f



Client not found in Kerberos database while initializing kadmin interface

I get this from typing 'kadmin' on the commandline of the KDC server itself.
I have my own account on there which I can log into from gkadmin.

Regards,

Jason.

--------------------------
Jason Oakley +612 82821434
   Open and Intel Systems
   Systems Administrator
    http://www.eds.com

  Add a dab of lavender to milk
    Leave town with an orange
and pretend you are laughing at it 


________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

0
joakley (3)
1/13/2004 5:54:47 AM
comp.protocols.kerberos 5541 articles. 1 followers. jwinius (31) is leader. Post Follow

0 Replies
3392 Views

Similar Articles

[PageSpeed] 43

Reply:

Similar Artilces:

Kadmin error: "kadmin: GSS-API (or Kerberos) error while initializing kadmin interface"
Hi There, I'm setting up a test kerberos/afs realm and I'm having a problem with kadmin. kadmin and kadmin.local run fine from the kdc, but kadmin gives the folloowing error when run from another machine: kadmin: GSS-API (or Kerberos) error while initializing kadmin interface The krbadm log shows no output, but kadmin.log on the kdc shows the following: Oct 11 23:15:02 kdc1 kadmind[3821](Notice): Request: kadm5_init, coeadmin/admin@MYREALM.COM, success, client=coeadmin/admin@MYREALM.COM, service=kadmin/admin@MYREALM.COM, addr=x.x.x.191, flavor=300001 I can kinit and everything else from the client, I just can't run kadmin. both client and server are RHEL4 with MIT krb5-1.5.1. compiled from source. I get the same error using RedHat's kadmin and the source-compiled one. kdc1 is the server and as1 is the client # on kdc kadmin: listprincs K/M@MYREALM.COM coeadmin/admin@MYREALM.COM host/as1.myrealm.com@MYREALM.COM host/kdc1.myrealm.com@MYREALM.COM kadmin/admin@MYREALM.COM kadmin/kdc1.myrealm.com@MYREALM.COM kadmin/changepw@MYREALM.COM kadmin/history@MYREALM.COM krbtgt/MYREALM.COM@MYREALM.COM I had fixed a previous error about not having kadmin/kdc.myrealm.com in the DB by adding the service principal. Now I have no errors in any of the logs, just an error on the console when I run kadmin What am I missing? Jason Edgecombe Solaris & Linux Administrator Mosaic Computing Group, College of Engineering UNC-Charlotte Phone: (704) 687-3514 ______________...

kadmin: GSS-API (or Kerberos) error while initializing kadmin interface
Hi We have run into problems running kadmin from one host. Error is kadmin: GSS-API (or Kerberos) error while initializing kadmin interface krb version 1.4 linux kernel version 2.4.21 Another host on the same subnet can connect (as well as lots of hosts from different subnets) and we see the reply from port 749 on the kadmind server at the interface of the host with the GSS-API error. Any ideas. Cheers Matt ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ...

Re: kadmin: GSS-API (or Kerberos) error while initializing kadmin interface
Hi there, That problem may be fixed by "sync"ing the time of the server and client machines, before running kadmin. cheers, Nima D. Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail at http://mrd.mail.yahoo.com/try_beta?.intl=ca ...

kadmin: GSS-API (or Kerberos) error while initializing kadmin interface #2
Hi, Can somebody tell me why I can't use kadmin remotely? I can start kadmin on the kdc server by using "kadmin -O". But when I tried to use /usr/kerberos/sbin/kadmin from a client machine to visit the kerberos database, the error as the email title occured. [root@gcnode029 sbin]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: admin/admin@test.com Valid starting Expires Service principal 07/20/06 17:54:02 07/21/06 17:54:00 krbtgt/test.com@test.com Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached [root@gcnode029 sbin]# kadmin admin/admin Authenticating as principal <mailto:admin/admin@test.com> admin/admin@test.com with password. Password for <mailto:admin/admin@test.com> admin/admin@test.com: kadmin: GSS-API (or Kerberos) error while initializing kadmin interface Thank you for any help! -- LiZhong ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ...

