Posted on 07-26-2017 08:13 AM
Hey All. Need some major help here.
Trying to bind my new iMac running 10.12.6 to our domain.edu
Binding through GUI and terminal using dsconfidad I get the error: "Authentication server could not be contacted. (5200)"
When I run "kinit firstname.lastname@example.org" I get the error "kinit: krb5_get_init_creds: unable to reach any KDC in realm DOMAIN.edu, tried 1 KDC"
I am at a complete loss here. DNS entries are correct and we can attach Windows machines with no issues.
Has anyone seen this or can give me any insight?
Posted on 07-26-2017 08:49 AM
Is the time being synced with an internal time server, or with whatever your DCs are syncing with? If the time is off by too much from the time the domain server knows about, binding will fail. Though the error you're getting sounds as though it can't actually reach the server to join the domain. Still, I would check on the time on the device.
Posted on 07-26-2017 09:07 AM
time is good. one of first things i checked.
on a hunch, i tried to join another machine i have on the network running 10.11 to the domain and it give the same error.
Posted on 07-26-2017 09:16 AM
What's your /etc/krb5.conf file look like? If it's invalid, you wont bind. If you have one, try to remove it and reboot, then bind. A bad krb5.conf file will prevent binding.
Posted on 07-26-2017 09:20 AM
um, there is no krb5.conf file in etc... only thing i am seeing is krb5.keytab
this is a fresh os install too.
Posted on 07-26-2017 09:22 AM
There's one only if you put it there so that's not the issue then. If this is a fresh OS, then I'd suspect firewall or, much more likely, DNS issue.