f



Cannot resolve network address for KDC in requested realm while

Dear sir,

        When I join the windows 2003 domain using the command kinit, while I am getting the error "cannot resolve network address for KDC is requested realm while getting initial credentials"

        Another one when I join the windows 2003 domain using the command " net ads join -U administrator" I am getting following error 
   "utils/net_ads.c:ads_startup(186)
    ads_connect:No such file (or) directory"
So kindly send the mail How to rectify this problem.

With Regards
R.Balaji
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

0
2/16/2006 1:06:23 PM
comp.protocols.kerberos 5541 articles. 1 followers. jwinius (31) is leader. Post Follow

0 Replies
872 Views

Similar Articles

[PageSpeed] 14

Reply:

Similar Artilces:

samba+kerberos "cannot resolve network address for KDC in requested realm"
Hi, i'm quite new on kerberos and samba so i hope my question is not so stupid and i hope somebody could help me. I'm trying to join a linux machine (3.0.14a-Debian) to a W2K3 domain a member . I would like to have ads security on it but i dont know why i get this message "cannot resolve network address for KDC in requested realm" when i try "net ads join -U myuser%mypassword". Maybe i did not give u enough information to know what's the problem. Thank's in advance --------------------------------- LLama Gratis a cualquier PC del Mundo. Llamadas a fijos y m�viles desde 1 c�ntimo por minuto. http://es.voice.yahoo.com ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ...

MIT Kerberos: Cannot resolve network address for KDC in realm
Hi: I've been having a hard time getting MIT Kerberos up and running on solaris 10. The latest of my problems is this error when i run kinit from the KDC. dsldap01$ /krb5/bin/kinit rob/admin@alezeo.com kinit(v5): Cannot resolve network address for KDC in realm alezeo.com while getting initial credentials This sounds like a DNS problem, but I don't think it is. dsldap01$ host -t A dsldap01.alezeo.com dsldap01.alezeo.com has address 10.93.120.72 Also in my hosts file: 127.0.0.1 localhost 10.93.120.72 dsldap01.alezeo.com dsldap01 loghost Here is my krb5.conf ============= [libdefaults] dns_lookup_realm = false default_realm = ALEZEO.COM ticket_lifetime = 600 kdc_req_checksum_type = 2 checksum_type = 2 ccache_type = 1 default_tkt_enctypes = des-cbc-crc default_tgs_enctypes = des-cbc-crc [kdc] profile = /krb5/var/krb5kdc/kdc.conf [logging] default = FILE:/var/krb5/kdc.log kdc = FILE:/var/krb5/kdc.log admin_server = FILE:/var/krb5/adm.log [realms] ALEZEO.COM = { kdc = dsldap01.alezeo.com:88 admin_server = dsldap01.alezeo.com:749 default_domain = alezeo.com } [domain_realm] .alezeo.com = ALEZEO.COM alezeo.com = ALEZEO.COM [login] krb4_convert = 0 Here is my kdc.conf ============ [kdcdefaults] kdc_ports = 88 [realms] alezeo.com = { ...

Cannot resolve network address for KDC in requested realm while getting initial credentials
On Red Hat linux 2.4.9 krb5-devel-1.2.2-24 krb5-libs-1.2.2-24 krb5-server-1.2.2-24 krb5-workstation-1.2.2-24 running everything on the local host I can run kinit.just fine: kinit test Password for test@host.COM: I can create a keytab file: kadmin.local: ktadd -k /var/kerberos/krb5kdc/kadm5test test Entry for principal test with kvno 5, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5test. Entry for principal test with kvno 5, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5test. However, I can't kinit using this keytab file: [root@host/var/kerberos/krb5kdc]$ kinit -k kadm5test kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials klist shows: [root@bde-idm3 /var/kerberos/krb5kdc]$ klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: test@BDE-IDM3.US.ORACLE.COM Valid starting Expires Service principal 01/20/05 14:53:59 01/21/05 00:53:59 krbtgt/HOST.COM@HOST.COM Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached A secondary problem is now the password seems to have been changed after creating the keytab, and I can no longer kinit (without the keytab): [root@host /var/kerberos/krb5kdc]$ kinit test Password for test@host.US.ORACLE.COM: kinit(v5): Password incorrect while getting initial credentials For testing purposes I'm using my hostname as my realm name. I&#...

