f



kadmin: Cannot contact any KDC for requested realm while initializing kadmin interface

Hi, there,
 I set up a MIT Kerberos 5 master kdc on a pc in a private domain. I have
/etc/hosts mapping hostname of the pc to its ip address and /etc/krb5.conf
pointing kdc to the host name, which i believe correctly set.
 The problem is that, I can do kadmin.local but I just couldn't do kadmin.
It always complains:
kadmin: Cannot contact any KDC for requested realm while initializing kadmin
interface
 kinit with no parameters reports the similar error:
kinit(v5): Cannot contact any KDC for requested realm while getting initial
credentials
 but kinit works if I supply a principal from another realm (that realm and
its kdc is also set in /krb5.conf).
 I am confused that why kinit and kadmin just couldn't work in local realm?
Is this a feature or I missed any setting issues?
 Thank you very much.
 yizeng
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

0
bigwhite (2)
10/26/2005 5:17:59 AM
comp.protocols.kerberos 5541 articles. 1 followers. jwinius (31) is leader. Post Follow

4 Replies
4465 Views

Similar Articles

[PageSpeed] 4

I would suspect a simple error in the configuration of your local
realm in /etc/krb5.conf, or a DNS issue.

Can you post your /etc/krb5.conf ?

On 10/26/05, yi zeng <bigwhite@gmail.com> wrote:
> Hi, there,
>  I set up a MIT Kerberos 5 master kdc on a pc in a private domain. I have
> /etc/hosts mapping hostname of the pc to its ip address and /etc/krb5.conf
> pointing kdc to the host name, which i believe correctly set.
>  The problem is that, I can do kadmin.local but I just couldn't do kadmin.
> It always complains:
> kadmin: Cannot contact any KDC for requested realm while initializing kadmin
> interface
>  kinit with no parameters reports the similar error:
> kinit(v5): Cannot contact any KDC for requested realm while getting initial
> credentials
>  but kinit works if I supply a principal from another realm (that realm and
> its kdc is also set in /krb5.conf).
>  I am confused that why kinit and kadmin just couldn't work in local realm?
> Is this a feature or I missed any setting issues?
>  Thank you very much.
>  yizeng

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

0
kwc1 (74)
10/26/2005 2:07:32 PM
Thank you, Kevin.

After I did a few google search, i got the solution.
Loopback address is not able to do kdc resolution, a mapping from
*REAL* ip address to the full qualified hostname is required to get
kadmin and kinit work. Please see below:

======================old /etc/hosts ===========================
127.0.0.1      mykdc.krb.com localhost.localdomain   localhost mykdc

======================new /etc/hosts ===========================
10.195.3.99    mykdc.krb.com
127.0.0.1      localhost.localdomain   localhost  mykdc

Thanks,

yizeng

Kevin Coffman wrote:
> I would suspect a simple error in the configuration of your local
> realm in /etc/krb5.conf, or a DNS issue.
>
> Can you post your /etc/krb5.conf ?
>
> On 10/26/05, yi zeng <bigwhite@gmail.com> wrote:
> > Hi, there,
> >  I set up a MIT Kerberos 5 master kdc on a pc in a private domain. I have
> > /etc/hosts mapping hostname of the pc to its ip address and /etc/krb5.conf
> > pointing kdc to the host name, which i believe correctly set.
> >  The problem is that, I can do kadmin.local but I just couldn't do kadmin.
> > It always complains:
> > kadmin: Cannot contact any KDC for requested realm while initializing kadmin
> > interface
> >  kinit with no parameters reports the similar error:
> > kinit(v5): Cannot contact any KDC for requested realm while getting initial
> > credentials
> >  but kinit works if I supply a principal from another realm (that realm and
> > its kdc is also set in /krb5.conf).
> >  I am confused that why kinit and kadmin just couldn't work in local realm?
> > Is this a feature or I missed any setting issues?
> >  Thank you very much.
> >  yizeng
>
> ________________________________________________
> Kerberos mailing list           Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos

0
bigwhite (2)
10/26/2005 4:55:07 PM
When kinit is run, it will find KDC for TGT .
Cannot contact any KDC for requested means that it can not find the KDC, 
probably the DNS can resolve the KDC host name. 
Solution is also very simple, in your krb.conf,  type your kdc's ip instead of the
KDC 's host name.  hope this would help :)