Client not found in Kerberos database while...
Hi My overall project is to get a Debian Sarge mail/samba-server to connect with a Windows server 2003, but i'm having problem with the kerberos/LPAD connection. I started uot with this guide: http://www.enterprisenetworkingplanet.com/netos/article.php/3487081 And i got all the components (Have_KRB5_H and etc.), but no connection.. If i test the conn with: kinit administrator@DOM.NET kinit(v5): Client not found in Kerberos database while getting initial credentials And if i test with: kinit administrator@dom.net kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials So in general I'm having trouble defining what is what and what to install. When typing my "Kerberos server" in the conf i put in the windows-server, but should that be the linuxserver? And have much should i install on the linuxserver to make it into a "kerberos server". I already got these. libpam-krb5 krb5-user krb5-doc krb5-config krb5-kdc libkrb53 ----- krb5.conf ----------- [libdefaults] default_realm = DOM.NET [realms] DOM.NET = { kdc = WINDOWSSERVER.DOM.NET } [domain_realms] .kerberos.server = DOM.NET Hope anyone can guide me through this... /Lars ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ...

Client not found in Kerberos database
I get this from typing 'kadmin' on the commandline of the KDC server itself. I have my own account on there which I can log into from gkadmin. Client not found in Kerberos database while initializing kadmin interface Regards, Jason. -------------------------- Jason Oakley +612 82821434 Open and Intel Systems Systems Administrator http://www.eds.com Add a dab of lavender to milk Leave town with an orange and pretend you are laughing at it ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos What did you try ? I think this is a RTFM question. On Wed, 2004-01-14 at 05:20, Jason Oakley wrote: > I get this from typing 'kadmin' on the commandline of the KDC server itself. > I have my own account on there which I can log into from gkadmin. > > > Client not found in Kerberos database while initializing kadmin interface > > > > Regards, > > Jason. > > -------------------------- > Jason Oakley +612 82821434 > Open and Intel Systems > Systems Administrator > http://www.eds.com > > Add a dab of lavender to milk > Leave town with an orange > and pretend you are laughing at it > > > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > -- ...

Re: kadmin: GSS-API (or Kerberos) error while initializing kadmin interface #2
Hi there, That problem may be fixed by "sync"ing the time of the server and client machines, before running kadmin. cheers, Nima D. Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail at http://mrd.mail.yahoo.com/try_beta?.intl=ca ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ...

Client not found in Kerberos database #3
Hi, I have an Intel xseve 10.4.9 server bound to AD and also have OD configured on the same server for Mac management. Other services running are AFP and WINDOWS. I will also be using the same server as a file server for both Mac and Windows. Below are my issues. When the WINDOWS service starts on our Intel Xserve with 10.4.9 installed I receive the below error message. I have tested single sign on "SSO" from Mac and Windows systems and everything seems to work, but am concerned that this error may cause an issue at a later date. I also have an issue with windows users suddenly not being able to connect to a share on the Intel Xserve via SMB which is strange as the same user on a Mac could still connect via AFP or SMB a restart of the WINDOWS service seems to clear this problem, not sure if this is related to the below error but it's a real issue and seems to be very random. When this happen I seem to receive "broken pipe" errors in the "smbd.conf" log. I checked the "secrets.tdb" and found that this did not have the "\00" on the end of the "SECRETS/MACHINE_PASSWORD/", so I ran the script at "afp548" site under forum "10.4.8 Intel - AD, Samba kerberos machine password" which added the "\00". The strange thing is that all seemed to still work even thought the "secrets.tdb" was not correct, perhaps this could be the cause of the SMB dropouts? Below is from the SMBD.LOG...

Client not found in Kerberos database #2
Hi, I have an Intel xseve 10.4.9 server bound to AD and also have OD configured on the same server for Mac management. Other services running are AFP and WINDOWS. I will also be using the same server as a file server for both Mac and Windows. Below are my issues. When the WINDOWS service starts on our Intel Xserve with 10.4.9 installed I receive the below error message. I have tested single sign on "SSO" from Mac and Windows systems and everything seems to work, but am concerned that this error may cause an issue at a later date. I also have an issue with windows users suddenly not being able to connect to a share on the Intel Xserve via SMB which is strange as the same user on a Mac could still connect via AFP or SMB a restart of the WINDOWS service seems to clear this problem, not sure if this is related to the below error but it's a real issue and seems to be very random. When this happen I seem to receive "broken pipe" errors in the "smbd.conf" log. I checked the "secrets.tdb" and found that this did not have the "\00" on the end of the "SECRETS/MACHINE_PASSWORD/", so I ran the script at "afp548" site under forum "10.4.8 Intel - AD, Samba kerberos machine password" which added the "\00". The strange thing is that all seemed to still work even thought the "secrets.tdb" was not correct, perhaps this could be the cause of the SMB dropouts? Below is from the SMBD.LOG...