AIX 5.3: kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials
Hi list, kinit (krb5 1.4.2) on an AIX 5.3 gives me # /usr/local/bin/kinit -k -t foobar.keytab foobar/foo.example.net@EXAMPLE.NET kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials From a working Linux krb5 1.4.2 installation I copied /etc/krb5.conf and foobar.keytab to AIX 5.3. The following steps don't defer to the steps I did under Linux. # ./configure --without-krb4 --enable-shared # make && make install Using gcc 3.3.2. I found a patch for krb5 1.4.1 for AIX 5.2 from Ken Raeburn, but as far as I see it is fixed in 1.4.2. My krb5.conf looks like this: [libdefaults] default_realm = EXAMPLE.NET clockskew = 300 [realms] EXAMPLE.NET = { kdc = foo.example.net:88 admin_server = foo.example.net:749 default_domain = example.net kpasswd_server = foo.example.net } [domain_realm] .example.net = EXAMPLE.NET example.net = EXAMPLE.NET [logging] default = SYSLOG:NOTICE:DAEMON kdc = FILE:/var/log/kdc.log kadmind = FILE:/var/log/kadmind.log [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false retain_after_close = false minimum_uid = 0 debug = false } Trying to analyze with tcpdump I s...

Re: AIX 5.3: kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials
Christopher, I had the exact same problem. I was given 2 patches for KRB 1.4.1 and it fixed the problem. I applied the patches to my 1.4.2 source and the problem is resolved there too. Here are the patches: DNSGLUE.C Patch: *** ./src/lib/krb5/os/dnsglue.c.orig Fri Jan 14 17:10:53 2005 --- ./src/lib/krb5/os/dnsglue.c Thu May 5 11:39:52 2005 *************** *** 62,68 **** --- 62,76 ---- char *host, int nclass, int ntype) { #if HAVE_RES_NSEARCH + #ifndef LANL struct __res_state statbuf; + #else /* LANL */ + #ifndef _AIX + struct __res_state statbuf; + #else /* _AIX */ + struct { struct __res_state s; char pad[1024]; } statbuf; + #endif /* AIX */ + #endif /* LANL */ #endif struct krb5int_dns_state *ds; int len, ret; LOCATE_KDC.C Patch: >*** ./src/lib/krb5/os/locate_kdc.c.orig Thu May 5 08:06:45 2005 >--- ./src/lib/krb5/os/locate_kdc.c Thu May 5 11:34:27 2005 >*************** >*** 267,275 **** >--- 267,283 ---- > memset(&hint, 0, sizeof(hint)); > hint.ai_family = family; > hint.ai_socktype = socktype; >+ #ifndef LANL > #ifdef AI_NUMERICSERV > hint.ai_flags = AI_NUMERICSERV; > #endif >+ #else /* LANL */ >+ #ifndef _AIX >+ #ifdef AI_NUMERICSERV >+ hint.ai_flags = AI_NUMERICSERV; >+ #endif >+ #endif /* _AIX */ >+ #endif /* LANL */ > sprintf(portbuf, "%d", ntohs(port)); > sprintf(s...

