Thanks a lot for some pointers & suggestions, guys. I finally get it to work. The problem was that I enter incorrect ip of my domain controller, doh!!!


"Douglas E. Engert" wrote:

Will Fiveash wrote:
> On Tue, Nov 07, 2006 at 05:14:20PM -0800, Chris cc wrote:
>>I use sol 10 + latest patches. I have followed your suggestions and I'm still in the dark. I'm also not able to ping KDC as you ask. At this point, I have no ideas where else to troubleshoot. Any helps are really appreciated.

> I can only help so much (very busy). You need to determine why the ping
> isn't working first. I assume the network is configured on your Solaris
> box. Is the KDC/AD up? Are you sure of the KDC hostname? Are you sure
> the IP address returned by nslookup for the KDC is correct? Is your
> network routing properly configured? Have you tried traceroute? Are
> other systems able to ping the KDC? If so, then this points to a
> network issue with the Solaris system. If not, then look elsewhere.


Have you talked to your AD administrators?

What is the Active Directory Domain Name?
(You have obfuscated the names in you e-mail that makes it harder to spot
the problems.)

See if they have updated DNS with the service records that point at the KDCs.
On Solaris 10: /usr/sbin/nslookup
On Windows in a cmd window: nslookup:
set type=ANY

These should show the service records with priority, weight, 88 for the port and
the hostname of the KDC/AD. The information could also be added
to the krb5.conf file if needed. But check if they updated DNS as they should have.

P.S. Why would you want to use telnet? In you example of using telnet,
you would be sending your password over the net in clear text. Why not ssh?

> In regards to the kerberos config on Solaris make sure you read the
> Solaris 10 Security Administration guide at very carefully.


Douglas E. Engert
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444

Everyone is raving about the all-new Yahoo! Mail.
Kerberos mailing list