Client not found in Kerberos database #4
Hi folks, My site uses Debian squeeze for both workstations and servers with MIT Kerberos 1.8.3 for authentication. Although there are generally no complaints, from time to time users say that the workstations do not accept their passwords on the first attempt, even when they anticipate the issue and made a conscious effort to not make any mistakes. Upon examination of the KDC logs, I find some evidence to support their claims. The most obvious is this error: CLIENT_NOT_FOUND: jsmith@EXAMPLE.COM for krbtgt/EXAMPLE.COM@EXAMPLE.COM, Client not found in Kerberos database In most cases the login name is not not spelled correctly, or there is nothing like it in the database at all, but in others there is nothing wrong. Yet, this error occurs anyway. Does anyone have an explanation for this phenomenon? Thanks, Jaap ...

GSS-API (or Kerberos) error while initializing kadmin interface
I am seeing the below error while connecting to KDC from remote client. Did any one experience this error and resolve ? [root@blr11~]# kadmin Authenticating as principal root/admin@IPS.COM with password. Password for root/admin@IPS.COM: kadmin: GSS-API (or Kerberos) error while initializing kadmin interface [root@blr11~]# On Tuesday, 17 December 2013 10:35:19 UTC, Suresh Tirumalasetti wrote: > I am seeing the below error while connecting to KDC from remote client. > > > > Did any one experience this error and resolve ? > > > > [root@blr11~]# kadmin > > Authenticating as principal root/admin@IPS.COM with password. > > Password for root/admin@IPS.COM: > > kadmin: GSS-API (or Kerberos) error while initializing kadmin interface > > [root@blr11~]# the following correctly identified the issue for me http://research.imb.uq.edu.au/~l.rathbone/ldap/kerberos.shtml .... out of sync clocks. ...

kprop and "Client not found in Kerberos database"
Hi there, I have 2 realms, the second for Jabber users. I can kprop the default realm fine, but get # kdb5_util -r JABBER.DOMAIN.NET -d /usr/local/var/krb5kdc/jabber -sf /usr/local/var/krb5kdc/.k5.JABBER.DOMAIN.NET dump DUMP.FILE # kprop -r JABBER.DOMAIN.NET -f DUMP.FILE -s /etc/krb5.jabber.keytab -d kerberos-ha.domain.net kprop: Client not found in Kerberos database while getting initial ticket when trying to kprop the jabber realm. A tcpdump shows no traffic to the secondary, so this looks like a local issue on the primary. In the Jabber realm, I have these host principals (in addition to others): host/kerberos-ha.domain.net@JABBER.DOMAIN.NET host/kerberos.domain.net@JABBER.DOMAIN.NET I used ``ktadd'' to extract ``host/kerberos.domain.net@JABBER.DOMAIN.NET'' to /etc/krb5.jabber.keytab, and I get the same error with and without the -s flag. Can anyone shed some light? Using the same steps for the default realm works fine. Below is my /etc/krb5.conf -- Thanks Darek [libdefaults] default_realm = DOMAIN.NET [realms] DOMAIN.NET = { kdc = kerberos.domain.net kdc = kerberos-ha.domain.net } JABBER.DOMAIN.NET = { kdc = kerberos.domain.net kdc = kerberos-ha.domain.net } [domain_realm] .domain.net = DOMAIN.NET jabber.domain.net = JABBER.DOMAIN.NET [password_quality] min_length =...

