Cannot locate the kdc erro

Matt Silva matt at nospam.net
Fri Aug 6 02:00:05 EDT 2004 

Hi there, I'm very knew to kerberos so please bare with me. I'm using
the Oreilly book: Kerberos, The Definitive Guide to help me out.  I have 
followed all the steps and tested the kdc and kadmin locally on a Linux
Redhat 9.  As far as I can tell it works locally, but when I use the 
Leash Ticket Manager for windows, I can't retrieve any tickets.  I have
only tried to implement Kerberos 5 (version 1.3.4) on my Linux server.

I understand that kerberos is very picky about DNS, and I used the
test/resolve program and that was successfull.  I am having trouble
setting up a reverse dns entry which i'm not sure if that is required???

I don't get any errors when starting the krb5kdc and kadmind.  But I 
don't see the kdc running, only the kadmin, and that corresponds to
my Leash errors (see below).  Is there something that I'm missing in
any of my config files (see below).

For whatever its worth, I compiled kerberos to install completely in
good/usr/local/kerberos

Apreciate the help,
Matt


When I nmap localhost I get:


Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-08-05 22:59 CDT
Interesting ports on localhost (127.0.0.1):
(The 1651 ports scanned but not shown below are in state: closed)
PORT     STATE SERVICE
22/tcp   open  ssh
25/tcp   open  smtp
80/tcp   open  http
143/tcp  open  imap
749/tcp  open  kerberos-adm
3306/tcp open  mysql


Should the kdc be there on the list?  When checking my kadmin log file
I get the following warning:


Aug 05 22:57:59 thunderbolt kadmind[5253](Error): WARNING!  Cannot find 
dictionary file /usr/local/kerberos/var/krb5kdc/kadm5.dict, continuing 
without one.


When checking the krbkdc log file I get the following:


Aug 05 22:57:53 thunderbolt krb5kdc[5251](info): setting up network...
Aug 05 22:57:53 thunderbolt krb5kdc[5251](info): skipping unrecognized 
local address family 17
Aug 05 22:57:53 thunderbolt krb5kdc[5251](info): listening on fd 6: udp 
70.45.57.228.749
Aug 05 22:57:53 thunderbolt krb5kdc[5251](info): listening on fd 7: udp 
70.45.57.228.88
Aug 05 22:57:53 thunderbolt krb5kdc[5251](info): set up 2 sockets
Aug 05 22:57:53 thunderbolt krb5kdc[5252](info): commencing operation
(END)


Heres my krb5.conf file located in /usr/local/kerberos/etc which was 
transposed from the book, but shown here with ficticious domains to 
protect the inocent:


[libdefaults]
default_realm = MYDOMAIN.COM

[realms]
    MYDOMAIN.COM = {
       kdc = systemname.mydomain.com:88
       admin_server = systemname.mydomain.com:749
       default_domain = mydomain.com
    }

[domain_realm]
    mydomain.com = MYDOMAIN.COM
    .mydomain.com = MYDOMAIN.COM

[logging]
    kdc = FILE:/var/log/krb5dkc.log
    admin_server = FILE:/var/log/kadmin.log
    default = FILE:/var/log/krb5lib.log


And last but not least, heres my krb5kdc.conf file:


[kdcdefaults]
kdc_ports = 88,749

[realms]
    MYDOMAIN.COM = {
       database_name = /usr/local/kerberos/var/krb5kdc/principal
       admin_keytab = /usr/local/kerberos/var/krb5kdc/kadm5.keytab
       acl_file = /usr/local/kerberos/var/krb5kdc/kadm5.acl
       dict_file = /usr/local/kerberos/var/krb5kdc/kadm5.dict
       key_stash_file = /usr/local/kerberos/var/krb5kdc/.k5.MYDOMAIN.COM
       kadmind_port = 749
       max_life = 10h 0m 0s
       max_renewable_life = 7d 0h 0m 0s
       master_key_type = des3-hmac-sha1
       supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal
    }


When I use Leash I get an error:

Kerberos 5: Cannont find KDC for requested realm (error 154)
Kerberos 4: Cannot contact the kerberos server for the selected realm 
(kerberos error 57)

Cannot contact the kerberos server for the selected realm
(Kerberos error 57)

More information about the Kerberos mailing list