Re: Network address resolution problem on AIX
- From: "Markus Moeller" <huaraz@xxxxxxxxxxxxxxxx>
- Date: Wed, 24 Aug 2005 21:51:15 +0100
Can you try to set the enctypes to rc4-hmac des-cbc-md5 des-cbc-md5, the
only supported ones by AD. If I remember right the err is sometimes
misleading. Can you capture the traffic on port 88 ?
Regards
Markus
""Claus Lund"" <clund@xxxxxxxxxxxxxxx> wrote in message
news:001201c5a8ea$8bd31f90$0200fea9@xxxxxxxxxxxxxxxxxxxxxxxxxxx
>I have struggled with this for almost two days now and I just can't seem to
> get past this hurdle... Hopefully somebody out there will say: "Duh,
> you're
> doing XYZ wrong!".
> I keep getting a "kinit(v5): Cannot resolve network address for KDC in
> requested realm while getting initial credentials" error when I run kinit.
>
> System:
> AIX5.2 ML6
> gcc version 3.3.2
>
> Building Kerberos:
> root@tax178:/tmp/kerberos/krb5-1.4.2/src
> # ./configure --without-krb4 --disable-athena --prefix=/usr/local
>
> I get some warnings during compilation but it seems to finish. When I run
> make test it goes through a bunch of it and then finishes with an error
> (at
> the bottom of this mail) but I think I read somewhere that there were some
> extra requirements for the final tests and failing them does not
> necessarily
> mean that there is anything wrong.
>
> I install it and create /etc/krb5.conf:
> [libdefaults]
> default_realm = TESTDOMAIN.TAX.STATE.VT.US
>
> [realms]
> TESTDOMAIN.TAX.STATE.VT.US = {
> kdc = tax106.testdomain.tax.state.vt.us
> }
>
> [domain_realms]
> .testdomain.tax.state.vt.us = TESTDOMAIN.TAX.STATE.VT.US
>
> The KDC is a Windows 2000 AD server.
> At this point I try to run kinit and get the following error:
> # kinit clund@xxxxxxxxxxxxxxxxxxxxxxxxxx
> kinit(v5): Cannot resolve network address for KDC in requested realm while
> getting initial credentials
>
> But as far as I can tell everything is alright on the DNS side. Running
> the
> resolve program seems to agree:
> root@tax178:/tmp/kerberos/krb5-1.4.2/src
> # ./tests/resolve/resolve tax106
> Hostname: tax106
> Host address: 10.0.89.130
> FQDN: tax106.testdomain.tax.state.vt.us
> Resolve library appears to have passed the test
> root@tax178:/tmp/kerberos/krb5-1.4.2/src
> # ./tests/resolve/resolve tax106.testdomain.tax.state.vt.us
> Hostname: tax106.testdomain.tax.state.vt.us
> Host address: 10.0.89.130
> FQDN: tax106.testdomain.tax.state.vt.us
> Resolve library appears to have passed the test
>
> Thanks in advance,
> Claus
>
> Part of the "make test" output:
> Running test (ATHENA.MIT.EDU) (/COM/HP/APOLLO) (,EDU,/COM,), expecting
> error
> ...
> Expected error found.
>
> Running test (ATHENA.MIT.EDU) (/COM/HP/APOLLO) (,EDU, /COM,) ...
> Got: /COM /COM/HP EDU MIT.EDU
> Exp: /COM /COM/HP EDU MIT.EDU
>
> Running test (ATHENA.MIT.EDU) (CS.CMU.EDU) (,EDU,) ...
> Got: CMU.EDU EDU MIT.EDU
> Exp: CMU.EDU EDU MIT.EDU
>
> Running test (XYZZY.ATHENA.MIT.EDU) (XYZZY.CS.CMU.EDU) (,EDU,) ...
> Got: ATHENA.MIT.EDU CMU.EDU CS.CMU.EDU EDU MIT.EDU
> Exp: ATHENA.MIT.EDU CMU.EDU CS.CMU.EDU EDU MIT.EDU
>
> Success.
> Target "check" is up to date.
> making check in lib/krb5/os...