MIT Kerberos KDC & W2K Client: Changing expired password issueMIT Kerberos KDC & W2K Client: Changing expired password issue
Hi, I also experienced the same problem as William G.Zereneh (http://mailman.mit.edu/pipermail/kerberos/2004-May/005341.html). I'm able to change the password using ctrl-alt-del, but when the password is expired and windows asks me to change the password, I encountered "Domain MIT.REALM.COM is not available" error. As I sniff the packet, it noticed that it sent a CLDAP query message with filter: (&(DnsDomain = MIT.REALM.COM)(Host = myhostname)(NtVer=\006) which is returned NULL by my _ldap._tcp.dc._msdcs.REALM.MIT.COM How to resolve this problem ? maybe there's a missing entry in my DNS ? Is it mandatory for the MIT Kerberos KDC (I installed it on RedHat Linux) to have an LDAP service to resolve the CLDAP request ? and can LDAP actually entertains CLDAP request since LDAP is using TCP while CLDAP is using UDP ? Can I resolve the CLDAP request using Windows 2000 server instead ? Any ideas will be very appreciated Regards from newbie, lara ===== ------------------------------------------------------------------------------------ La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit - Guy de Maupassant - ------------------------------------------------------------------------------------ __________________________________ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ ____________________________________...

Help on Unix kerberos client->win2k3 kerberos KDC
Hello, I am a newbie to kerberos authentication, and what I am trying to do is to use a Unix ldap client authenticate to the win2k3 server, and add a user to it. The way I tried to do is by following MIT's tutorial and sample code under www.mit.edu/afs/athena/astaff/project/ ldap/AD99/kerberossamp.txt. and I configured the Unix machine based on Microsoft tutorial http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp =========> I can successfully import a tgt from win2k3 KDC server by running kinit, here is the result: $ kdestroy $ kinitPassword for mwang@SYSTEST.abc.COM: $ klist Ticket cache: FILE:/tmp/krb5cc_1023 Default principal: mwang@SYSTEST.abc.COM Valid starting Expires Service principal 10/31/03 17:53:08 11/01/03 03:50:48 krbtgt/SYSTEST.abc.COM@SYSTEST.abc.COM renew until 11/01/03 17:53:08 Kerberos 4 ticket cache: /tmp/tkt1023 klist: You have no tickets cached ===========> Then I tried to run adduser program, I made a little change to the code to set some default values. Here is the result: (New user account is: nweuser) LDAP service name: ldap@bloomber-vy45cz.systest.abc.com ==> client_establish_context Sending init_sec_context token (size=1254)... 60 82 04 e2 06 09 2a 86 48 86 f7 12 01 02 02 01 00 6e 82 04 d1 30 82 04 cd a0 03 02 01 05 a1 03 02 01 0e a2 07 03 05 00 20 00 00 00 a3 82 04 05 61 82 04 01 30 82 03 fd a0 03 02 01 05 a1 17 1b 15 53 59 53 54 45 53 54 2e 42 4c 4f 4f 4d 42 45 52...

Server not found in Kerberos database #3
This is a multi-part message in MIME format. --------------010801060200000807020407 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit hello list, we want to use kerberos for authentication and to secure connections for telnet sessions. so i installed kerberos v5 for the debian system via apt-get and did the configuration. attached are the configs for this system. kinit works for a user, but the start of a telnet session is refused with the message "Authentication failed". i used the command "kinit stefan" and "telnet.krb5 -a -F vxr-r.imos.net." "vxr-r.imos.net" is the cisco router i want to connect to. when i look into the logs i see the following messages: Nov 11 09:49:28 alpha krb5kdc[8745](info): AS_REQ (1 etypes {1}) 192.168.3.3(16417): NEEDED_PREAUTH: stefan@IMOS.NET for krbtgt/IMOS.NET@IMOS.NET, Additional pre-authentication required Nov 11 09:49:30 alpha krb5kdc[8745](info): AS_REQ (1 etypes {1}) 192.168.3.3(16417): ISSUE: authtime 1100162970, etypes {rep=1 tkt=16 ses=1}, stefan@IMOS.NET for krbtgt/IMOS.NET@IMOS.NET Nov 11 09:49:33 alpha krb5kdc[8745](info): TGS_REQ (1 etypes {1}) 192.168.3.3(16417): UNKNOWN_SERVER: authtime 1100162970, stefan@IMOS.NET for host/vxr-r.imos.net@IMOS.NET, Server not found in Kerberos database Nov 11 09:49:33 alpha krb5kdc[8745](info): TGS_REQ (1 etypes {1}) 192.168.3.3(16417): UNKNOWN_SERVER: authtime 1100162970, stefan@IMOS.NET for host/vxr...

