Unsupported content This version of the documentation is no longer supported. However, the documentation is available for your convenience.You will not be able to leave comments.

Locating Active Directory KDCs

Use this procedure to obtain the host names for Active Directory Key Distribution Centers (KDCs). You will need these host names during the configuration process.

To obtain the KDC host names

  1. From the command line, enter the following command:
    nslookup -type=srv _kerberos._tcp.REALM

    REALM is a Microsoft Windows domain name. 

  2. Look up the KDCs for each realm against which users authenticate and the realm of the Authentication Server. If multiple realms are used, such as SUB1.DEV.MYCOMPANY.COM and SUB2.DEV.MYCOMPANY.COM, look up the KDC for the parent realm (DEV.MYCOMPANY.COM) also. For example:

    nslookup -type=srv _kerberos._tcp.SUB1.DEV.MYCOMPANY.COMnslookup -type=srv _kerberos._tcp.SUB2.DEV.MYCOMPANY.COMnslookup -type=srv _kerberos._tcp.DEV.MYCOMPANY.COM
    The Active Directory KDC's host name is reported as the value of service (UNIX) or svr hostname (Windows). For example:

    service = 0 100 88 kdc.sub2.dev.mycompany.com

    Ignore the numbers before the host name.

Where to go from here

Creating-or-modifying-the-blappserv_krb5-conf-file

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*