Active directory Kerberos OSX problems
- by Temotodochi
I'll try to keep this short, but informative.
I'm currently unable to bind OSX lion (10.7.4) machines to our AD.
OSX kerberos (heimdal) is unable to locate the KDC service.
However i can bind linux & windows machines to the AD without any problems
in the same network
AD controls the domain DNS and all the relevant _kerberos._tcp.x.domain.com and _kpasswd
SRV DNS records are there and resolve fine when tried from OSX machines. Defined ports are open for service and manually accessible from OSX.
When i try kinit in the OSX, i can get the first auth through (wrong passwords fail instantly), but when supplied with correct password, kinit fails after some waiting with
"unable to reach KDC".
All machines run NTP and have correct time.
During testing, network is not firewalled between the machines
Linux and windows machines have no problems whatsoever
I have tried with and without /etc/krb5.conf - OSX by default does not need it
in the krb5.conf i used a working config from one of our linux machines.
dsconfigad fails with simple "connection failed to the directory server"
I'm a bit baffled with this. OSX is like the KDC is nowhere to be found and at the same time my test machines with windows 7 and some linux (centos 6 & debian 6) machines have no problems whatsoever. Same network, same configurations.
I'm missing some vital piece of configuration somewhere, and i can't find out what it is.