Error: Server not found in Kerberos database
Hello, I want to enable someone the access to my account by using the .k5login file. I did all necessary things and immediatly started off by trying: shell% ksu toka Nevertheless I wasn't able to get toka's ID but /home/toka contains the ..k5login file with my principal. Furthermore there's the following error message: ksu: Server not found in Kerberos database while geting credentials from kdc Authentication failed. ^ typo in krb5 I looked for solutions on google and discovered the url http://www.ncsa.uiuc.edu/UserInfo/Resources/Software/kerberos/ troubleshooting.html#misc_2 which describes the issue. My /etc/hosts file is fully qualified (including its entries) and the hostnames are correctly mapped to the IPs and vice versa. So where could the source of failure be located? Thanks in advance - Marcel Karras ------------------------------------------------------------------------ Contact: toka@freebits.de karma@informatik.tu-chemnitz.de http://www.freebits.de http://www.tu-chemnitz.de Unix, Linux && OpenSource Student of Chemnitz University of Technology ------------------------------------------------------------------------ ...

UNKNOWN_SERVER
As always with things like this, it's hard to determine whether to send this here or to openafs-info. Can anyone tell me what is going on here? This is what krb5kdc logged when I logged into 129.83.11.213. -- sshd + UsePAM -- pam_krb5.so (RHELv4) -- pam_afs_session.so (PAM session module which uses aklog to get tokens from a K5 ticket). Apr 18 16:46:07 silmaril.foo.com krb5kdc[26891](info): TGS_REQ (1 etypes {3}) 129.83.11.213: UNKNOWN_SERVER: authtime 1176929167, jblaine@rcf.foo.com for afs/rcf.foo.com@rcf.foo.com, Server not found in Kerberos database Apr 18 16:46:07 silmaril.foo.com krb5kdc[26891](info): TGS_REQ (1 etypes {1}) 129.83.11.213: UNKNOWN_SERVER: authtime 1176929167, jblaine@rcf.foo.com for afs/rcf.foo.com@rcf.foo.com, Server not found in Kerberos database Apr 18 16:46:07 silmaril.foo.com krb5kdc[26891](info): TGS_REQ (1 etypes {1}) 129.83.11.213: ISSUE: authtime 1176929167, etypes {rep=16 tkt=1 ses=1}, jblaine@rcf.foo.com for afs@rcf.foo.com ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos Jeff Blaine <jblaine@kickflop.net> writes: > Can anyone tell me what is going on here? This is what > krb5kdc logged when I logged into 129.83.11.213. > -- sshd + UsePAM > -- pam_krb5.so (RHELv4) > -- pam_afs_session.so (PAM session module which uses aklog to > get tokens from a K5 ticket). > Apr 18 16:46:07 silmaril.foo.com kr...

Server not found in Kerberos Database #4
Hi all, When do we get the error as "Server not found in Kerberos Database"? I have a KDC on Win2003 and a client which is a Linux (redhat) is trying to authenticate the users from this Active directory, which is on the win 2003 machine. I observed that in case we specify the wrong user name (which does not exist on the AD server) at the time of kinit command on Linux machine we get the error as "Client not found in Kerberos database". What is this server which is not found when I am trying to join the redhat client machine to the AD server? Thanks in advance for all the help Regards, Sayali --------------------------------- All new Yahoo! Mail "The new Interface is stunning in its simplicity and ease of use." - PC Magazine ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos > Hi all, > When do we get the error as "Server not found in Kerberos Database"? > I have a KDC on Win2003 and a client which is a Linux (redhat) is trying to authenticate the users from this Active directory, which is on the win 2003 machine. > I observed that in case we specify the wrong user name (which does not exist on the AD server) at the time of kinit command on Linux machine we get the error as "Client not found in Kerberos database". > What is this server which is not found when I am trying to j...

