In krb5.conf, try this: [realms] YOURDOMAIN.COM = { default_domain = yourdomain.com kdc = xxx.xxx.xxx.xxx (my note - use ip address of AD server) admin_server = xxx.xxx.xxx.xxx (my note - use ip address of AD server) } HTH. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ADS and samba domain member: ads_connect: Cannot resolve network address for KDC in requ
I really need help with this. Is there anything I can be looking at? I would am not getting past doing a simple kinit [EMAIL PROTECTED] It gives me the Cannot resolve network address for KDC as well. Does ads not like krb5? Does it need krb4? Why doesn't kerberos provide any messages in the logs? Any suggestions on ways to figure out what is going on? I tried truss, but that does not show much other than I do see it looking in /etc/krb5.conf and /usr/local/etc/krb5.conf. I can use tcpdump, but I am not sure what to be looking for? David Shapiro Unix Team Lead 919-765-2011 >>> Dimitri Yioulos <[EMAIL PROTECTED]> 2/1/2006 10:15:49 AM >>> On Wednesday February 01 2006 9:41 am, David Shapiro wrote: > Hello, > > I am having a problem getting my server to join our realm as a domain > member server. I have read through google, yahoo, and this list, but I > cannot find the answer yet. > > When I run: net join ads -Uadministrator and try to login it gives the > following error: > > kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot > resolve network address for KDC in requested realm > [2006/02/01 09:33:46, 0] ../utils/net_ads.c:ads_startup(191) > ads_connect: Cannot resolve network address for KDC in requested > realm > > The details of my setup are: > > aix 5.2.0.7 > libiconv-1.9.1 > autoconf-2.59 > libiodbc-3.52.4 > bison-2.0 > m4-1.4.3 > db-4.4.20 > mysql-connector-odbc-3.51.12 > krb > samba-3.0.21a > > ../configure --prefix=/usr/local/samba --with-ads --with-ldap > --with-winbind --with-acl-support --with-utmp --with-quotas > --with-sendfile-support > > openldap-2.3.19 > > ./configure --enable-crypt --without-cyrus-sasl > > > unixODBC-2.2.11 > gcc 3.3.2 > > /etc/krb5.conf: > > [libdefaults] > default_realm = MYREALM.COM > default_etypes = des-cbc-crc des-cbc-md5 > default_etypes_des = des-cbc-crc des-cbc-md5 > ticket_lifetime = 24000 > clockskew = 300 > dns_lookup_realm = false > dns_lookup_kdc = false > > [realms] > MYREALM.COM = { > kdc = myadsserver.mydomain.com > default_domain = mydomain.com > } > > [domain_realm] > .mydomain.com = MYREALM.COM > > [logging] > kdc = FILE:/var/log/kdc.log > admin_server = FILE:/var/log/kadmin.log > default = FILE:/var/log/krb5lib.log > > /etc/hosts: > 1.2.3.4 myadsserver.mydomain.com myadsserver > > > Note: Nothing goes into the logs and if I move aisde thekrb5.conf it > still tries automatically MYREALM.COM. I put an error int he krb5.conf > file to see if it would notice, and it does warn about it, so it is > looking in krb5.conf. > > > > > David Shapiro > Unix Team Lead > 919-765-2011 > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba In krb5.conf, try this: [realms] YOURDOMAIN.COM = { default_domain = yourdomain.com kdc = xxx.xxx.xxx.xxx (my note - use ip address of AD server) admin_server = xxx.xxx.xxx.xxx (my note - use ip address of AD server) } HTH. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ADS and samba domain member: ads_connect: Cannot resolve network address for KDC in requ
Thanks, Unfortunately, I still got the same error. I may be wrong, but it is like it does the automatic lookup process of kdc instead of using the krb5.conf file. However, as per my note below, if I do add bad config info to the krb5.conf, it does complain. David David Shapiro Unix Team Lead 919-765-2011 >>> Dimitri Yioulos <[EMAIL PROTECTED]> 2/1/2006 10:15:49 AM >>> On Wednesday February 01 2006 9:41 am, David Shapiro wrote: > Hello, > > I am having a problem getting my server to join our realm as a domain > member server. I have read through google, yahoo, and this list, but I > cannot find the answer yet. > > When I run: net join ads -Uadministrator and try to login it gives the > following error: > > kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot > resolve network address for KDC in requested realm > [2006/02/01 09:33:46, 0] ../utils/net_ads.c:ads_startup(191) > ads_connect: Cannot resolve network address for KDC in requested > realm > > The details of my setup are: > > aix 5.2.0.7 > libiconv-1.9.1 > autoconf-2.59 > libiodbc-3.52.4 > bison-2.0 > m4-1.4.3 > db-4.4.20 > mysql-connector-odbc-3.51.12 > krb > samba-3.0.21a > > ../configure --prefix=/usr/local/samba --with-ads --with-ldap > --with-winbind --with-acl-support --with-utmp --with-quotas > --with-sendfile-support > > openldap-2.3.19 > > ./configure --enable-crypt --without-cyrus-sasl > > > unixODBC-2.2.11 > gcc 3.3.2 > > /etc/krb5.conf: > > [libdefaults] > default_realm = MYREALM.COM > default_etypes = des-cbc-crc des-cbc-md5 > default_etypes_des = des-cbc-crc des-cbc-md5 > ticket_lifetime = 24000 > clockskew = 300 > dns_lookup_realm = false > dns_lookup_kdc = false > > [realms] > MYREALM.COM = { > kdc = myadsserver.mydomain.com > default_domain = mydomain.com > } > > [domain_realm] > .mydomain.com = MYREALM.COM > > [logging] > kdc = FILE:/var/log/kdc.log > admin_server = FILE:/var/log/kadmin.log > default = FILE:/var/log/krb5lib.log > > /etc/hosts: > 1.2.3.4 myadsserver.mydomain.com myadsserver > > > Note: Nothing goes into the logs and if I move aisde thekrb5.conf it > still tries automatically MYREALM.COM. I put an error int he krb5.conf > file to see if it would notice, and it does warn about it, so it is > looking in krb5.conf. > > > > > David Shapiro > Unix Team Lead > 919-765-2011 > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba In krb5.conf, try this: [realms] YOURDOMAIN.COM = { default_domain = yourdomain.com kdc = xxx.xxx.xxx.xxx (my note - use ip address of AD server) admin_server = xxx.xxx.xxx.xxx (my note - use ip address of AD server) } HTH. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba