Cannot contact any KDC for requested realm while getting initial credentials

Jeff Blaine jblaine at kickflop.net
Tue Aug 12 17:06:52 EDT 2008 

Hi all, I'm having a very strange problem below that I
cannot figure out.  Any advice would be great to hear.

First a block showing the problem, then a block showing
that a different machine works perfectly fine (and others
I've tested but not showing here for briefness).

Basically, the master KDC, rcf-kdc1.foo.com, can't seem
to do jack.

============================================================
rcf-kdc1# grep hosts /etc/nsswitch.conf
hosts:      files dns
rcf-kdc1#

rcf-kdc1# cat /etc/krb5.conf
[libdefaults]
     default_realm = RCF.FOO.COM
     forwardable = yes
     ticket_lifetime = 7d

[appdefaults]
     forwardable = yes

[domain_realm]
     .foo.com = RCF.FOO.COM

[realms]
     RCF.FOO.COM = {
         kdc = rcf-kdc1.foo.com
         kdc = rcf-kdc2.foo.com
         kdc = rcf-kdc3.foo.com
         admin_server = rcf-kdc1.foo.com
}

[logging]
         kdc = FILE:/var/adm/krb5kdc.log
         admin_server = FILE:/var/adm/kadmin.log
         default = FILE:/var/adm/krb5lib.log

rcf-kdc1# uname -n
rcf-kdc1.foo.com

rcf-kdc1# nslookup rcf-kdc1.foo.com
Server:         1xx.xx.xx.xxx
Address:        1xx.xx.xx.xxx#53

Name:   rcf-kdc1.foo.com
Address: 1xx.xx.xx.yyy

rcf-kdc1# kinit -p jblaine
kinit(v5): Cannot contact any KDC for realm 'RCF.FOO.COM' while getting
initial credentials

rcf-kdc1# ps -ef | grep krb5kdc
root      6837     1  0 13:21 ?        00:00:00
/var/rcf-kdc1-krb5/sbin/krb5kdc
root     14166  2856  0 16:57 pts/0    00:00:00 grep krb5kdc

rcf-kdc1# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
rcf-kdc1#

============================================================

~:cairo> cat /etc/krb5.conf
[libdefaults]
     default_realm = RCF.FOO.COM
     forwardable = yes
     ticket_lifetime = 7d

[appdefaults]
     forwardable = yes

[domain_realm]
     .foo.com = RCF.FOO.COM

[realms]
     RCF.FOO.COM = {
         kdc = rcf-kdc1.foo.com
         kdc = rcf-kdc2.foo.com
         kdc = rcf-kdc3.foo.com
         admin_server = rcf-kdc1.foo.com
}

[logging]
         kdc = FILE:/var/adm/krb5kdc.log
         admin_server = FILE:/var/adm/kadmin.log
         default = FILE:/var/adm/krb5lib.log

~:cairo> kinit -p jblaine
Password for jblaine at RCF.FOO.COM:
~:cairo>

More information about the Kerberos mailing list