kadmin problem
Edward Murrell
edward at dlconsulting.com
Wed Jan 3 17:38:52 EST 2007
Hi Soctty,
Unfortunately, I've been on Holiday for over the Christmas break, so I
didn't check my email.
It looks like the problem is that you're defining a realm for each
computer rather than for your network.
So, if your domain is called example.com, and your computers are called
gaza and horse, you should have one realm called EXAMPLE.COM, and then
create two principle entries for gaza and horse, and another for your
user. eg;
host/horse.example.com at EXAMPLE.COM
host/gaza.example.com at EXAMPLE.COM
scotty at EXAMPLE.COM
I'm afraid can't help you with the exact details of your setup, since I
have not used Solaris or Win2K3 with Kerberos. I am led to believe that
they are mostly compatible for the purposes of passwords though.
Regards
Edward
P.S. I would heartily recommend replying to the list next time.
scotty adams wrote:
> Hi Edward,
>
> Can you please elaborate more on this issue, i urgently need your help.
> As mentioned i have 2 machines. A windows 2003 and a solaris 9 machine.
> If you can guide me to set kerberos and make it operate in a short
> time i will be really thankful.
> Please advise me what should i do on both machines.
> Please provide me with the set of command to accomplish that.
>
> Thanks,
> Scotty
>
> */Edward Murrell <edward at dlconsulting.com>/* wrote:
>
> Hi Scotty,
>
> The problem sounds like the Kerberos realms are different on each
> machine, rather than the hosts name.
>
> What is the default realm for the kdc and the client machine? Also, if
> you do a klist before running kadmin, what realm does it list?
>
> Regards
> Edward Murrell
> edward at dlconsulting.com
>
>
> scotty adams wrote:
> > hi everyone,
> >
> > i am trying to configure kerberos 5 on a solaris 9 machine
> > i am getting this error:
> > kadmin: Client/server realm mismatch in initial ticket request
> while initializing kadmin interface
> > can anyone help me fix this problem, the server and client have
> their corresponding hostnames in their hosts file
> >
> > thanks,
> > Scotty
> Hi Edward,
>
> This is my klist output
>
> --------------------------------
> #klist
> Ticket cache: /tmp/krb5cc_0
> Default principal: amadmin at SCOTTY.COMPUTER1.COM
>
> Valid starting
> Expires Service principal
> Sun 24 Dec 2006 11:17:49 AM EET Sun 24 Dec 2006 07:17:49 PM EET
> krbtgt/SCOTTY.COMPUTER1.COM at SCOTTY.COMPUTER1.COM
> renew until Sun 31 Dec 2006 11:17:49 AM EET
> -----------------------------------------------
>
> can you please advise me how to continue?
>
> Thanks,
> Scotty
>
More information about the Kerberos
mailing list