----- Original Message ----- 
From: "Kevin Coffman" <kwc@citi.umich.edu>
To: "yi zeng" <bigwhite@gmail.com>
Cc: <kerberos@mit.edu>
Sent: Wednesday, October 26, 2005 10:07 PM
Subject: Re: kadmin: Cannot contact any KDC for requested realm while initializing kadmin interface


> I would suspect a simple error in the configuration of your local
> realm in /etc/krb5.conf, or a DNS issue.
> 
> Can you post your /etc/krb5.conf ?
> 
> On 10/26/05, yi zeng <bigwhite@gmail.com> wrote:
> > Hi, there,
> >  I set up a MIT Kerberos 5 master kdc on a pc in a private domain. I have
> > /etc/hosts mapping hostname of the pc to its ip address and /etc/krb5.conf
> > pointing kdc to the host name, which i believe correctly set.
> >  The problem is that, I can do kadmin.local but I just couldn't do kadmin.
> > It always complains:
> > kadmin: Cannot contact any KDC for requested realm while initializing kadmin
> > interface
> >  kinit with no parameters reports the similar error:
> > kinit(v5): Cannot contact any KDC for requested realm while getting initial
> > credentials
> >  but kinit works if I supply a principal from another realm (that realm and
> > its kdc is also set in /krb5.conf).
> >  I am confused that why kinit and kadmin just couldn't work in local realm?
> > Is this a feature or I missed any setting issues?
> >  Thank you very much.
> >  yizeng
> 
> ________________________________________________
> Kerberos mailing list           Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

0
openssl
11/9/2005 6:35:19 AM
Including the following entry in the libdefaults section of krb5.conf
     dns_lookup_kdc = false
will probably work.
and if you don't want dns for the realm either, then add the following 
entry as well:
     dns_lookup_realm = false

See /krb5/man/man5/krb5.conf.5 for details.

david.turing wrote:
> [safeTgram (optim1) receive status: NOT encrypted, NOT signed.]
>
>
> When kinit is run, it will find KDC for TGT .
> Cannot contact any KDC for requested means that it can not find the KDC, 
> probably the DNS can resolve the KDC host name. 
> Solution is also very simple, in your krb.conf,  type your kdc's ip instead of the
> KDC 's host name.  hope this would help :)
>
>
> ----- Original Message ----- 
> From: "Kevin Coffman" <kwc@citi.umich.edu>
> To: "yi zeng" <bigwhite@gmail.com>
> Cc: <kerberos@mit.edu>
> Sent: Wednesday, October 26, 2005 10:07 PM
> Subject: Re: kadmin: Cannot contact any KDC for requested realm while initializing kadmin interface
>
>
>   
>> I would suspect a simple error in the configuration of your local
>> realm in /etc/krb5.conf, or a DNS issue.
>>
>> Can you post your /etc/krb5.conf ?
>>
>> On 10/26/05, yi zeng <bigwhite@gmail.com> wrote:
>>     
>>> Hi, there,
>>>  I set up a MIT Kerberos 5 master kdc on a pc in a private domain. I have
>>> /etc/hosts mapping hostname of the pc to its ip address and /etc/krb5.conf
>>> pointing kdc to the host name, which i believe correctly set.
>>>  The problem is that, I can do kadmin.local but I just couldn't do kadmin.
>>> It always complains:
>>> kadmin: Cannot contact any KDC for requested realm while initializing kadmin
>>> interface
>>>  kinit with no parameters reports the similar error:
>>> kinit(v5): Cannot contact any KDC for requested realm while getting initial
>>> credentials
>>>  but kinit works if I supply a principal from another realm (that realm and
>>> its kdc is also set in /krb5.conf).
>>>  I am confused that why kinit and kadmin just couldn't work in local realm?
>>> Is this a feature or I missed any setting issues?
>>>  Thank you very much.
>>>  yizeng
>>>       
>> ________________________________________________
>> Kerberos mailing list           Kerberos@mit.edu
>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>
>>     
>
> ________________________________________________
> Kerberos mailing list           Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
>
>   

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

0
jeremyh (30)
11/9/2005 10:35:58 PM
Reply:

Similar Artilces:

Kadmin error: "kadmin: GSS-API (or Kerberos) error while initializing kadmin interface"
Hi There, I'm setting up a test kerberos/afs realm and I'm having a problem with kadmin. kadmin and kadmin.local run fine from the kdc, but kadmin gives the folloowing error when run from another machine: kadmin: GSS-API (or Kerberos) error while initializing kadmin interface The krbadm log shows no output, but kadmin.log on the kdc shows the following: Oct 11 23:15:02 kdc1 kadmind[3821](Notice): Request: kadm5_init, coeadmin/admin@MYREALM.COM, success, client=coeadmin/admin@MYREALM.COM, service=kadmin/admin@MYREALM.COM, addr=x.x.x.191, flavor=300001 I can kinit and everything else...