krb5 1.6 beta 3 on Debian Lenny : kinit(v5): Cannot resolve network address for KDC in realm
I have an issue standing, where I am unable to kinit to get my Krb5 TGT locally on the KDC, but have no problems doing the same on one of my client machines. I don't care too much about this issue for as long as we talk Kerberos credentials on the server itself, however I am really puzzled by this behaviour ... Whenever I execute: kinit <user> I get: kinit(v5): Cannot resolve network address for KDC in realm EXAMPLE.COM while getting initial credentials My /etc/resolv.conf looks like this: domain example.com search example.com nameserver 127.0.0.1 My /etc/hostname looks like this: 127.0.0.1 localhost My /etc/krb5.conf looks like this: [libdefaults] default_realm = EXAMPLE.COM ticket_lifetime = 12h renew_lifetime = 7d dns_fallback = no kdc_timesync = 3 ccache_type = 4 renewable = true forwardable = true forward = true proxiable = true noaddresses = true # The following encryption type specification will be used by MIT Kerberos # if uncommented. In general, the defaults in the MIT Kerberos code are # correct and overriding these specifications only serves to disable new # encryption types as they are added, creating interoperability problems. # default_tgs_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5 # default_tkt_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5 # permitted_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-c...

question about MIT Kerberos KDC processing PROXY KDC requests
Hello, I understand that proxiable/proxy tickets are rarely used and the corresponding code in the MIT Kerberos implementation is not very well tested. However, I found two possibly buggy places in the KDC code, so I think this is worth asking about. I used the MIT Kerberos distribution and was able to make proxiable/ proxy tickets work, but had two make two changes in the KDC source code. I would like to ask if these are really bugs or not. We use the MIT Kerberos 1.6.3 release. Both suspicious places are in kdc/ kdc_util.c, validate_tgs_request(): 1. line 1144: if (request->kdc_options & NO_TGT_OPTION) { if (!krb5_principal_compare(kdc_context, ticket->server, request_server)) { *status = "SERVER DIDN'T MATCH TICKET FOR RENEW/FORWARD/ETC"; return(KDC_ERR_SERVER_NOMATCH); } } NOT_TGT_OPTION is defined as: #define NO_TGT_OPTION (KDC_OPT_FORWARDED | KDC_OPT_PROXY | KDC_OPT_RENEW | KDC_OPT_VALIDATE) The KDC returns an error here if the server principal in the ticket does not match the one in the KDC request. I can see how this check is required for the "forwarded", "renew" and "validate" KDC requests. However, for a proxy ticket request, it seems that: - the ticket must be a TGT with ticket->server = krbtgt/R1@R2, for some R1 and R2 - the KDC request must have a server principal request->server = the target application server's Kerberos principal Should the #define NO_TGT_OPTI...

AD KDC - msktutil
Hi, I have this error (see subject) when using msktutil. Any idea what's wrong with my setup? (I've replaced hostnames and OU structure) /etc/krb5.conf (part) ========== [libdefaults] default_realm = EXAMPLE.ORG dns_lookup_realm = false dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = true [realms] EXAMPLE.ORG = { default_domain = msnet.railb.be kdc = ictdc01.example.org admin_server = ictdc01.example.org admin_keytab = FILE:/etc/krb5.keytab } [domain_realm] .example.org = EXAMPLE.ORG example.org = EXAMPLE.ORG msktutil --create -h tstweb01 -b "OU=Linux Servers" --server ictdc01 -- verbose -- init_password: Wiping the computer password structure -- get_default_keytab: Obtaining the default keytab name: FILE:/etc/ krb5.keytab -- create_fake_krb5_conf: Created a fake krb5.conf file: / tmp/.msktkrb5.conf-fbUui1 -- reload: Reloading Kerberos Context -- get_short_hostname: Determined short hostname: tstweb01 -- finalize_exec: SAM Account Name is: tstweb01$ -- try_machine_keytab_princ: Trying to authenticate for tstweb01$ from local keytab... -- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (No such file or directory) -- try_machine_keytab_princ: Authentication with keytab failed -- try_machine_keytab_princ: Trying to authenticate for host/ tstweb01.example.org from local keytab... -- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Client not found in Kerberos ...

