KDC 1.15 startup error: Invalid credentials - while initializing database
jwinius at umrk.nl
Thu Apr 13 13:38:33 EDT 2017
Quoting "Pallissard, Matthew" <krb at pallissard.net>:
> You could also try pointing your new KDC to your old LDAP server to
> see whether or not the issue is with your LDAP instance or the KDC
That worked. In other words, the problem is with the new slapd server.
> You should check your slapd logs as well.
Nothing new there. Hold on! How can I have missed this?
slapd: GSSAPI Error: Unspecified GSS failure. \
Minor code may provide more information \
(Server ldap/localhost at EXAMPLE.COM not found in Kerberos database)
So, it's attempting to authenticate to the Kerberos master as
'localhost'... and it turns out that I had not successfully replicated
the DIT after all. Doh!
> Also, now that I'm looking at config you originally posted a little
> more closely, it looks like you're missing the 'ldap_servers' line ...
Omitting that line causes it to connect to ldapi:///. It probably
doesn't make a difference, since I don't use it elsewhere, but I'll
keep an eye on it.
> and that you've misspelled 'ladap_conns_per_server'.
Thanks for spotting that. It's a mistake I made years ago and never
noticed. But, in this case fixing it made no difference.
> FWIW here's a stripped down working config that I've used.
I'll check it out later after I've fixed the localhost problem.
More information about the Kerberos