mit kerberosv5 1.2.7 - kadmin wont connect - please help

Vladimir Terziev vladimir.terziev at sun-fish.com
Tue Apr 1 04:31:41 EST 2003 

  Where is placed your kdc.conf file ? It's place (according to your --prefix) should be in /opt/k5/var/krb5kdc directory.

	Vladimir

On Tue, 1 Apr 2003 09:54:06 +0200
"Christian" <cgregoir99 at yahoo.com> wrote:

> ""Yan"" <ymercier at mxtest.homedns.org> wrote in message
> news:009401c2f7b1$ed0adf60$cb003c0a at Domain3.McAfeeb2b.com...
> > Heres the messages I exchanged with Srini
> > from the newsgroup, the problem remains unsolved
> > looking forward for more help
> >
> > Yan
> >
> >
> >  Hi group,
> >      I compiled it from source on Solaris8.
> >  I followed the installation guide, created an admin
> >  principal, an ACL, filled krb5.conf and kdc.conf.
> >  The installation as /opt/k5 for --prefix so I created
> >  /opt/k5/etc and /opt/k5/var manually to put my config
> >  files.
> >
> >  When starting krb5kdc this port appears :
> >  -begin-------------------------------------------------------
> >  UDP: IPv4
> >  192.168.0.8.88                              Idle
> >  -end-------------------------------------------------------
> >
> >  and the ports for kadmind :
> >  -begin-------------------------------------------------------
> >  UDP: IPv4
> >        *.464                                 Idle
> >  TCP: IPv4
> >        *.749                *.*                0      0 24576      0
> LISTEN
> >  -end-------------------------------------------------------
> >
> >  So I assume my servers are up and running, the procs
> >  are in ps -ef output as well.
> >
> >  kadmin.local works here is the getprincs output:
> >  -begin-------------------------------------------------------
> >  kadmin.local:  getprincs
> >  K/M at NEOTOKYO.COM
> >  kadmin/admin at NEOTOKYO.COM
> >  kadmin/changepw at NEOTOKYO.COM
> >  kadmin/history at NEOTOKYO.COM
> >  krbtgt/NEOTOKYO.COM at NEOTOKYO.COM
> >  yan/admin at NEOTOKYO.COM
> >  -end-------------------------------------------------------
> >
> >  I found while googling that someone has had this problem
> >  before, and he was told to make sure that its host file was
> >  configured to have the FQDN of the machine appearing first
> >  in the host file for that IP. It didnt solved my problem.
> >
> >  Heres the problem :
> >  -begin-------------------------------------------------------
> >  sun2# kadmin -p yan/admin at NEOTOKYO.COM
> >  Authenticating as principal yan/admin at NEOTOKYO.COM with password.
> >  kadmin: Cannot contact any KDC for requested realm while initializing
> >  kadmin
> >  interface
> >  -end-------------------------------------------------------
> >
> >  Here is my krb5.conf file :
> >  -begin-------------------------------------------------------
> >  [libdefaults]
> >  ticket_lifetime = 600
> >  default_realm = NEOTOKYO.COM
> >  default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
> >  default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
> >
> >  [realms]
> >  NEOTOKYO.COM = {
> >      kdc = SUN2.NEOTOKYO.COM
> >      admin_server = SUN2.NEOTOKYO.COM
> >      default_domain = NEOTOKYO.COM
> >  }
> >
> >  [domain_realm]
> >  .neotokyo.com = NEOTOKYO.COM
> >  neotokyo.com = NEOTOKYO.COM
> >
> >  [logging]
> >  kdc = FILE:/opt/k5/var/krb5kdc/kdc.log
> >  admin_server = FILE:/opt/k5/var/krb5kdc/kadmin.log
> >  -end-------------------------------------------------------
> >
> >  Neither kdc.log nor kadmind.log are showing anything
> >  special, not even the connection requests.
> >
> >  You can reach me at ymercier at mxtest.homedns.org if you wish
> >  to help
> >
> >  Yannick
> >
> >
> >  ________________________________________________
> >
> > ----------------------
> >  Hi,
> >  Try to get the TGT first by giving the command "kinit <principal name>".
> >
> >  Did you update the /etc/services file with the following services:
> >  kerberos        88/udp      kdc       # Kerberos authentication (udp)
> >  kerberos        88/tcp      kdc       # Kerberos authentication (tcp)
> >  krb5_prop       754/tcp               # Kerberos slave propagation
> >  kerberos-adm    749/tcp               # Kerberos 5 admin/changepw (tcp)
> >  kerberos-adm    749/udp               # Kerberos 5 admin/changepw (udp)
> >  eklogin         2105/tcp              # Kerberos encrypted rlogin
> >
> >  Also what does your kdc.conf look like and where(path) is it exactly.
> >
> >  Good Luck,
> >  Srini
> >
> > -------------------
> >  Hi,
> >  my /etc/services wasnt updated so I added the entries you specified
> >  below, thank you
> >
> >  The problem is still here though :
> >  -begin-------------------------------
> >  sun2# kinit -V yan/admin at NEOTOKYO.COM
> >  kinit(v5): Cannot contact any KDC for requested realm while
> >  getting initial credentials
> >  -end-------------------------------
> >
> >  Here is my kdc.conf :
> >  -begin-------------------------------
> >  sun2# pwd
> >  /opt/k5/var/krb5kdc
> >  sun2# cat kdc.conf
> >  [kdcdefaults]
> >      kdc_ports = 88
> >
> >  [realms]
> >      NEOTOKYO.COM = {
> >          database_name = /opt/k5/var/krb5kdc/principal
> >          key_stash_file = /opt/k5/var/krb5kdc/.k5.NEOTOKYO.COM
> >          kadmind_port = 749
> >          admin_keytab = /opt/k5/var/krb5kdc/kadm5.keytab
> >          acl_file = /opt/k5/var/krb5kdc/kadm5.acl
> >          max_life = 10h 0m 0s
> >          max_renewable_life = 7d 0h 0m 0s
> >          master_key_type = des3-hmac-sha1
> >          supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal
> >  des-cbc-crc:v4
> >          kdc_supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal
> >  des-cbc-crc:v4
> >      }
> >
> >  sun2#
> > -end----------------------------------------------
> >
> > ---------------------
> >
> > Hi Yan,
> > I think it is unable to locate the kdc. Where is your krb5.conf?
> >  - it is currently in /opt/k5/etc - I think it is used by kadmin when
> > connecting
> >  - because I tested it changing the hostname of the kdc in there and
> > sniffing the
> >  - network, I see kadmin trying to connect to the other machine. The thing
> I
> >  - found strange is that it is trying to connect to a udp port which is
> not
> >  - listening on the server. I have not specified any port in the config
> > files, I
> >  - assumed the client and server would use the default ports..
> >
> > Copy the krb5.conf to /etc and check. Then Please try to kill the krb5kdc
> > and
> > start it again.
> >  - Ill try that this evening when back at home.
> >
> > Are you able to ping SUN2.NEOTOKYO.COM?
> >  - Yep thats the same machine
> > Are the KDC and the client on the same m/c?
> >  - Yep
> >
> > Cheers,
> > Srini
> >
> 
> Can you run 'telnet SUN2.NEOTOKYO.COM 749' ?
> 
> Christian.
> 
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 
>

More information about the Kerberos mailing list