Help needed. Cannot run kadmin. Error msg: kadmin: Communicationfailure with server while initializing kadmininterface

debbie debbie debbiechyes at yahoo.com
Wed Mar 3 21:13:00 EST 2004 

Dear Douglas and all,

Thanks for all the advice. I'd finally got what you
all mean and thank God my kerberos server is now
running ok. Thanks to u all too :). (The same client
which is residing in the same machine can now request
for telnet services)

I am trying ftp now. However, there seems to be some
problem. When I tried to ftp the local machine, the
authentication works fine and no password login are
prompted. But when i tried to ftp let say on another
ip alias (in the same machine), errors were shown.
Below are the errors, hopefully someone can help me on
this.

//Using another ip alias (192.168.82.4)

ftp cheese
Connected to pizza.com.
220 alpine FTP server (Version 5.60) ready.
334 Using authentication type GSSAPI; ADAT must follow
GSSAPI accepted as authentication type
GSSAPI error major: Miscellaneous failure
GSSAPI error minor: Wrong principal in request
GSSAPI error: accepting context
GSSAPI ADAT failed
GSSAPI authentication failed
KERBEROS_V4 accepted as authentication type
Kerberos V4 krb_mk_req failed: You have no tickets
cached
Name (cheese:root): debbie
Login failed.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>


//Using the hostname ip

[root at alpine root]# ftp alpine
Connected to example.com.
220 alpine FTP server (Version 5.60) ready.
334 Using authentication type GSSAPI; ADAT must follow
GSSAPI accepted as authentication type
GSSAPI authentication succeeded
Name (alpine:root): debbie
232 GSSAPI user debbie at EXAMPLE.COM is authorized as
debbie
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>


Thank you in advance again. Hope to hear from you all
soon.

