Help with replication
Ken Hornstein
kenh at cmf.nrl.navy.mil
Mon Jul 18 00:03:08 EDT 2022
>Thanks Greg. I should have remembered that. It exposed the fact
>that the kiprop/ principal for the host was missing. I created the
>principal and added it to /etc/krb5.keytab. This moved the error, but
>I am still getting failures to replicate. Here is the debug log:
Did you, in fact, create that principal? I ask because the error you
are getting is:
>[27738] 1658108981.225629: Received error from KDC: -1765328377/Server not found in Kerberos database
Which suggests you did not (although it wasn't from the primary KDC, which
suggests that maybe whatever KDC you used didn't have it replicated yet).
The KDC logs should explain what went wrong.
As a side note: I ran into an issue on CentOS 7 where systemd would
start up kpropd before DNS resolution was working, so on reboot kpropd
wouldn't work because it couldn't canonicalize it's local hostname. My
solution was to write a special systemd service which would act as a
provider for nss-lookup.target (because nothing on CentOS 7 actually
provides that functionality). I'm not saying that's your issue, but
something worth noting.
--Ken
More information about the Kerberos
mailing list