kadmin: GSS-API (or Kerberos) error while initializing kadmin interface
Hi We have run into problems running kadmin from one host. Error is kadmin: GSS-API (or Kerberos) error while initializing kadmin interface krb version 1.4 linux kernel version 2.4.21 Another host on the same subnet can connect (as well as lots of hosts from different subnets) and we see the reply from port 749 on the kadmind server at the interface of the host with the GSS-API error. Any ideas. Cheers Matt ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ...

Re: kadmin: GSS-API (or Kerberos) error while initializing kadmin interface
Hi there, That problem may be fixed by "sync"ing the time of the server and client machines, before running kadmin. cheers, Nima D. Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail at http://mrd.mail.yahoo.com/try_beta?.intl=ca ...

kadmin: GSS-API (or Kerberos) error while initializing kadmin interface #2
Hi, Can somebody tell me why I can't use kadmin remotely? I can start kadmin on the kdc server by using "kadmin -O". But when I tried to use /usr/kerberos/sbin/kadmin from a client machine to visit the kerberos database, the error as the email title occured. [root@gcnode029 sbin]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: admin/admin@test.com Valid starting Expires Service principal 07/20/06 17:54:02 07/21/06 17:54:00 krbtgt/test.com@test.com Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached [root@gcnode029 sbin]# kadm...

Re: kadmin: GSS-API (or Kerberos) error while initializing kadmin interface #2
Hi there, That problem may be fixed by "sync"ing the time of the server and client machines, before running kadmin. cheers, Nima D. Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail at http://mrd.mail.yahoo.com/try_beta?.intl=ca ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ...

Help needed. Cannot run kadmin. Error msg: kadmin: Communication failure with server while initializing kadmin interface
Dear all, Hi there. I quite new in Kerberos. Wish to set up a simple single sign-on systems. Currently using RH9.0 kerberos rpm packages to setup the KDC. Using /etc/hosts to resolve the name. Need help as I'm stuck when trying to run kadmin. Tried googled for some suggestions but was rather confused on different sets of instruction given by different websites. Below are the configuration file and error messages: 1. /etc/krb5.conf [libdefaults] ticket_lifetime = 24000 default_realm = EXAMPLE.COM dns_lookup_realm = false dns_lookup_kdc = false [realms] EXAMPLE.COM = { kdc = al...

Cannot contact any KDC for requested realm while getting initial credentials
Hi all, I'm having a very strange problem below that I cannot figure out. Any advice would be great to hear. First a block showing the problem, then a block showing that a different machine works perfectly fine (and others I've tested but not showing here for briefness). Basically, the master KDC, rcf-kdc1.foo.com, can't seem to do jack. ============================================================ rcf-kdc1# grep hosts /etc/nsswitch.conf hosts: files dns rcf-kdc1# rcf-kdc1# cat /etc/krb5.conf [libdefaults] default_realm = RCF.FOO.COM forwardable = yes ticket...

GSS-API (or Kerberos) error while initializing kadmin interface
I am seeing the below error while connecting to KDC from remote client. Did any one experience this error and resolve ? [root@blr11~]# kadmin Authenticating as principal root/admin@IPS.COM with password. Password for root/admin@IPS.COM: kadmin: GSS-API (or Kerberos) error while initializing kadmin interface [root@blr11~]# On Tuesday, 17 December 2013 10:35:19 UTC, Suresh Tirumalasetti wrote: > I am seeing the below error while connecting to KDC from remote client. > > > > Did any one experience this error and resolve ? > > > > [root@blr1...

Client not found in Kerberos database while initializing kadmin interface
I get this from typing 'kadmin' on the commandline of the KDC server itself. I have my own account on there which I can log into from gkadmin. Regards, Jason. -------------------------- Jason Oakley +612 82821434 Open and Intel Systems Systems Administrator http://www.eds.com Add a dab of lavender to milk Leave town with an orange and pretend you are laughing at it ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ...

kinit: Cannot contact any KDC for requested realm while getting initial credentials
Hi, I am having problems with using kinit, with keytab and username/password. When issuing the kinit command I get the following error: kinit: Cannot contact any KDC for requested realm while getting initial credentials There is a firewall between the webservers where I issue the command from and the domain controller. The webservers are able to connect to the domain controller on port 88 over UDP. The webservers are able to resolve themselves and the domain controller, both forward and reverse lookup. Do any of you guys out there have an idea of what is going wrong? Many thanks, Celia _...