> gcc -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\
> " -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DHAVE_BT_RSEQ=1 -DKRB5_PRI
> VATE=1 -DKRB5_DEPRECATED=1 -DKRB5_DNS_LOOKUP_KDC=1 -DKRB5_DNS_LOOKUP=1 -DHAV
> E_RES_SEARCH=1 -DHAVE_NS_INITPARSE=1 -DHAVE_NS_NAME_UNCOMPRESS=1 -DHAVE_DN_S
> KIPNAME=1 -DDELAY_INITIALIZER=1 -DCONSTRUCTOR_ATTR_WORKS=1 -DDESTRUCTOR_ATTR
> _WORKS=1 -DUSE_LINKER_FINI_OPTION=1 -DENABLE_THREADS=1 -DHAVE_PTHREAD=1 -DHA
> VE_PTHREAD_ONCE=1 -DHAVE_PTHREAD_RWLOCK_INIT=1 -DHAVE_PTHREAD_RWLOCK_INIT_IN
> _THREAD_LIB=1 -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHA
> VE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_
> INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_REGCOMP=1 -DHAVE_RE_
> COMP=1 -DHAVE_RE_EXEC=1 -DHAVE_REGEXEC=1 -DPOSIX_SIGTYPE=1 -Dkrb5_sigtype=vo
> id -DPOSIX_SIGNALS=1 -DHAVE_SA_LEN=1 -DGETPEERNAME_ARG2_TYPE=GETSOCKNAME_ARG
> 2_TYPE -DGETPEERNAME_ARG3_TYPE=GETSOCKNAME_ARG3_TYPE -DGETSOCKNAME_ARG2_TYPE
> =struct\
> sockaddr -DGETSOCKNAME_ARG3_TYPE=size_t -I../../../include -I./../../../in
> clude -I../../../include/krb5 -I./../../../include/krb5 -g -O2 -Wall -Wm
> issing-prototypes -Wcast-qual -Wcast-align -Wconversion -Wshadow -pedantic
> -D_THREAD_SAFE -c t_std_conf.c
> gcc -L../../../lib -Wl,-blibpath:/usr/local/lib::/usr/lib:/lib -g -O
> 2 -Wall -Wmissing-prototypes -Wcast-qual -Wcast-align -Wconversion -Wshadow
> -pedantic -D_THREAD_SAFE -o t_std_conf t_std_conf.o def_realm.o
> get_krbhst.o realm_dom.o hst_realm.o init_os_ctx.o locate_kdc.o
> nsglue.o -lkrb5 -lk5crypto -lcom_err -lkrb5support -lpthreads
> gcc -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\
> " -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DHAVE_BT_RSEQ=1 -DKRB5_PRI
> VATE=1 -DKRB5_DEPRECATED=1 -DKRB5_DNS_LOOKUP_KDC=1 -DKRB5_DNS_LOOKUP=1 -DHAV
> E_RES_SEARCH=1 -DHAVE_NS_INITPARSE=1 -DHAVE_NS_NAME_UNCOMPRESS=1 -DHAVE_DN_S
> KIPNAME=1 -DDELAY_INITIALIZER=1 -DCONSTRUCTOR_ATTR_WORKS=1 -DDESTRUCTOR_ATTR
> _WORKS=1 -DUSE_LINKER_FINI_OPTION=1 -DENABLE_THREADS=1 -DHAVE_PTHREAD=1 -DHA
> VE_PTHREAD_ONCE=1 -DHAVE_PTHREAD_RWLOCK_INIT=1 -DHAVE_PTHREAD_RWLOCK_INIT_IN
> _THREAD_LIB=1 -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHA
> VE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_
> INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_REGCOMP=1 -DHAVE_RE_
> COMP=1 -DHAVE_RE_EXEC=1 -DHAVE_REGEXEC=1 -DPOSIX_SIGTYPE=1 -Dkrb5_sigtype=vo
> id -DPOSIX_SIGNALS=1 -DHAVE_SA_LEN=1 -DGETPEERNAME_ARG2_TYPE=GETSOCKNAME_ARG
> 2_TYPE -DGETPEERNAME_ARG3_TYPE=GETSOCKNAME_ARG3_TYPE -DGETSOCKNAME_ARG2_TYPE
> =struct\
> sockaddr -DGETSOCKNAME_ARG3_TYPE=size_t -I../../../include -I./../../../in
> clude -I../../../include/krb5 -I./../../../include/krb5 -g -O2 -Wall -Wm
> issing-prototypes -Wcast-qual -Wcast-align -Wconversion -Wshadow -pedantic
> -D_THREAD_SAFE -c t_an_to_ln.c
> t_an_to_ln.c: In function `main':
> t_an_to_ln.c:8: warning: `kret' might be used uninitialized in this