Cannot contact any KDC for the requested realm
Hi, I'm having trouble with the kerberos server again... When I request a tgt or something for the first time it always gives me the "Cannot contact any KDC for the requested realm", but if i make the same request again (after a sec), all is fine. Do you know of anything that can cause this? Thanks. You do not have a REALM entry in your krb5.conf file for the realm you are attempting to contact, so DNS is being used. But the local DNS server does not have the data and must propagate a query. The network has a long propagation delay and therefore the Kerberos client times out before the response arrives. The second time you attempt the tgt request, the local DNS server has the response cached so the response arrives before the timeout period. Noolyg wrote: > Hi, > > I'm having trouble with the kerberos server again... > When I request a tgt or something for the first time it always gives > me the "Cannot contact any KDC for the requested realm", but if i make > the same request again (after a sec), all is fine. > > Do you know of anything that can cause this? > > Thanks. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos Thanks for the answer, I think you are right about the DNS, but i have the REALM entry in the krb5.ini (windows) it looks like that: [libdefaults] default_realm = MYREALM default_tgs_enctyp...

kinit cannot resolve network address
I'm trying to configure a Solaris 8 system to authenticate Samba against Windows 2003 ADS. I've compiled the appropriate packages; however, I'm quickly stuck trying to get my kerberos ticket. Here's the error: sumac:/opt/local/kerberos5/bin# ./kinit admin@DCRI.DUKE.NET kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials Here's the lowdown: Samba client -- sumac.dcri.duke.edu 152.16.48.61 ADS server - vmsodium.dcri.duke.net 10.0.101.65 My /etc/resolv.conf sumac:/opt/local/kerberos5/bin# more /etc/resolv.conf domain dcri.duke.edu nameserver 152.16.48.78 nameserver 152.16.49.44 nameserver 152.16.49.47 Although I rather not modify my /etc/resolv.conf, I've read that this error is due to DNS lookups. I am able to resolve using nslookup. I have tried 1) adding my ADS server's IP to /etc/resolv.conf and a "search dcri.duke.net" line. I've also tried using the IP in the krb5.conf file. I can't get past that error. Here is my /etc/krb5.conf.. [libdefaults] default_realm = dcri.duke.net [realms] dcri.duke.net = { # kdc = vmsodium.dcri.duke.net kdc = 10.0.101.65 } [domain_realms] .kerberos.server = dcri.duke.net Any help would be greatly appreciated. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ...

Help: Cannot contact any KDC for requested realm
Hi, I use mod_auth_kerb in Apache for SSO. Here's auth_kerb.conf contents. LoadModule auth_kerb_module modules/mod_auth_kerb.so <Location /opendcim> SSLRequireSSL AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate On KrbMethodK5Passwd On KrbAuthRealms FOOBAR.COM KrbVerifyKDC On Krb5KeyTab /etc/httpd/HTTP-ibm-x3250m3-2.foobar.com.keytab require valid-user </Location> And here's /etc/krb5.conf: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = FOOBAR.COM dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h forwardable = yes [realms] FOOBAR.COM = { kdc = kerberos.foobar.com:88 admin_server = kerberos.foobar.com:749 } [domain_realm] foobar.com = FOOBAR.COM .foobar.com = FOOBAR.COM [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } foobar.com is a pseudo domain name in my testing env. When the user access the foobar.com/opendcim it will prompt username and passoword window. However, after user's input it will prompt that window again. I checked the log in ssl_error_log I found following details. [Mon Jun 24 12:29:24 2013] [error] [client 192.168.122.6] krb5_get_init_creds_password() failed: Cannot contact any KDC for requested realm...

Network Security Protocol like Kerberos
Hi All, I have a simple question regarding Kerberos. Is there any Network Security Protocol like Kerberos? If yes please give some examples. -- View this message in context: http://www.nabble.com/Network-Security-Protocol-like-Kerberos-tp25462467p25462467.html Sent from the Kerberos - General mailing list archive at Nabble.com. ...