Kadmin: Incorrect Password while initilizing kadmin interface
hi, I am trying to configure kerberos version krb5-1.6 on a linux system with Federo core 4 with root login in a network. I could able to create master database with the command kdb5_util create -r EXAMPLE.COM -s aaded the principal to the database with the command kadmin.local kadmin.local: addprinc root/admin@EXAMPLE.COM .. .. .. principal root/admin@EXAMPLE.COM created. created the kadmin keytab. when i am trying to run the master database with the commands i am facing some problems. %shell> krb5kdc the log file will have the error message like Apr 10 21:49:28 localhost krb5kdc[...

AD KDC - msktutil
Hi, I have this error (see subject) when using msktutil. Any idea what's wrong with my setup? (I've replaced hostnames and OU structure) /etc/krb5.conf (part) ========== [libdefaults] default_realm = EXAMPLE.ORG dns_lookup_realm = false dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = true [realms] EXAMPLE.ORG = { default_domain = msnet.railb.be kdc = ictdc01.example.org admin_server = ictdc01.example.org admin_keytab = FILE:/etc/krb5.keytab } [domain_realm] .example.org = EXAMPLE.ORG example.org = EXAMPLE.ORG msktutil --create -h ts...

Cannot contact any KDC for the requested realm
Hi, I'm having trouble with the kerberos server again... When I request a tgt or something for the first time it always gives me the "Cannot contact any KDC for the requested realm", but if i make the same request again (after a sec), all is fine. Do you know of anything that can cause this? Thanks. You do not have a REALM entry in your krb5.conf file for the realm you are attempting to contact, so DNS is being used. But the local DNS server does not have the data and must propagate a query. The network has a long propagation delay and therefore the Kerberos client times o...

Kerberos+LDAP: kadmin.local and kadmin show different principals
Hi, I'm trying to configure an Ubuntu system with MIT Kerberos (v1.8.1), with LDAP as the storage back-end (Sun OpenDS v2.2.1). I see a very odd behavior, where my host entries only show up when I list principals using 'kadmin.local', but not when I use 'kadmin'. From what I read, the two should behave identically if kadmin.local uses the same principal to connect. Here's what I see from the two tools. Notice the "host/..." principal in the kadmin.local case. root@hydrogen:/etc/krb5kdc# kadmin -p nick/admin Authenticating as principal nick/admin with pas...

Web resources about - kadmin: Cannot contact any KDC for requested realm while initializing kadmin interface - comp.protocols.kerberos

Initializing Derived Polymorphic Objects
Each class in a hierarchy of polymorphic objects should have a function that initializes its vptr properly.

Anybody else stuck on "Initializing..." : titanfall
Been stuck on this for the past 5 minutes. Anybody else have this issue?

Success in initializing and reading nuclear spins brings quantum computer a step closer
A quantum computer is controlled by the laws of quantum physics; it promises to perform complicated calculations, or search large amounts of ...

Operating system - Wikipedia, the free encyclopedia
An operating system ( OS ) is a set of software that manages computer hardware resources and provides common services for computer programs . ...

Algorithm - Wikipedia, the free encyclopedia
Flow chart of an algorithm ( Euclid's algorithm ) for calculating the greatest common divisor (g.c.d.) of two numbers a and b in locations named ...

Future world: Today, the Internet - tomorrow, the Internet of Things?
Embedded in the heel of his shoe was an early example of the Internet of Things but Andrew Duncan didn't know it at the time.

How to handle class constructors that fail
Recently I was asked what the most appropriate way would be to handle errors within class constructors that fail. Well, my answer to this is ...

Dammit! - The Squid Zone
... dust from my gaming computer (read: the expensive one), I managed to burn out the motherboard somehow. Lovely. Now it hangs on boot at “initializing ...

Using event capturing to improve Basecamp page load times
... the JavaScript page load event led to a surprising revelation. On pages with many to-dos, an overwhelming majority of the time was spent initializing ...

Software Architecture - GOF
GoF Patterns In software engineering, a design pattern is a general reusable solution to a commonly occurring problem in software design. A ...

Resources last updated: 2/4/2016 2:08:45 PM