Help with trying to setup a KDC Slave
Matthew.GARRETT at external.total.com
Thu Mar 19 12:45:13 EDT 2009
I am struggling a bit to set up a KDC Slave and was hoping some one might
be able to point out my mistakes.
KDC Master = starsky.uk.ad.ep.corp.local
KDC Slave = hutch.uk.ad.ep.corp.local
On the KDC Master I have done the following
addprinc -randkey host/starsky.uk.ad.ep.corp.local
addprinc -randkey host/hutch.uk.ad.ep.corp.local
Then copied via scp the file /etc/krb5.keytab to the KDC Slave hutch
Created on both KDC Master and Slave
host/starsky.uk.ad.ep.corp.local at UK.AD.EP.CORP.LOCAL
host/hutch.uk.ad.ep.corp.local at UK.AD.EP.CORP.LOCAL
Setup xinetd for krb5_prop etc etc
The Dump on the KDC Master works fine.
kdb5_util dump /var/kerberos/krb5kdc/slavedump
However when I try and do the kprop I get the following
kprop -f /var/kerberos/krb5kdc/slavedump hutch.uk.ad.ep.corp.local
kprop: Server not found in Kerberos database while getting initial ticket
DNS both forward and reverse work fine for the Slave KDC
ktutil looks correct to me.
ktutil: rkt /etc/krb5.keytab
slot KVNO Principal
1 3 host/hutch.uk.ad.ep.corp.local at UK.AD.EP.CORP.LOCAL
2 3 host/hutch.uk.ad.ep.corp.local at UK.AD.EP.CORP.LOCAL
3 3 host/hutch.uk.ad.ep.corp.local at UK.AD.EP.CORP.LOCAL
4 3 host/hutch.uk.ad.ep.corp.local at UK.AD.EP.CORP.LOCAL
5 6 host/starsky.uk.ad.ep.corp.local at UK.AD.EP.CORP.LOCAL
6 6 host/starsky.uk.ad.ep.corp.local at UK.AD.EP.CORP.LOCAL
7 6 host/starsky.uk.ad.ep.corp.local at UK.AD.EP.CORP.LOCAL
8 6 host/starsky.uk.ad.ep.corp.local at UK.AD.EP.CORP.LOCAL
NTP is setup on both Master and Slave and is working fine.
Clients can happily connect to the Master , I just can not get the dump to
Thanks in advance.
Senior IS Technical Analyst
Tel: 01224 297889
Fax: 01224 296806
Email: Matthew.Garrett at total.com
Total E&P UK, Crawpeel Road, Altens Industrial Estate, Aberdeen AB12 3FG
Registered in England and Wales No.811900
Registered Office 33 Cavendish Square, London W1G 0PW
This e-mail and any attachments are intended only for the person or entity
to whom it is addressed and may contain confidential or privileged
information. If you are not the addressee, any disclosure, reproduction,
copying, distribution, or use of this communication is strictly prohibited.
If you are not the intended recipient or person responsible for delivering
this message to the named addressee, please notify us immediately and delete
It is the responsibility of the addressee to scan this email and any
attachments for computer viruses or other defects. The sender does not
accept liability for any loss or damage of any nature, however caused,
which may result directly or indirectly from this email or any file attached.
More information about the Kerberos