Question

AD Binding

Forum|Forum|8 years ago
July 26, 2017
5 replies
34 views

+5

Caist
Contributor

Hey All. Need some major help here.

Trying to bind my new iMac running 10.12.6 to our domain.edu

Binding through GUI and terminal using dsconfidad I get the error: "Authentication server could not be contacted. (5200)"

When I run "kinit user@domain.edu" I get the error "kinit: krb5_get_init_creds: unable to reach any KDC in realm DOMAIN.edu, tried 1 KDC"

I am at a complete loss here. DNS entries are correct and we can attach Windows machines with no issues.

Has anyone seen this or can give me any insight?

Thanks!

+24

mm2270
Legendary Contributor
Forum|Forum|8 years ago
July 26, 2017

Is the time being synced with an internal time server, or with whatever your DCs are syncing with? If the time is off by too much from the time the domain server knows about, binding will fail. Though the error you're getting sounds as though it can't actually reach the server to join the domain. Still, I would check on the time on the device.

Like

C

+5

Caist
Author
Contributor
Forum|Forum|8 years ago
July 26, 2017

time is good. one of first things i checked.

on a hunch, i tried to join another machine i have on the network running 10.11 to the domain and it give the same error.

Like

T

+15

thoule
Contributor
Forum|Forum|8 years ago
July 26, 2017

What's your /etc/krb5.conf file look like? If it's invalid, you wont bind. If you have one, try to remove it and reboot, then bind. A bad krb5.conf file will prevent binding.