Warmest regards,
debbie
--- "Douglas E. Engert" <deengert at anl.gov> wrote:
> 
> 
> debbie debbie wrote:
> > 
> > Dear Douglas,
> > 
> > Thanks for your advise. I'd tried running kadmind
> > server and the error output are shown as below:
> > 
> > [root at alpine root]# kadmind
> > kadmind: Cannot set GSS-API authentication names.
> 
> This is a problem, the kadmind is a daemon and
> should stay running. 
> #define KADM5_ADMIN_SERVICE     "kadmin/admin"
> 
> You need a principal for the service: 
> 
>  kadmin/admin at EXAMPLE.COM
> 
> > 
> > I also checked the krb5kdc.log file
> > 
> > Feb 27 10:06:51 alpine krb5kdc[2203](info):
> setting up
> > network...
> > Feb 27 10:06:51 alpine krb5kdc[2203](info):
> listening
> > on fd 7: 192.168.82.3 port 88
> > Feb 27 10:06:51 alpine krb5kdc[2203](info):
> listening
> > on fd 8: 192.168.82.3 port 750
> > Feb 27 10:06:51 alpine krb5kdc[2203](info):
> listening
> > Feb 27 10:06:51 alpine krb5kdc[2203](info): set up
> 4
> > sockets
> > Feb 27 10:06:51 alpine krb5kdc[2204](info):
> commencing
> > operation
> > 
> > Thank you for reviewing my email. Really
> appreciate if
> > you could further advice me on what to do next.
> I'd
> > tried re-edit krb5.conf and kdc.conf file but
> unable
> > to solved the above problem. I can see from the
> log
> > file that the kdc is listening at port 750 which
> > belongs to krb4. Could this be the problem? If it
> is
> > how can I resolve this?
> > 
> > I'd also googled for some advice and found that
> many
> > suggested it could be due to the different host
> > principal use. Some even suggested that the
> mismatch
> > of realm and domain name. How to test whether I am
> > using the correct realm or principal? Below are my
> > /etc/hosts just in case I did a mistake.
> > 
> > 127.0.0.1               localhost.localdomain
> > localhost
> > 192.168.82.3            example.com alpine
> > 192.168.82.4            pizza.com cheese
> > 
> > Pls help. Thanks in advance.
> > 
> > Warmest regards,
> > debbie
> > 
> > --- "Douglas E. Engert" <deengert at anl.gov> wrote:
> > > Did you start the kadmind server?
> > > Is it running on 749?
> > >
> > >
> > >
> > > debbie debbie wrote:
> > > >
> > > > Dear all,
> > > >
> > > > Hi there. I quite new in Kerberos. Wish to set
> up
> > > a
> > > > simple single sign-on systems. Currently using
> > > RH9.0
> > > > kerberos rpm packages to setup the KDC. Using
> > > > /etc/hosts to resolve the name. Need help as
> I'm
> > > stuck
> > > > when trying to run kadmin. Tried googled for
> some
> > > > suggestions but was rather confused on
> different
> > > sets
> > > > of instruction given by different websites.
> > > >
> > > > Below are the configuration file and error
> > > messages:
> > > >
> > > > 1. /etc/krb5.conf
> > > >
> > > > [libdefaults]
> > > >  ticket_lifetime = 24000
> > > >  default_realm = EXAMPLE.COM
> > > >  dns_lookup_realm = false
> > > >  dns_lookup_kdc = false
> > > >
> > > > [realms]
> > > >  EXAMPLE.COM = {
> > > >   kdc = alpine.example.com:88
> > > >   admin_server = alpine.example.com:749
> > >
> > > Make sure there is no blank after the 749
> > > or try removing the :749
> > >
> > >
> > > >   default_domain = example.com
> > > >  }
> > > >
> > > > [domain_realm]
> > > >  .example.com = EXAMPLE.COM
> > > >  example.com = EXAMPLE.COM
> > > >
> > > > [kdc]
> > > >  profile = /var/kerberos/krb5kdc/kdc.conf
> > > >
> > > >
> > > > 2. /krb5kdc/kdc.conf
> > > >
> > > > [kdcdefaults]
> > > >  acl_file = /var/kerberos/krb5kdc/kadm5.acl
> > > >  dict_file = /usr/share/dict/words
> > > >  admin_keytab =
> /var/kerberos/krb5kdc/kadm5.keytab
> > > >  v4_mode = nopreauth
> > > >
> > > > [realms]
> > > >  EXAMPLE.COM = {
> > > >   master_key_type = des-cbc-crc
> > > >   supported_enctypes = des3-cbc-sha1:normal
> ....
> > > >  }
> > > >
> > > > I'd managed to create the master key and save
> it
> > > in
> > > > the stash file. Also managed to run krb5kdc
> > > command
> > > > without file as I'd checked the kdc log file.
> Able
> > > to
> > > > use kadmin.local command to create admin/admin
> > > > principle and when i run klist -f, below are
> the
> > > > output displayed:
> > > >
> > > > [root at alpine root]# klist -f
> > > > Ticket cache: FILE:/tmp/krb5cc_0
> > > > Default principal: admin/admin at EXAMPLE.COM
> > > >
> > > > Valid starting     Expires            Service
> > > > principal
> > > > 02/25/04 15:15:33  02/26/04 01:15:33
> > > > krbtgt/EXAMPLE.COM at EXAMPLE.COM
> > > >         Flags: I
> > > > 02/25/04 15:16:20  02/26/04 01:15:33
> > > host at EXAMPLE.COM
> > > >         Flags: T
> > > > 02/25/04 15:16:34  02/26/04 01:15:33
> > > > admin/admin at EXAMPLE.COM
> > > >         Flags: T
> > > >
> > > >
> > > > Kerberos 4 ticket cache: /tmp/tkt0
> > > > klist: You have no tickets cached
> > > >
> > > > I'd believe the ticket have already been
> created
> > > > locally and managed to run kinit admin/admin
> > > > successfully. However, when I run kadmin
> command,
> > > > below are the error displayed:
> > > >
> > > > [root at alpine root]# kadmin
> > > > Authenticating as principal
> > > admin/admin at EXAMPLE.COM
> > > > with password.
> > > > Enter password:
> > > > kadmin: Communication failure with server
> while
> > > > initializing kadmin interface
> > > >
> > > > Thanks for reviewing this mail. Really
> appreciate
> > > if
> > > > anyone can help on this matter. Thanks.
> > > >
> > > > Warmest regards,
> 
=== message truncated ===


__________________________________
Do you Yahoo!?
Yahoo! Search - Find what you’re looking for faster
http://search.yahoo.com

More information about the Kerberos mailing list