Help with trying to setup a KDC Slave

Matthew.GARRETT@external.total.com Matthew.GARRETT at external.total.com
Fri Mar 20 06:11:04 EDT 2009


Ken

Thanks for pointing out my stupidly
DNS was the problem.

The file /etc/nsswitch.conf had NIS then DNS
So doing a gethostbyaddr returned the short name which was in NIS but not 
the FQDN from DNS
So change /etc/nsswitch.conf file to have DNS first.


kprop -d -f slavedump hutch.uk.ad.ep.corp.local
8515 bytes sent.
Database propagation to hutch.uk.ad.ep.corp.local: SUCCEEDED

Matt

 


Ken Raeburn <rXXXXX at MIT.EDU> wrote on 19/03/2009 19:52:23:

> On Mar 19, 2009, at 12:45, Matthew.GARRETT at XXXXX.XXX.com wrote:
> > DNS both forward and reverse work fine for the Slave KDC
> 
> By "work fine", do you mean that when you look up 
> hutch.uk.ad.ep.corp.local you get an address (or more than one), and 
> when you look up that address, you get back the name 
> hutch.uk.ad.ep.corp.local?  Or do you just mean you get a name back? 
> In the default configuration of the MIT code, the name you get back 
> from looking up the address is generally the name that'll be used in 
> constructing a principal name.
> 
> Does your config file or DNS data indicate that 
> hutch.uk.ad.ep.corp.local is in UK.AD.EP.CORP.LOCAL?
> 
> Check the log file on the KDC.  It should indicate some kprop/* 
> principal being looked up if the host name is coming out wrong, or 
> possibly some krbtgt/* principal if it's coming up with the wrong 
> realm name.
> 
> Ken

Registered in England and Wales No.811900          
Registered Office 33 Cavendish Square, London W1G 0PW
This e-mail and any attachments are intended only for the person or entity
to whom it is addressed and may contain confidential or privileged
information.  If you are not the addressee, any disclosure, reproduction,
copying, distribution, or use of this communication is strictly prohibited.
If you are not the intended recipient or person responsible for delivering
this message to the named addressee, please notify us immediately and delete
this e-mail.
It is the responsibility of the addressee to scan this email and any
attachments for computer viruses or other defects.  The sender does not
accept liability for any loss or damage of any nature, however caused,
which may result directly or indirectly from this email or any file attached.


More information about the Kerberos mailing list