Help

AD Binding

Caist
New Contributor

Posted on ‎07-26-2017 08:13 AM

Hey All. Need some major help here.

Trying to bind my new iMac running 10.12.6 to our domain.edu

Binding through GUI and terminal using dsconfidad I get the error: "Authentication server could not be contacted. (5200)"

When I run "kinit user@domain.edu" I get the error "kinit: krb5_get_init_creds: unable to reach any KDC in realm DOMAIN.edu, tried 1 KDC"

I am at a complete loss here. DNS entries are correct and we can attach Windows machines with no issues.

Has anyone seen this or can give me any insight?

Thanks!

0 Kudos
Reply
5 REPLIES 5

mm2270
Legendary Contributor III

Posted on ‎07-26-2017 08:49 AM

Is the time being synced with an internal time server, or with whatever your DCs are syncing with? If the time is off by too much from the time the domain server knows about, binding will fail. Though the error you're getting sounds as though it can't actually reach the server to join the domain. Still, I would check on the time on the device.

0 Kudos
Reply

Caist
New Contributor

Posted on ‎07-26-2017 09:07 AM

time is good. one of first things i checked.

on a hunch, i tried to join another machine i have on the network running 10.11 to the domain and it give the same error.

0 Kudos
Reply

thoule
Valued Contributor II

Posted on ‎07-26-2017 09:16 AM

What's your /etc/krb5.conf file look like? If it's invalid, you wont bind. If you have one, try to remove it and reboot, then bind. A bad krb5.conf file will prevent binding.

0 Kudos
Reply

Caist
New Contributor

Posted on ‎07-26-2017 09:20 AM

um, there is no krb5.conf file in etc... only thing i am seeing is krb5.keytab

this is a fresh os install too.

0 Kudos
Reply

thoule
Valued Contributor II

Posted on ‎07-26-2017 09:22 AM

There's one only if you put it there so that's not the issue then. If this is a fresh OS, then I'd suspect firewall or, much more likely, DNS issue.

0 Kudos
Reply