> function
> gcc -L../../../lib -Wl,-blibpath:/usr/local/lib::/usr/lib:/lib -g -O
> 2 -Wall -Wmissing-prototypes -Wcast-qual -Wcast-align -Wconversion -Wshadow
> -pedantic -D_THREAD_SAFE -o t_an_to_ln t_an_to_ln.o
> an_to_ln.o -lkrb5 -lk5crypto -lcom_err -lkrb5support -lpthreads
> gcc -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\
> " -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DHAVE_BT_RSEQ=1 -DKRB5_PRI
> VATE=1 -DKRB5_DEPRECATED=1 -DKRB5_DNS_LOOKUP_KDC=1 -DKRB5_DNS_LOOKUP=1 -DHAV
> E_RES_SEARCH=1 -DHAVE_NS_INITPARSE=1 -DHAVE_NS_NAME_UNCOMPRESS=1 -DHAVE_DN_S
> KIPNAME=1 -DDELAY_INITIALIZER=1 -DCONSTRUCTOR_ATTR_WORKS=1 -DDESTRUCTOR_ATTR
> _WORKS=1 -DUSE_LINKER_FINI_OPTION=1 -DENABLE_THREADS=1 -DHAVE_PTHREAD=1 -DHA
> VE_PTHREAD_ONCE=1 -DHAVE_PTHREAD_RWLOCK_INIT=1 -DHAVE_PTHREAD_RWLOCK_INIT_IN
> _THREAD_LIB=1 -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHA
> VE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_
> INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_REGCOMP=1 -DHAVE_RE_
> COMP=1 -DHAVE_RE_EXEC=1 -DHAVE_REGEXEC=1 -DPOSIX_SIGTYPE=1 -Dkrb5_sigtype=vo
> id -DPOSIX_SIGNALS=1 -DHAVE_SA_LEN=1 -DGETPEERNAME_ARG2_TYPE=GETSOCKNAME_ARG
> 2_TYPE -DGETPEERNAME_ARG3_TYPE=GETSOCKNAME_ARG3_TYPE -DGETSOCKNAME_ARG2_TYPE
> =struct\
> sockaddr -DGETSOCKNAME_ARG3_TYPE=size_t -I../../../include -I./../../../in
> clude -I../../../include/krb5 -I./../../../include/krb5 -g -O2 -Wall -Wm
> issing-prototypes -Wcast-qual -Wcast-align -Wconversion -Wshadow -pedantic
> -D_THREAD_SAFE -c t_locate_kdc.c
> t_locate_kdc.c:21: warning: no previous prototype for `kfatal'
> t_locate_kdc.c:27: warning: no previous prototype for `stypename'
> t_locate_kdc.c:43: warning: no previous prototype for `print_addrs'
> gcc -L../../../lib -Wl,-blibpath:/usr/local/lib::/usr/lib:/lib -g -O
> 2 -Wall -Wmissing-prototypes -Wcast-qual -Wcast-align -Wconversion -Wshadow
> -pedantic -D_THREAD_SAFE -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPAC
> KAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DHAVE_BT_R
> SEQ=1 -DKRB5_PRIVATE=1 -DKRB5_DEPRECATED=1 -DKRB5_DNS_LOOKUP_KDC=1 -DKRB5_DN
> S_LOOKUP=1 -DHAVE_RES_SEARCH=1 -DHAVE_NS_INITPARSE=1 -DHAVE_NS_NAME_UNCOMPRE
> SS=1 -DHAVE_DN_SKIPNAME=1 -DDELAY_INITIALIZER=1 -DCONSTRUCTOR_ATTR_WORKS=1
> -
> DDESTRUCTOR_ATTR_WORKS=1 -DUSE_LINKER_FINI_OPTION=1 -DENABLE_THREADS=1 -DHAV
> E_PTHREAD=1 -DHAVE_PTHREAD_ONCE=1 -DHAVE_PTHREAD_RWLOCK_INIT=1 -DHAVE_PTHREA
> D_RWLOCK_INIT_IN_THREAD_LIB=1 -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_S
> YS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STR
> INGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_REGC
> OMP=1 -DHAVE_RE_COMP=1 -DHAVE_RE_EXEC=1 -DHAVE_REGEXEC=1 -DPOSIX_SIGTYPE=1
> -
> Dkrb5_sigtype=void -DPOSIX_SIGNALS=1 -DHAVE_SA_LEN=1 -DGETPEERNAME_ARG2_TYPE
> =GETSOCKNAME_ARG2_TYPE -DGETPEERNAME_ARG3_TYPE=GETSOCKNAME_ARG3_TYPE -DGETSO
> CKNAME_ARG2_TYPE=struct\