Windows Client resolve Realm KDC over DNS
Hello I read some threads with the same problem but without any solution, so I will try it again. Today we have four completely separated Active Directory with thousands of clients. I implemented a MIT KDC to build a shared resource Realm for SSO. Now I want to deploy that to all client. The client send a TGS to his AD Controller, the DC sends a referral with the resource Realm. At this point the client needs to evaluate what KDC is responsible for the Realm. Easiest way is to configure it on client (ksetup /AddKdc [Realm] [KDC]). If there is no configuration the client try to resolve the KDC over DNS (SVR _kerberos._tcp.dc._msdcs.[domain]). ksetup on each client would take a long time and be a lot of work. I add this DNS settings entry with a pointer to the KDC. The client resolved it successfully and does a CLDAP query —> No Response (or icmp). I read CLDAP query is something like a AD ping, to check if the AD is responsible for the domain and available. Is there a way to switch this setting off (CLDAP Query)? Or could I emulate the required response, for example with Samba? Any Ideas? Regards Andrin Vocat ...

Cannot contact any KDC for requested realm (error 156)
Hi, I am new to Kerberos. I have set up the Kerberos server on a Linux box. The KDC and Kadmin deamons are running. I have also downloaded Kerberos for Windows on another machine running Windows XP and am trying to login to the KDC and get tickets using Leash. But when I try to login I get the following error message Cannot contact any KDC for requested realm (error 156) Can somebody please help me with the problem. Thanks, Dominic ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos Did you configure the %WINDIR%\KRB5.INI to specify the location of the kdc in the realm? Dominic Komareddy wrote: > Hi, > I am new to Kerberos. I have set up the Kerberos server on a Linux box. The KDC and Kadmin deamons are running. I have also downloaded Kerberos for Windows on another machine running Windows XP and am trying to login to the KDC and get tickets using Leash. But when I try to login I get the following error message > Cannot contact any KDC for requested realm (error 156) > > Can somebody please help me with the problem. > > > > Thanks, > > Dominic > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > -- ----------------- This e-mail account is not read on a regular basis. Please send private responses to jaltman at m...

smbclient error: Cannot find KDC for requested realm
Hi there, I'am trying to connect to a Windows-Member-Server in a Win2000 Domain with Samba 3 on Fedora 1.0. Our Win2000 Domain is using MIT-Kerberos. I tried: smbclient //server.testdomain.local/doc$ -k \ --user=testuser@KERBEROS.TESTDOMAIN.LOCAL I'm still getting this message: krb5_get_credentials failed for server$@TESTDOMAIN.LOCAL (Cannot find KDC for requested realm) spnego_gen_negTokenTarg failed: Cannot find KDC for requested realm session setup failed: NT_STATUS_OK Klist told me that I'm having a TGT for Kerberos an a TGT for our Windows-Domain. But I'm missing a CIFS-Ticket. Can somebody help me with that problem? Thanx - Olli ...

How to resolve address by host name in corporate network
I need to develop a linux device, and I want to retrieve its IP address by its host name within a corporate network (may have offices at various geographical locations). Here is my idea: I assume every corporate network shall have name server and DHCP server by default, and the linux device shall act as DHCP client. So I should be able to retrieve its IP address from the local name server. As a backup measure, I may retrieve its IP address by the device's MAC address from DHCP server. I would like to know if it makes sense to you, and if there is even better solution around. Is it possible...

