AD Binding

Caist
New Contributor

Hey All. Need some major help here.

Trying to bind my new iMac running 10.12.6 to our domain.edu

Binding through GUI and terminal using dsconfidad I get the error: "Authentication server could not be contacted. (5200)"

When I run "kinit user@domain.edu" I get the error "kinit: krb5_get_init_creds: unable to reach any KDC in realm DOMAIN.edu, tried 1 KDC"

I am at a complete loss here. DNS entries are correct and we can attach Windows machines with no issues.

Has anyone seen this or can give me any insight?

Thanks!

5 REPLIES 5

mm2270
Legendary Contributor II

Is the time being synced with an internal time server, or with whatever your DCs are syncing with? If the time is off by too much from the time the domain server knows about, binding will fail. Though the error you're getting sounds as though it can't actually reach the server to join the domain. Still, I would check on the time on the device.

Caist
New Contributor

time is good. one of first things i checked.

on a hunch, i tried to join another machine i have on the network running 10.11 to the domain and it give the same error.

thoule
Valued Contributor II

What's your /etc/krb5.conf file look like? If it's invalid, you wont bind. If you have one, try to remove it and reboot, then bind. A bad krb5.conf file will prevent binding.

Caist
New Contributor

um, there is no krb5.conf file in etc... only thing i am seeing is krb5.keytab

this is a fresh os install too.

thoule
Valued Contributor II

There's one only if you put it there so that's not the issue then. If this is a fresh OS, then I'd suspect firewall or, much more likely, DNS issue.