Server not found in Kerberos database error on ldapsearch
Zharovsky Evgeniy
Evgeniy.Zharovsky at Verwaltung.Uni-Muenchen.DE
Wed Nov 14 07:07:15 EST 2007
> You should not need these.
Ok.
> Some things to try:
>
> Wireshare or other trace program to see DNS and Kerberos requests.
> This should show name of the "Server not found in Kerberos database"
I captured the request dialog with wireshark and got this (the things I think
are important):
MSG Type: KRB-ERROR
Error_code: KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
Realm: EXAMPLE.COM
Server Name (Unknown): krbtgt/COM
Name-type: Unknown (0)
Name: krbtgt
Name: COM
I guess that indicates an error in my krbtgt setup. But where should I search
for it and what does the right setup look like?
> On the unix side, do you have a /etc/krb5.conf or /etc/krb5.conf?
> Is the default realm (in uppercase) the same as the AD domain name?
> if not, you may need a krb5.conf, or the -R option on ldapsearch.
Yes, I do have a krb5.conf on the unix side. Here it is:
[libdefaults]
default_realm=EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = false
# default_tkt_enctypes = des-cbc-md5 des-cbc-crc
# default_tgs_enctypes = des-cbc-md5 des-cbc-crc
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
# v4_instance_resolve = false
# v4_name_convert = {
[realms]
EXAMPLE.COM = {
kdc = 192.168.10.4:88
admin_server = 192.168.10.4:749
}
[domain_realm]
.example.com = EXAMPLE.COM
As you can see, it is a setup for some tests...
-----------------
Evgeniy Zharovsky
Ludwig-Maximilians-Universitaet
Ref. IIIA5 (Sicherheitstechnik und Verzeichnisdienste)
Martiusstr. 4 / 207
80539 Muenchen
email mailto:evgeniy.zharovsky at verwaltung.uni-muenchen.de
More information about the Kerberos
mailing list