Error: krb5_set_password_using_ccache failed (Cannot contact any KDC for requested realm)
Hi All, I am having a problem getting a fresh Centos 6.2 machine to join our AD domain. I have installed a base machine with minimal server profile in centos. Its running the krb5-workstation that comes with centos krb5-workstation-1.9-22.el6_2.1.x86_64. We are running a windows 2008 r2 AD cluster with windows 7 and windows xp clients. Long term is to get this working for squid authentication. klist: [root@squid-k net]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: asdwyer@OURCOMPANY.EXAMPLE Valid starting Expires Service principal 03/08/12 14:56:01 03/09/12 00:56:03 krbtgt/OURCOMPANY.EXAMPLE@OURCOMPANY.EXAMPLE renew until 03/15/12 14:56:01 Setup krb5.conf with: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = OURCOMPANY.EXAMPLE dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true [realms] OURCOMPANY.EXAMPLE = { kdc = dc-hbt-01.ourcompany.example kdc = dc-hbt-02.ourcompany.example admin_server = dc-hbt-01.ourcompany.example } [domain_realm] .ourcompany.example = OURCOMPANY.EXAMPLE ourcompany.example = OURCOMPANY.EXAMPLE When i run msktutil: [root@squid-k ~]# msktutil -c -b "CN=COMPUTERS" -s HTTP/squid-k.ourcompany.example -k /etc/squid/PROXY.keytab --computer-name SQUIDPROXY-K --upn HTTP/squid-k.ourcompany.example --server dc-hbt-01.ourcompany.examp...

Cannot contact any KDC for requested realm while getting initial credentials
Hi all, I'm having a very strange problem below that I cannot figure out. Any advice would be great to hear. First a block showing the problem, then a block showing that a different machine works perfectly fine (and others I've tested but not showing here for briefness). Basically, the master KDC, rcf-kdc1.foo.com, can't seem to do jack. ============================================================ rcf-kdc1# grep hosts /etc/nsswitch.conf hosts: files dns rcf-kdc1# rcf-kdc1# cat /etc/krb5.conf [libdefaults] default_realm = RCF.FOO.COM forwardable = yes ticket_lifetime = 7d [appdefaults] forwardable = yes [domain_realm] .foo.com = RCF.FOO.COM [realms] RCF.FOO.COM = { kdc = rcf-kdc1.foo.com kdc = rcf-kdc2.foo.com kdc = rcf-kdc3.foo.com admin_server = rcf-kdc1.foo.com } [logging] kdc = FILE:/var/adm/krb5kdc.log admin_server = FILE:/var/adm/kadmin.log default = FILE:/var/adm/krb5lib.log rcf-kdc1# uname -n rcf-kdc1.foo.com rcf-kdc1# nslookup rcf-kdc1.foo.com Server: 1xx.xx.xx.xxx Address: 1xx.xx.xx.xxx#53 Name: rcf-kdc1.foo.com Address: 1xx.xx.xx.yyy rcf-kdc1# kinit -p jblaine kinit(v5): Cannot contact any KDC for realm 'RCF.FOO.COM' while getting initial credentials rcf-kdc1# ps -ef | grep krb5kdc root 6837 1 0 13:21 ? 00:00:00 /var/rcf-kdc1-krb5/sbin/krb5kdc root 14166 2856 0 16:57 pts/0 00:00:00 grep krb5kdc...

kadmin: Cannot contact any KDC for requested realm while initializing kadmin interface
Hi, there, I set up a MIT Kerberos 5 master kdc on a pc in a private domain. I have /etc/hosts mapping hostname of the pc to its ip address and /etc/krb5.conf pointing kdc to the host name, which i believe correctly set. The problem is that, I can do kadmin.local but I just couldn't do kadmin. It always complains: kadmin: Cannot contact any KDC for requested realm while initializing kadmin interface kinit with no parameters reports the similar error: kinit(v5): Cannot contact any KDC for requested realm while getting initial credentials but kinit works if I supply a principal from another realm (that realm and its kdc is also set in /krb5.conf). I am confused that why kinit and kadmin just couldn't work in local realm? Is this a feature or I missed any setting issues? Thank you very much. yizeng ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos I would suspect a simple error in the configuration of your local realm in /etc/krb5.conf, or a DNS issue. Can you post your /etc/krb5.conf ? On 10/26/05, yi zeng <bigwhite@gmail.com> wrote: > Hi, there, > I set up a MIT Kerberos 5 master kdc on a pc in a private domain. I have > /etc/hosts mapping hostname of the pc to its ip address and /etc/krb5.conf > pointing kdc to the host name, which i believe correctly set. > The problem is that, I can do kadmin.local but I just couldn't do kadmin. >...