Server not found in Kerberos database #2
Hi, I'm a Java developer and new to Kerberos. We have a Java application that needs to be authenticated against Kerberos Active Directory. For testing purpose, we have Active Directory installed on a Win 2k server. Then, the Kerberos was turned on by a co-worker, who doesn't know much about Kerberos either. Without any manual about Active Directory, he did that based on his best judgement. Here are the basic setting information: (01) The Win2k server has FQDN: devtest.mycompany.com. (02) C:\WINNT\krb5.ini file looks like: [libdefaults] default_realm = DEVTEST.COM [realms] DEVTEST.COM = { kdc = <IP address of the Win2k server> } (03) The AD is listening on port 389 (default for LDAP server), and KDC listens on port 88. When a user logs in with Java code, apparently the user can log in successfully and get ticket from Kerberos AD. However, whenever the code tries to instantiate InitialDirContext (an Object in Java that would capture the environment context), an error would be thrown claiming that "Server not found in Kerberos database". I can't find problem in the Java code and suspect the error may be related with our Kerberos setting. I wonder what exactly the error message means in Kerberos arena. How can I verify that the Kerberos is correctly set? Also, you may notice that the Kerberos realm (DEVTEST.COM) is not the same as the machine's FQDN (devtest.mycompany.com). I wonder if that makes any difference. Our code-...

krb5kdc:Unable to access Kerberos database while initializing
Hello, group: I have installed kerberos v1.6.3 on my freebsd, and taken openldap with back_bdb as the back database. After I finished the krb5.conf and kdc.conf,I began to start krb5kdc, but I got an error, and the message was "krb5kdc:Unable to access Kerberos database". I have checked the configuration and openldap several times, and it seems that the openldap worked normally, but unfoturnately, krb5kdc still can't work, and I get the same error message. I can not find the way to deal with the issue till right now. my krb.conf: [libdefaults] default_realm = EXAMPLE.COM default_keytab_name = /etc/krb5.keytab default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc dns_lookup_kdc = true [realms] EXAMPLE.COM = { admin_server = kerberos.example.com:749 default_domain = example.com kdc = kerberos.example.com:88 database_module = ldapconf } [domain_realm] .example.com = EXAMPLE.COM example.com = EXAMPLE.COM [logging] kdc = FILE:/var/log/kdc.log admin_server = FILE:/var/log/kadmin.log default = FILE:/var/log/kerberos.log [dbdefaults] ldap_kerberos_container_dn = cn=kerberos,dc=example,dc=com database_module = ldapconf [dbmodules] db_module_dir = /usr/local/lib/krb5/plugins/kdb ldapconf = { db_library = kldap l...

Server not found in Kerberos database error on ldapsearch
Good afternoon! I have the following problem: I need to connect securely to a AD and search it via ldapsearch. When I try to do so the "Server not found in Kerberos database" error appears. I'm not quite sure, why. I have extracted a keytab of the AD and kinit seems to work fine for the same user as I want to use with ldapsearch. The hosts-files are set up correctly (a ping on DNS-names looks fine). There is nothing that indicates an error in the AD-logs (only successful logons). Could anyone give me a hint, why I get this reaction? -- View this message in context: http://www.nabble.com/Server-not-found-in-Kerberos-database-error-on-ldapsearch-tf4777894.html#a13667697 Sent from the Kerberos - General mailing list archive at Nabble.com. ...

AD Server returning server not found kerberos database
Hi all, I am using MIT Kerberos to mutually authenticate with other user (Kerberos Server: AD Server), It is working fine with my newly installed active directory .But when I try to work with my Company AD Server to get service ticket for particular user I am getting "Server not found in Kerberos Database", But that user is there in AD . any option can change to get it work . I want to to know which option in ad makes mutual authentication between user and user makes fail. Do I need to use setspn to add service principle?? Please help me Regards, Eswar S **************************************************************************** *********** This e-mail and attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient's) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it! ...

