I'll try to keep this short, but informative.

I'm currently unable to bind OSX lion (10.7.4) machines to our AD. OSX kerberos (heimdal) is unable to locate the KDC service.

However i can bind linux & windows machines to the AD without any problems in the same network

AD controls the domain DNS and all the relevant _kerberos._tcp.x.domain.com and _kpasswd SRV DNS records are there and resolve fine when tried from OSX machines. Defined ports are open for service and manually accessible from OSX.

When i try kinit in the OSX, i can get the first auth through (wrong passwords fail instantly), but when supplied with correct password, kinit fails after some waiting with "unable to reach KDC".

• All machines run NTP and have correct time.
• During testing, network is not firewalled between the machines
• Linux and windows machines have no problems whatsoever
• I have tried with and without /etc/krb5.conf - OSX by default does not need it
  • in the krb5.conf i used a working config from one of our linux machines.
• dsconfigad fails with simple "connection failed to the directory server"

I'm a bit baffled with this. OSX is like the KDC is nowhere to be found and at the same time my test machines with windows 7 and some linux (centos 6 & debian 6) machines have no problems whatsoever. Same network, same configurations.

I'm missing some vital piece of configuration somewhere, and i can't find out what it is.