Hi! I have set up a kerberos server srv.example.com. This server has address 192.168.180.30. Address resolution works fine on the server and client: srv.example.com: # host srv srv.example.com has address 192.168.180.30 # host 192.168.180.30 30.180.168.192.in-addr.arpa domain name pointer srv.example.com. # host client client.example.com has address 192.168.180.6 # host 192.168.180.6 6.180.168.192.in-addr.arpa domain name pointer client.example.com # client.example.com: # host srv srv.example.com has address 192.168.180.30 # host 192.168.180.30 30.180.168.192.in-addr.arpa domain name pointer srv.example.com. # host client client.example.com has address 192.168.180.6 # host 192.168.180.6 6.180.168.192.in-addr.arpa domain name pointer client.example.com # Now from the server: # kinit user kinit: Cannot contact any KDC for realm 'EXAMPLE.COM' while getting initial credentials and from the client: # kinit user kinit: Cannot contact any KDC for realm 'EXAMPLE.COM' while getting initial credentials I am a bit lost what's going on here. In /etc/krb5.conf I have: [libdefaults] default_realm = EXAMPLE.COM dns_lookup_kdc = true dns_lookup_realm = true # The following krb5.conf variables are only for MIT Kerberos. krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true [realms] EXAMPLE.COM = { kdc = srv.example.com admin_server = srv.example.com default_domain = example.com } [domain_realm] .example.com = EXAMPLE.COM example.com = EXAMPLE.COM [login] krb4_convert = true krb4_get_tickets = false [logging] default = FILE:/var/log/kerberos/krb5lib.log The dns-server returns for srv-queries: # host -t srv _kerberos._tcp.example.com _kerberos._tcp.example.com has SRV record 0 5 88 srv.example.com. I'm a bit lost now. Turning dns_lookup_kdc on/off doesn't help. kinit just keeps telling me It could not contact any kdc for this realm (EXAMPLE.COM). Any ideas? -- Thomas
On Tue, Jan 25, 2011 at 05:54:16PM +0100, Thomas Schweikle wrote: > kinit just keeps telling me It could not contact any kdc for this > realm (EXAMPLE.COM). > > Any ideas? Is your KDC running? Is your KDC firewalled off? Try running tcpdump udp port 88 on both client and server, then kinit. Regards, Brian.
Am 25.01.2011 23:06, schrieb Brian Candler: > On Tue, Jan 25, 2011 at 05:54:16PM +0100, Thomas Schweikle wrote: >> kinit just keeps telling me It could not contact any kdc for this >> realm (EXAMPLE.COM). >> >> Any ideas? > > Is your KDC running? Is your KDC firewalled off? > > Try running tcpdump udp port 88 on both client and server, then kinit. kdc was running, no firewall settings, tcpdump on port 88 on client and server gave communication between both. At last I decided to reboot the server. After that it worked again :( Looks a loot like Ubuntu is more and more some sort of Windows ;) -- Thomas
How can I know if the KDC is running and if the KDC firewalled is off ? -- View this message in context: http://kerberos.996246.n3.nabble.com/kinit-Cannot-contact-any-KDC-for-realm-EXAMPLE-COM-while-getting-initial-credentials-tp19145p37678.html Sent from the Kerberos - General mailing list archive at Nabble.com.
![]() |
0 |
![]() |
It's nothing about the firewalled. I tried the samba 2:3.5.6 and samba 2:3.6.6-2. All kinds of small tips should notice. Good luck to all. -- View this message in context: http://kerberos.996246.n3.nabble.com/kinit-Cannot-contact-any-KDC-for-realm-EXAMPLE-COM-while-getting-initial-credentials-tp19145p37771.html Sent from the Kerberos - General mailing list archive at Nabble.com.
![]() |
0 |
![]() |