Error when creating realm in openldap

Greg Hudson ghudson at MIT.EDU
Mon Nov 7 10:34:54 EST 2011


On 11/07/2011 09:50 AM, Ethan Koh wrote:
>   kdb5_ldap_util: Hostname cannot be canonicalized krb5_sname_to_principal,
> while adding entries to the database

kdb5_ldap_util needs to create a kadmin/hostname principal for your
realm.  To do that, it wants to know the canonical name of your host.
This is determined by:

1. Calling gethostname() (same output as the "hostname" command)
2. Forward-resolving the hostname with getaddrinfo() to get the
canonical name.  If this step fails, an error like the one you saw is
thrown.
3. Reverse-resolving the IP address from #2 with getnameinfo(), unless
"rdns = false" is set in [libdefaults] in krb5.conf.  If this step
fails, the result of step 2 is used unmodified, so it's probably not
your issue.

> ----------------------
> /etc/hosts
> ----------------------
> 127.0.0.1 kerberos.example.com kerberos
> 127.0.0.1 ldap.example.com ldap
> 192.168.0.101    ubuntu

What does the "hostname" command output?




More information about the Kerberos mailing list