automigrate accounts into kerberos not working
Connolly_Patrick@bah.com
Connolly_Patrick at bah.com
Fri Jun 2 12:34:24 EDT 2006
Hey All
I have a network of Solaris 10 servers. I have kerberos configured with
a master & slave server. Everything is working except for the
automigrate. I followed the instructions for "Configuring Automatic
Migration of Users in a Kerberos Realm" at
http://docs.sun.com/app/docs/doc/816-4557/6maosrjli?a=view.
I am seeing the following messages in the KDC log:
Jun 02 09:31:30 <kdc master> krb5kdc[1564](info): AS_REQ <client
IP>(0): CLIENT_NOT_FOUND <user>@<realm> for krbtgt/<domain>@<realm>,
client not found in kerberos
Jun 02 09:31:30 <kdc master> krb5kdc[1564](info): DISPATCH: repeated
(retransmitted?) request from <client ip> port 0, resending previous
responce
Jun 02 09:31:30 <kdc master> krb5kdc[1564](info): AS_REQ <client
IP>(0): NEEDED_PREAUTH: host/<client fqdn>@<realm> for kadmin/<kdc
master fqdn>@<realm>, Additional pre-authentication required
Jun 02 09:31:30 <kdc master> krb5kdc[1564](info): AS_REQ <client
IP>(0): ISSUE: authtime 1149255095, host/<client fqdn>@<realm> for
kadmin/<kdc master fqdn>@<realm>
Jun 02 09:31:30 <kdc master> kadmin[1705](notice): Request: kadm5_init,
host/<client fqdn>@<realm>, success, client=host/<client fqdn>@<realm>,
server=kadmin/<kdc master fqdn>@<realm>, addr= (<client ip>)
Jun 02 09:31:30 <kdc master> kadmin[1705](notice): Unauthorized
request: kadm5_get_principal, <user>@<realm>, client=host/<client
fqdn>@<realm>, server=kadmin/<kdc master fqdn>@<realm>, addr= (<client
ip>)
Jun 02 09:31:30 <kdc master> kadmin[1705](notice): Unauthorized
request: kadm5_create_principal, <user>@<realm>, client=host/<client
fqdn>@<realm>, server=kadmin/<kdc master fqdn>@<realm>, addr= (<client
ip>)
The first two messages I expect to see since the account does not yet
exist in kerberos. The user name and password are correct since the
unix auth works and I am able to login.
Any ideas?
Thanks
Patrick Connolly
More information about the Kerberos
mailing list