On Wed, Aug 24, 2011 at 9:40 AM, Alain Péan
<[log in to unmask]> wrote:
> Le 24/08/2011 14:04, Nico Kadel-Garcia a écrit :
>>
>> I'm quite aware that it's possible to authenticate local users against
>> the Kerberos services of Active Directory, but seek a way to detect
>> what the actual local KDC is in an environment that does not seem to
>> publish the relevant SRV records for its Active Directory servers.
>> Does anyone know a graceful way to deduce this, without running a
>> full-blown nmap across the local network or trying to bother the
>> Active Directory admins to reveal their secrets?
>
> It is strange that the DNS servers does not display the Active Directory
> domain servers IP. It is the default behaviour. Active Directory relies on
> DNS.
>
> Are you sure your Linux machine is actually using the Active Directory
> windows DNS servers in resolv.conf ? It should, for AD authentication to
> work.
>
> In this case, you should retrieve the domain servers IP (same as KDC), by
> typing :
> # dig AD-domain.example.com.

dig _ldap._tcp.dc._msdcs.<AD> SRV
dig _kerberos.<AD> TXT