Problems with kpropd
Mike Dopheide
dopheide at ncsa.uiuc.edu
Tue Aug 8 14:43:06 EDT 2006
My first guess is that the slave KDC doesn't have a host/ entry in the
principal database (and in it's krb5.keytab). Check your kerberos logs
and see if you're getting a client not found error for
host/rapanui.ph.ic.ac.uk
Other common propagation problems come from missing entries in kpropd.acl,
the kpropd service not running on the slave, or the port being blocked
with TCPwrappers or iptables
-Mike
> Hi,
>
> I have a working Kerberos master server, and am attempting to set up
> replication via kpropd.
>
> I've followed the steps in the MIT documentation, but then from this
> command:
>
> kprop -f test_kerb_slave_db rapanui.ph.ic.ac.uk
>
> I get output:
>
> kprop: Cannot resolve network address for KDC in requested realm while
> getting initial ticket
>
>
> Adding the realm, as follows:
>
> kprop -r PH.IC.AC.UK -f test_kerb_slave_db rapanui.ph.ic.ac.uk
>
> gives:
>
> kprop: Client not found in Kerberos database while getting initial ticket
>
> Adding the keytab location with -s /etc/krb5.keytab doesn't help (same
> error about 'Client not found...').
>
>
> Any suggestions as to what might be wrong or how I can get more
> information? I'm running version 1.4.3-8 on Debian stable (sparc version)
>
>
> Many thanks,
>
> Juliet
>
> --
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> + Ms Juliet Kemp +
> + Computer Manager star at imperial.ac.uk +
> + Astrophysics Group +
> + Imperial College Tel: +44 (0)20759 47538 +
> + London. SW7 2AZ Fax: +44 (0)20759 47541 +
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
More information about the Kerberos
mailing list