kinit: Cannot contact any KDC for requested realm while getting initial credentials
Hi, I am having problems with using kinit, with keytab and username/password. When issuing the kinit command I get the following error: kinit: Cannot contact any KDC for requested realm while getting initial credentials There is a firewall between the webservers where I issue the command from and the domain controller. The webservers are able to connect to the domain controller on port 88 over UDP. The webservers are able to resolve themselves and the domain controller, both forward and reverse lookup. Do any of you guys out there have an idea of what is going wrong? Many thanks, Celia ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ...

"Cannot contact any KDC for requested realm" when using ldapsearch
I'm trying to configure Kerberos authentication with OpenLDAP. kinit appears to work fine. However, I get this when using ldapsearch: $ ldapsearch -H ldaps://ldap.endoframe.net -b dc=endoframe,dc=net SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Cannot contact any KDC for requested realm) krb5kdc.log has entries like this in it: Feb 27 00:23:31 rail.endoframe.net krb5kdc[13220](info): AS_REQ (4 etypes {18 17 16 23}) 127.0.0.1: SERVER_NOT_FOUND: braden/admin@ENDOFRAME.NET for kadmin/rail.endoframe.net@ENDOFRAME.NET, Server not found in Kerberos database Feb 27 00:23:31 rail.endoframe.net krb5kdc[13220](info): AS_REQ (4 etypes {18 17 16 23}) 127.0.0.1: ISSUE: authtime 1330320211, etypes {rep=18 tkt=18 ses=18}, braden/admin@ENDOFRAME.NET for kadmin/admin@ENDOFRAME.NET Feb 27 00:25:13 rail.endoframe.net krb5kdc[13220](info): TGS_REQ (4 etypes {18 17 16 23}) 127.0.0.1: ISSUE: authtime 1330319881, etypes {rep=18 tkt=18 ses=18}, braden@ENDOFRAME.NET for krbtgt/ENDOFRAME.NET@ENDOFRAME.NET Feb 27 00:25:13 rail.endoframe.net krb5kdc[13220](info): TGS_REQ (4 etypes {18 17 16 23}) 127.0.0.1: ISSUE: authtime 1330319881, etypes {rep=18 tkt=18 ses=18}, braden@ENDOFRAME.NET for krbtgt/ENDOFRAME.NET@ENDOFRAME.NET Obviously, the first one there looks rather susp...

[rfc-dist] BCP0135, RFC 5135 on IP Multicast Requirements for a Network Address Translator (NAT) and a Network Address Port Translator (NAPT)
A new Request for Comments is now available in online RFC libraries. BCP 135 RFC 5135 Title: IP Multicast Requirements for a Network Address Translator (NAT) and a Network Address Port Translator (NAPT) Author: D. Wing, T. Eckert Status: Best Current Practice Date: February 2008 Mailbox: dwing@cisco.com, eckert@cisco.com Pages: 16 Characters: 36528 Updates: See-Also: BCP0135 I-D Tag: draft-ietf-behave-multicast-12.txt URL: http://www.rfc-editor.org/rfc/rfc5135.txt This document specifies requirements for a for a Network Address Translator (NAT) and a Network Address Port Translator (NAPT) that support Any Source IP Multicast or Source-Specific IP Multicast. An IP multicast-capable NAT device that adheres to the requirements of this document can optimize the operation of IP multicast applications that are generally unaware of IP multicast NAT devices. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. This document is a product of the Behavior Engineering for Hindrance Avoidance Working Group of the IETF. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and sugg...

