krb5 + nscd + SRV records

[Jack Neely]

On Tue, Jun 30, 2009 at 10:23:39PM +0000, "Jóhann B. Guðmundsson" wrote:
> On 06/30/2009 09:13 PM, Jack Neely wrote:
>> kinit(v5): Cannot resolve network address for KDS in realm
>>    
>
> 3 things on the top of me rusty head..
>
> First broken dns setup make sure you can just test it with usual lookups  
> procedures...

I can pull the srv records with dig using an any request.  The results
from the f11 box are exactly the same as my RHEL 5 machine right beside
it.

>
> Second Different domains for KDC and LDAP client
>

I'm not using an Active Directory.  User information comes from LDAP
using posixAccount schema.  So I don't see how this comes into play.

> Try mapping the FQDN ldap domain name with the kdc domain name in  
> etc/krb5.conf.
>
> [domain_realm]
> .fqdn.forldap.nscu.edu =eos.nscu.edu
>
> Thirdly try adding “single-request” to the options in /etc/resolv.conf  
> #Just some recently made changes I keep in the back of my head
>
> +Boost up the loglevel in ncsd and see if it spits out something useful..

I see it pruning the actual host names of the krb servers.  This agrees
with my stracing...kinit is finding the KDCs in both cases.  Its just
not happy with nscd.

Jack
-- 
Jack Neely <jjneely at ncsu.edu>
Linux Czar, OIT Campus Linux Services
Office of Information Technology, NC State University
GPG Fingerprint: 1917 5AC1 E828 9337 7AA4  EA6B 213B 765F 3B6A 5B89