Cannot contact any KDC for the requested realm
robf
robf at robf.nl
Sun Nov 30 16:41:41 EST 2003
Noolyg wrote:
> Thanks for the answer, I think you are right about the DNS, but i have
> the REALM entry in the krb5.ini (windows) it looks like that:
>
> [libdefaults]
> default_realm = MYREALM
> default_tgs_enctypes = des-cbc-crc
> default_tkt_enctypes = des-cbc-crc
> forwardable = true
> proxiable = true
> [login]
> krb4_convert = false
> krb4_get_tickets = false
> [realms]
> MYREALM = {
> admin_server = 172.16.13.110:88
> default_domain = sks.kerb
> kdc = 172.16.13.110:88
> }
>
> Is there something wrong with it?
> Shold i add this somewhere else?
>
> Thanks a lot.
>
> jaltman2 at nyc.rr.com (Jeffrey Altman) wrote in message news:<3FC508B4.9090005 at nyc.rr.com>...
>
>>You do not have a REALM entry in your krb5.conf file for the realm
>>you are attempting to contact, so DNS is being used. But the local
>>DNS server does not have the data and must propagate a query. The
>>network has a long propagation delay and therefore the Kerberos
>>client times out before the response arrives.
>>
>>The second time you attempt the tgt request, the local DNS server
>>has the response cached so the response arrives before the timeout
>>period.
>>
This looks like your dns server has more then name tied to 172.16.13.110:88
From the same client do a reverse lookup:
dig @<dns server address> -x 172.16.13.110 two time after each other
Does it reveal the same name ??
Rob
More information about the Kerberos
mailing list