Cannot locate the kdc erro
Matias Silva
matt at nospam.com
Fri Aug 6 11:07:27 EDT 2004
Matt Silva wrote:
> Hi there, I'm very knew to kerberos so please bare with me. I'm using
> the Oreilly book: Kerberos, The Definitive Guide to help me out. I have
> followed all the steps and tested the kdc and kadmin locally on a Linux
> Redhat 9. As far as I can tell it works locally, but when I use the
> Leash Ticket Manager for windows, I can't retrieve any tickets. I have
> only tried to implement Kerberos 5 (version 1.3.4) on my Linux server.
>
> I understand that kerberos is very picky about DNS, and I used the
> test/resolve program and that was successfull. I am having trouble
> setting up a reverse dns entry which i'm not sure if that is required???
>
> I don't get any errors when starting the krb5kdc and kadmind. But I
> don't see the kdc running, only the kadmin, and that corresponds to
> my Leash errors (see below). Is there something that I'm missing in
> any of my config files (see below).
>
> For whatever its worth, I compiled kerberos to install completely in
> good/usr/local/kerberos
>
> Apreciate the help,
> Matt
>
>
> When I nmap localhost I get:
>
>
> Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-08-05 22:59
> CDT
> Interesting ports on localhost (127.0.0.1):
> (The 1651 ports scanned but not shown below are in state: closed)
> PORT STATE SERVICE
> 22/tcp open ssh
> 25/tcp open smtp
> 80/tcp open http
> 143/tcp open imap
> 749/tcp open kerberos-adm
> 3306/tcp open mysql
>
>
> Should the kdc be there on the list? When checking my kadmin log file
> I get the following warning:
>
>
> Aug 05 22:57:59 thunderbolt kadmind[5253](Error): WARNING! Cannot find
> dictionary file /usr/local/kerberos/var/krb5kdc/kadm5.dict, continuing
> without one.
>
>
> When checking the krbkdc log file I get the following:
>
>
> Aug 05 22:57:53 thunderbolt krb5kdc[5251](info): setting up network...
> Aug 05 22:57:53 thunderbolt krb5kdc[5251](info): skipping unrecognized
> local address family 17
> Aug 05 22:57:53 thunderbolt krb5kdc[5251](info): listening on fd 6: udp
> 70.45.57.228.749
> Aug 05 22:57:53 thunderbolt krb5kdc[5251](info): listening on fd 7: udp
> 70.45.57.228.88
> Aug 05 22:57:53 thunderbolt krb5kdc[5251](info): set up 2 sockets
> Aug 05 22:57:53 thunderbolt krb5kdc[5252](info): commencing operation
> (END)
>
>
> Heres my krb5.conf file located in /usr/local/kerberos/etc which was
> transposed from the book, but shown here with ficticious domains to
> protect the inocent:
>
>
> [libdefaults]
> default_realm = MYDOMAIN.COM
>
> [realms]
> MYDOMAIN.COM = {
> kdc = systemname.mydomain.com:88
> admin_server = systemname.mydomain.com:749
> default_domain = mydomain.com
> }
>
> [domain_realm]
> mydomain.com = MYDOMAIN.COM
> .mydomain.com = MYDOMAIN.COM
>
> [logging]
> kdc = FILE:/var/log/krb5dkc.log
> admin_server = FILE:/var/log/kadmin.log
> default = FILE:/var/log/krb5lib.log
>
>
> And last but not least, heres my krb5kdc.conf file:
>
>
> [kdcdefaults]
> kdc_ports = 88,749
>
> [realms]
> MYDOMAIN.COM = {
> database_name = /usr/local/kerberos/var/krb5kdc/principal
> admin_keytab = /usr/local/kerberos/var/krb5kdc/kadm5.keytab
> acl_file = /usr/local/kerberos/var/krb5kdc/kadm5.acl
> dict_file = /usr/local/kerberos/var/krb5kdc/kadm5.dict
> key_stash_file = /usr/local/kerberos/var/krb5kdc/.k5.MYDOMAIN.COM
> kadmind_port = 749
> max_life = 10h 0m 0s
> max_renewable_life = 7d 0h 0m 0s
> master_key_type = des3-hmac-sha1
> supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal
> }
>
>
> When I use Leash I get an error:
>
> Kerberos 5: Cannont find KDC for requested realm (error 154)
> Kerberos 4: Cannot contact the kerberos server for the selected realm
> (kerberos error 57)
>
> Cannot contact the kerberos server for the selected realm
> (Kerberos error 57)
>
scratch the good/usr/local/kerberos it should read /usr/local/kerberos
Matt
More information about the Kerberos
mailing list