HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

_kerberos._tcp nslookup of KDC fails on HP-UX

 
Craig Johnson_1
Regular Advisor

_kerberos._tcp nslookup of KDC fails on HP-UX

It works fine on Linux and Windows. Why not on HP? (domain removed to protect the innocent)

# nslookup -type=SRV _kerberos._tcp.[domain]

Using /etc/hosts on: a300sud0

looking up FILES
Trying DNS
_kerberos._tcp.[domain] priority = 0, weight = 100, port= 88
host = a300sm53.[domain]
_kerberos._tcp.[domain](form error.)
*** a300sm52.[domain] can't find _kerberos._tcp.[domain]: Non-existent domain
6 REPLIES
Craig Johnson_1
Regular Advisor

Re: _kerberos._tcp nslookup of KDC fails on HP-UX

HP-UX 11.11, 11.23, no difference, same result.
Steven E. Protter
Exalted Contributor

Re: _kerberos._tcp nslookup of KDC fails on HP-UX

Shalom,

You should be able to get this to work with the following entry in /etc/hosts

IP_address _kerberos_tcp.[domain] _kerberso_tcp

Try ping after setting this up.

If you don't like using /etc/hosts then you need to support this lookup with a dns entry.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Craig Johnson_1
Regular Advisor

Re: _kerberos._tcp nslookup of KDC fails on HP-UX

DNS and the way it is responding to HP-UX's call is the problem. As noted, the exact same command works fine on both Linux and Windows while talking to DNS.
Craig Johnson_1
Regular Advisor

Re: _kerberos._tcp nslookup of KDC fails on HP-UX

This is part of Microsoft's extensions to bind so that Kerberos enabled Active Directory Domain Controllers can be discovered by a simple nslookup.
Steven E. Protter
Exalted Contributor

Re: _kerberos._tcp nslookup of KDC fails on HP-UX

I disagree with your assessment.

This is a host lookup issue most likely.

You can however see about updated software for this at http://software.hp.com

That might work.

HP-UX is not configured out of the box to do kerberos. Some configuration (assembly) is required. I'd look at /etc/nsswitch.conf

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Craig Johnson_1
Regular Advisor

Re: _kerberos._tcp nslookup of KDC fails on HP-UX

Why is it a host lookup error when I'm specifying "-type=SRV" (and also note the underscores in the name I'm passing).

This is what it SHOULD look like:

$ nslookup -type=SRV _kerberos._tcp.[domain]
;; Truncated, retrying in TCP mode.
Server: 10.20.14.205
Address: 10.20.14.205#53

_kerberos._tcp.ag.na.jci.com service = 0 100 88 a212sm51.[domain].
_kerberos._tcp.ag.na.jci.com service = 0 100 88 a1301m900.[domain].
_kerberos._tcp.ag.na.jci.com service = 0 100 88 a0345m900.[domain]. _kerberos._tcp.ag.na.jci.com service = 0 100 88 a534m900.[domain].


There should be no error returned at the end.