Network address resolution problem on AIX

Kevin Coffman kwc at citi.umich.edu
Thu Aug 25 17:12:03 EDT 2005 

krb5.conf should have the fully-qualified host names for your KDCs.  
You  must have correct forward- and reverse-DNS lookups for that 
machine.

Perhaps a problem with your /etc/hosts file?


> There was indeed a typo in krb5.conf file in my initial email ... but
> fixing that did not make any difference.
> And /etc/krb5.conf is readable by everybody.
> 
> I just did some more testing and used tcpdump to capture the traffic. Dump
> #1 shows the traffic when using the original krb5.conf file. A couple of
> things don't look right there (but I'm not really a network kinda' guy so
> I'm no expert on DNS)...
> 1) It doesn't look like the DNS server ever responds with an IP address.
> 2) For some reason it tries to get the IP address for the kdc+the domain
> name (tax106.testdomain.tax.state.vt.us.testdomain.tax.state.vt.us).
> 
> Dump #2 shows the network traffic after I changed the kdc entry in the
> krb5.conf file to just read 'tax106' (no domain after the host name). That
> change still doesn't fix things and I still get the "Cannot resolove network
> address" error.
> 
> -Clas
> 
> DUMP #1
>   8   1.037399  10.0.89.178 -> 10.0.89.130  DNS Standard query AAAA
> tax106.testdomain.tax.state.vt.us
>   9   1.037896  10.0.89.130 -> Broadcast    ARP Who has 10.0.89.178?  Tell
> 10.0.89.130
>  10   1.037909       tax178 -> 10.0.89.130  ARP 10.0.89.178 is at
> 00:02:55:76:ca:5f
>  11   1.038629  10.0.89.130 -> 10.0.89.178  DNS Standard query response
>  12   1.038886  10.0.89.178 -> 10.0.89.130  DNS Standard query AAAA
> tax106.testdomain.tax.state.vt.us.testdomain.tax.state.vt.us
>  13   1.039184  10.0.89.130 -> 10.0.89.178  DNS Standard query response, No
> such name
>  14   1.039835  10.0.89.178 -> 10.0.89.130  DNS Standard query AAAA
> tax106.testdomain.tax.state.vt.us
>  15   1.040122  10.0.89.130 -> 10.0.89.178  DNS Standard query response
>  16   1.040256  10.0.89.178 -> 10.0.89.130  DNS Standard query AAAA
> tax106.testdomain.tax.state.vt.us.testdomain.tax.state.vt.us
>  17   1.040554  10.0.89.130 -> 10.0.89.178  DNS Standard query response, No
> such name
> 
> 
> DUMP #2
>  10   1.150414  10.0.89.178 -> 10.0.89.130  DNS Standard query A
> tax106.testdomain.tax.state.vt.us
>  11   1.150878  10.0.89.130 -> Broadcast    ARP Who has 10.0.89.178?  Tell
> 10.0.89.130
>  12   1.150890       tax178 -> 10.0.89.130  ARP 10.0.89.178 is at
> 00:02:55:76:ca:5f
>  13   1.151647  10.0.89.130 -> 10.0.89.178  DNS Standard query response A
> 10.0.89.130
>  14   1.152108  10.0.89.178 -> 10.0.89.130  DNS Standard query AAAA
> tax106.testdomain.tax.state.vt.us
>  15   1.152400  10.0.89.130 -> 10.0.89.178  DNS Standard query response
>  16   1.152543  10.0.89.178 -> 10.0.89.130  DNS Standard query AAAA tax106
>  17   1.152798  10.0.89.130 -> 10.0.89.178  DNS Standard query response,
> Server failure
>  18   1.153226  10.0.89.178 -> 10.0.89.130  DNS Standard query A
> tax106.testdomain.tax.state.vt.us
>  19   1.153496  10.0.89.130 -> 10.0.89.178  DNS Standard query response A
> 10.0.89.130
>  20   1.153866  10.0.89.178 -> 10.0.89.130  DNS Standard query AAAA
> tax106.testdomain.tax.state.vt.us
>  21   1.154601  10.0.89.130 -> 10.0.89.178  DNS Standard query response
>  22   1.154741  10.0.89.178 -> 10.0.89.130  DNS Standard query AAAA tax106
>  23   1.154988  10.0.89.130 -> 10.0.89.178  DNS Standard query response,
> Server failure
> 
> > -----Original Message-----
> > From: Kevin Coffman [mailto:kwc at citi.umich.edu]
> > Sent: Wednesday, August 24, 2005 5:15 PM
> > To: Claus Lund
> > Cc: kerberos at mit.edu; Kevin Coffman
> > Subject: Re: Network address resolution problem on AIX
> >
> >
> > > I have struggled with this for almost two days now and I just
> > can't seem to
> > > get past this hurdle... Hopefully somebody out there will say:
> > "Duh, you're
> > > doing XYZ wrong!".
> > > I keep getting a "kinit(v5): Cannot resolve network address for KDC in
> > > requested realm while getting initial credentials" error when I
> > run kinit.
> > >
> >
> > > I install it and create /etc/krb5.conf:
> > > [libdefaults]
> > >         default_realm = TESTDOMAIN.TAX.STATE.VT.US
> > >
> > > [realms]
> > >         TESTDOMAIN.TAX.STATE.VT.US = {
> > >                 kdc = tax106.testdomain.tax.state.vt.us
> > >         }
> > >
> > > [domain_realms]
> > >         .testdomain.tax.state.vt.us = TESTDOMAIN.TAX.STATE.VT.US
> >
> > Is that a typo?  The proper name for the stanza is [domain_realm] (no
> > 's')
> >
> >
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos

More information about the Kerberos mailing list