Network address resolution problem on AIX
Claus Lund
clund at tax.state.vt.us
Thu Aug 25 08:27:47 EDT 2005
There was indeed a typo in krb5.conf file in my initial email ... but fixing
that did not make any difference.
And /etc/krb5.conf is readable by everybody.
I just did some more testing and used tcpdump to capture the traffic. Dump
#1 shows the traffic when using the original krb5.conf file. A couple of
things don't look right there (but I'm not really a network kinda' guy so
I'm no expert on DNS)...
1) It doesn't look like the DNS server ever responds with an IP address.
2) For some reason it tries to get the IP address for the kdc+the domain
name (tax106.testdomain.tax.state.vt.us.testdomain.tax.state.vt.us).
Dump #2 shows the network traffic after I changed the kdc entry in the
krb5.conf file to just read 'tax106' (no domain after the host name). That
change still doesn't fix things and I still get the "Cannot resolove network
address" error.
-Clas
DUMP #1
8 1.037399 10.0.89.178 -> 10.0.89.130 DNS Standard query AAAA
tax106.testdomain.tax.state.vt.us
9 1.037896 10.0.89.130 -> Broadcast ARP Who has 10.0.89.178? Tell
10.0.89.130
10 1.037909 tax178 -> 10.0.89.130 ARP 10.0.89.178 is at
00:02:55:76:ca:5f
11 1.038629 10.0.89.130 -> 10.0.89.178 DNS Standard query response
12 1.038886 10.0.89.178 -> 10.0.89.130 DNS Standard query AAAA
tax106.testdomain.tax.state.vt.us.testdomain.tax.state.vt.us
13 1.039184 10.0.89.130 -> 10.0.89.178 DNS Standard query response, No
such name
14 1.039835 10.0.89.178 -> 10.0.89.130 DNS Standard query AAAA
tax106.testdomain.tax.state.vt.us
15 1.040122 10.0.89.130 -> 10.0.89.178 DNS Standard query response
16 1.040256 10.0.89.178 -> 10.0.89.130 DNS Standard query AAAA
tax106.testdomain.tax.state.vt.us.testdomain.tax.state.vt.us
17 1.040554 10.0.89.130 -> 10.0.89.178 DNS Standard query response, No
such name
DUMP #2
10 1.150414 10.0.89.178 -> 10.0.89.130 DNS Standard query A
tax106.testdomain.tax.state.vt.us
11 1.150878 10.0.89.130 -> Broadcast ARP Who has 10.0.89.178? Tell
10.0.89.130
12 1.150890 tax178 -> 10.0.89.130 ARP 10.0.89.178 is at
00:02:55:76:ca:5f
13 1.151647 10.0.89.130 -> 10.0.89.178 DNS Standard query response A
10.0.89.130
14 1.152108 10.0.89.178 -> 10.0.89.130 DNS Standard query AAAA
tax106.testdomain.tax.state.vt.us
15 1.152400 10.0.89.130 -> 10.0.89.178 DNS Standard query response
16 1.152543 10.0.89.178 -> 10.0.89.130 DNS Standard query AAAA tax106
17 1.152798 10.0.89.130 -> 10.0.89.178 DNS Standard query response,
Server failure
18 1.153226 10.0.89.178 -> 10.0.89.130 DNS Standard query A
tax106.testdomain.tax.state.vt.us
19 1.153496 10.0.89.130 -> 10.0.89.178 DNS Standard query response A
10.0.89.130
20 1.153866 10.0.89.178 -> 10.0.89.130 DNS Standard query AAAA
tax106.testdomain.tax.state.vt.us
21 1.154601 10.0.89.130 -> 10.0.89.178 DNS Standard query response
22 1.154741 10.0.89.178 -> 10.0.89.130 DNS Standard query AAAA tax106
23 1.154988 10.0.89.130 -> 10.0.89.178 DNS Standard query response,
Server failure
> -----Original Message-----
> From: Kevin Coffman [mailto:kwc at citi.umich.edu]
> Sent: Wednesday, August 24, 2005 5:15 PM
> To: Claus Lund
> Cc: kerberos at mit.edu; Kevin Coffman
> Subject: Re: Network address resolution problem on AIX
>
>
> > I have struggled with this for almost two days now and I just
> can't seem to
> > get past this hurdle... Hopefully somebody out there will say:
> "Duh, you're
> > doing XYZ wrong!".
> > I keep getting a "kinit(v5): Cannot resolve network address for KDC in
> > requested realm while getting initial credentials" error when I
> run kinit.
> >
>
> > I install it and create /etc/krb5.conf:
> > [libdefaults]
> > default_realm = TESTDOMAIN.TAX.STATE.VT.US
> >
> > [realms]
> > TESTDOMAIN.TAX.STATE.VT.US = {
> > kdc = tax106.testdomain.tax.state.vt.us
> > }
> >
> > [domain_realms]
> > .testdomain.tax.state.vt.us = TESTDOMAIN.TAX.STATE.VT.US
>
> Is that a typo? The proper name for the stanza is [domain_realm] (no
> 's')
>
>
More information about the Kerberos
mailing list