> ckaddr -DGETSOCKNAME_ARG3_TYPE=size_t -I../../../include -I./../../../incl
> ude -I../../../include/krb5 -I./../../../include/krb5 -g -O2 -Wall -Wmis
> sing-prototypes -Wcast-qual -Wcast-align -Wconversion -Wshadow -pedantic
> -D
> _THREAD_SAFE -o t_locate_kdc
> t_locate_kdc.o -lkrb5 -lk5crypto -lcom_err -lkrb5support -lpthreads
> KRB5_CONFIG=./td_krb5.conf ; export KRB5_CONFIG ;
> LIBPATH=`echo -L../../../lib | sed -e "s/-L//g" -e "s/
> /:/g"`:/usr/local/lib:/usr/lib:/usr/local/lib; export LIBPATH;
> ./t_std_conf -d -s NEW.DEFAULT.REALM -d -k IGGY.ORG -k
> EFAULT_REALM.TST -D DEFAULT_REALM.TST -r bad.idea -r itar.bad.idea -r
> really.BAD.IDEA. -r clipper.bad.idea -r KeYEsCrOW.BaD.IDea -r
> pgp.good.idea -r no_domain > test.out
> cmp test.out ./ref_std_conf.out
> rm -f test.out
> KRB5_CONFIG=./td_krb5.conf ; export KRB5_CONFIG ;
> LIBPATH=`echo -L../../../lib | sed -e "s/-L//g" -e "s/
> /:/g"`:/usr/local/lib:/usr/lib:/usr/local/lib; export LIBPATH;
> ./t_locate_kdc ATHENA.MIT.EDU
> looking in krb5.conf for realm ATHENA.MIT.EDU entry kdc; ports 88,750
> config file lookup failed: Profile relation not found
> walking answer list:
> port=88 host=KERBEROS.MIT.EDU.
> adding hostname KERBEROS.MIT.EDU., ports 88,0, family 0, socktype 2
> getaddrinfo("KERBEROS.MIT.EDU.", "88", ...)
> returns 8: Hostname and service name not provided or found
> port=88 host=KERBEROS-1.MIT.EDU.
> adding hostname KERBEROS-1.MIT.EDU., ports 88,0, family 0, socktype 2
> getaddrinfo("KERBEROS-1.MIT.EDU.", "88", ...)
> returns 8: Hostname and service name not provided or found
> port=88 host=KERBEROS-2.MIT.EDU.
> adding hostname KERBEROS-2.MIT.EDU., ports 88,0, family 0, socktype 2
> getaddrinfo("KERBEROS-2.MIT.EDU.", "88", ...)
> returns 8: Hostname and service name not provided or found
> [end]
> krb5int_locate_server found 0 addresses
> t_locate_kdc: Cannot resolve network address for KDC in requested realm -
> exiting
> make: 1254-004 The error code from the last command is 1.
>
>
> Stop.
> make: 1254-004 The error code from the last command is 1.
>
>
> Stop.
> make: 1254-004 The error code from the last command is 1.
>
>
> Stop.
> make: 1254-004 The error code from the last command is 1.
>
> ____________________________________________
> Claus Lund
> Systems Developer
>
> Department of Taxes
> Information Systems
> 109 State Street
> Montpelier, Vermont 05609
> (802) 828-3735
>
> ________________________________________________
> Kerberos mailing list Kerberos@xxxxxxx
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
.
- References:
- Network address resolution problem on AIX
- From: "Claus Lund"
- Network address resolution problem on AIX
- Prev by Date: Re: Network address resolution problem on AIX
- Next by Date: Re: Network address resolution problem on AIX
- Previous by thread: Re: Network address resolution problem on AIX
- Next by thread: Re: Network address resolution problem on AIX
- Index(es):
Relevant Pages
|
Loading