Newbie: "Server not found in Kerberos database"
I am still in 'toy installation mode'. I have set up a KDC on a Linux machine, call it kervara.mygroup.org I have successfully set things up to the point that I can kinit from various clients. I have also set up OpenSSH 3.9p1 to use GSSAPI authentication. When I am logged into kervara, and have a valid TGT from this realm, I can successfully ssh into kervara.mygroup.org without a password; the keytab contains entries for the host/kervara.mygroup.org principal. This is the way things are supposed to work. Life is good. The problem comes when I attempt to do the same thing with the same version of OpenSSH built with the same options on a Solaris machine. In that case, the server logs a "Server not found in Kerberos database" message and gives up. I have looked at all the obvious candidates (wrong DNS entry, disagreement as to host name in /etc/hosts and DNS, etc) and come up empty. Unfortunately, the log messages do not tell me _what_ principal it was trying to find in krb5.keytab (I assume that this is where the mismatch or missing entry is). Is there a way to squeeze more diagnostic information? Or does this sound like a familiar problem? In article <d17eap$ejf$1@panix5.panix.com>, urban@panix.com (Michael Urban) wrote: .... > The problem comes when I attempt to do the same thing with the same > version of OpenSSH built with the same options on a Solaris machine. > In that case, the server logs a "Server not found in Kerberos ...

RE: Server not found in Kerberos database error on ldapsearch
> You should not need these. Ok. > Some things to try: > > Wireshare or other trace program to see DNS and Kerberos requests. > This should show name of the "Server not found in Kerberos database" I captured the request dialog with wireshark and got this (the things I think are important): MSG Type: KRB-ERROR Error_code: KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN (7) Realm: EXAMPLE.COM Server Name (Unknown): krbtgt/COM Name-type: Unknown (0) Name: krbtgt Name: COM I guess that indicates an error in my krbtgt setup. But where should I search for it and what does the right setup look like? > On the unix side, do you have a /etc/krb5.conf or /etc/krb5.conf? > Is the default realm (in uppercase) the same as the AD domain name? > if not, you may need a krb5.conf, or the -R option on ldapsearch. Yes, I do have a krb5.conf on the unix side. Here it is: [libdefaults] default_realm=EXAMPLE.COM dns_lookup_realm = false dns_lookup_kdc = false # default_tkt_enctypes = des-cbc-md5 des-cbc-crc # default_tgs_enctypes = des-cbc-md5 des-cbc-crc kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true # v4_instance_resolve = false # v4_name_convert = { [realms] EXAMPLE.COM = { kdc = 192.168.10.4:88 admin_server = 192.168.10.4:749 } [domain_realm] .example.com = EXAMPLE.COM As you can see, it is a setup for some tests... ----------------- ...

Web resources about - Client not found in Kerberos database while initializing kadmin interface - comp.protocols.kerberos

Initializing Derived Polymorphic Objects
Each class in a hierarchy of polymorphic objects should have a function that initializes its vptr properly.

Anybody else stuck on "Initializing..." : titanfall
Been stuck on this for the past 5 minutes. Anybody else have this issue?

Success in initializing and reading nuclear spins brings quantum computer a step closer
A quantum computer is controlled by the laws of quantum physics; it promises to perform complicated calculations, or search large amounts of ...

Operating system - Wikipedia, the free encyclopedia
An operating system ( OS ) is a set of software that manages computer hardware resources and provides common services for computer programs . ...

Algorithm - Wikipedia, the free encyclopedia
Flow chart of an algorithm ( Euclid's algorithm ) for calculating the greatest common divisor (g.c.d.) of two numbers a and b in locations named ...

Future world: Today, the Internet - tomorrow, the Internet of Things?
Embedded in the heel of his shoe was an early example of the Internet of Things but Andrew Duncan didn't know it at the time.

How to handle class constructors that fail
Recently I was asked what the most appropriate way would be to handle errors within class constructors that fail. Well, my answer to this is ...

Dammit! - The Squid Zone
... dust from my gaming computer (read: the expensive one), I managed to burn out the motherboard somehow. Lovely. Now it hangs on boot at “initializing ...

Using event capturing to improve Basecamp page load times
... the JavaScript page load event led to a surprising revelation. On pages with many to-dos, an overwhelming majority of the time was spent initializing ...

Software Architecture - GOF
GoF Patterns In software engineering, a design pattern is a general reusable solution to a commonly occurring problem in software design. A ...

Resources last updated: 3/10/2016 3:13:50 PM