Error when creating realm in openldap
Greg Hudson
ghudson at MIT.EDU
Mon Nov 7 10:34:54 EST 2011
On 11/07/2011 09:50 AM, Ethan Koh wrote:
> kdb5_ldap_util: Hostname cannot be canonicalized krb5_sname_to_principal,
> while adding entries to the database
kdb5_ldap_util needs to create a kadmin/hostname principal for your
realm. To do that, it wants to know the canonical name of your host.
This is determined by:
1. Calling gethostname() (same output as the "hostname" command)
2. Forward-resolving the hostname with getaddrinfo() to get the
canonical name. If this step fails, an error like the one you saw is
thrown.
3. Reverse-resolving the IP address from #2 with getnameinfo(), unless
"rdns = false" is set in [libdefaults] in krb5.conf. If this step
fails, the result of step 2 is used unmodified, so it's probably not
your issue.
> ----------------------
> /etc/hosts
> ----------------------
> 127.0.0.1 kerberos.example.com kerberos
> 127.0.0.1 ldap.example.com ldap
> 192.168.0.101 ubuntu
What does the "hostname" command output?
More information about the Kerberos
mailing list