Kerberos error via mod_auth_kerb: Cannot determine realm for numeric host address
I'm currently using Kerberos authentication via Apache. This works as expected, however now I've had to setup a reverse proxy to the Apache server which is doing the authentication and it is now failling and giving me this error: krb5_sname_to_principal() failed: Cannot determine realm for numeric host address I've seen that this is quite often due to IPs not being reverse- resolvable however I've double checked that this is not the case. Any ideas? ...

MIT Kerberos KDC & W2K Client: Changing expired password issueMIT Kerberos KDC & W2K Client: Changing expired password issue
Hi, I also experienced the same problem as William G.Zereneh (http://mailman.mit.edu/pipermail/kerberos/2004-May/005341.html). I'm able to change the password using ctrl-alt-del, but when the password is expired and windows asks me to change the password, I encountered "Domain MIT.REALM.COM is not available" error. As I sniff the packet, it noticed that it sent a CLDAP query message with filter: (&(DnsDomain = MIT.REALM.COM)(Host = myhostname)(NtVer=\006) which is returned NULL by my _ldap._tcp.dc._msdcs.REALM.MIT.COM How to resolve this problem ? maybe there's a missing entry in my DNS ? Is it mandatory for the MIT Kerberos KDC (I installed it on RedHat Linux) to have an LDAP service to resolve the CLDAP request ? and can LDAP actually entertains CLDAP request since LDAP is using TCP while CLDAP is using UDP ? Can I resolve the CLDAP request using Windows 2000 server instead ? Any ideas will be very appreciated Regards from newbie, lara ===== ------------------------------------------------------------------------------------ La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit - Guy de Maupassant - ------------------------------------------------------------------------------------ __________________________________ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ ____________________________________...

Web resources about - Cannot resolve network address for KDC in requested realm while - comp.protocols.kerberos

Category:Wikipedia requested photographs in Durham County, North Carolina - Wikipedia, the free encyclopedia ...
Category:Wikipedia requested photographs in Durham County, North Carolina - Wikipedia, the free encyclopedia ...

The article requested cannot be found! Please refresh your browser or go back. (CP,20120705,,-1,AR).
postandcourier.com delivers the latest breaking news and information on the latest top stories, weather, business, entertainment, politics, and ...

Somali refugee deported after claims she rejected the abortion she requested
The Somali refugee who says she was raped on Nauru and asked for an urgent abortion in Australia has been returned to the island, with claims ...

Nathan Tinkler says $53,000 in illegal donations was for federal Liberal party as requested by former ...
CONTROVERSIAL mining magnate Nathan Tinkler has &#173;explained his role in $53,000 in &#173;illegal donations to the NSW Liberals by telling ...

Cardinal George Pell says he will give evidence to commission into child sexual abuse if requested
Serial child sex offender and paedophile priest Gerald Ridsdale says he never asked George Pell to support him when he first faced court over ...

Bombardier drops requested injunction against strikers
Bombardier and Unifor officials spent hours in the Thunder Bay courthouse on Wednesday coming to an agreement on picket line protocol as 900 ...

404 - Requested Page Not Found
Canadian news and headlines from around the world. Live breaking news, national news, sports, business, entertainment, health, politics and more ...

404 - Requested Page Not Found
CTV News - Edmonton - Breaking news, local headlines and top stories from Edmonton and Alberta, Canada and around the world. Sports, Weather, ...

Fort Hood shooting suspect had requested leave, army says
Army investigators havereleased a more detailed timeline of last week's fatal shootings at Fort Hood, describing an eight-minute rampage in which ...

B.C. Teachers Strike 2014: Mediation Requested By Union
VANCOUVER - With no sign of a deal on the horizon, British Columbia's unionized teachers called Thursday for mediation in hopes an independent ...

Resources last updated: 3/10/2016 10:26:32 PM