Hi!

I have set up a kerberos server srv.example.com. This server has
address 192.168.180.30. Address resolution works fine on the server
and client:

srv.example.com:
# host srv
srv.example.com has address 192.168.180.30
# host 192.168.180.30
30.180.168.192.in-addr.arpa domain name pointer srv.example.com.
# host client
client.example.com has address 192.168.180.6
# host 192.168.180.6
6.180.168.192.in-addr.arpa domain name pointer client.example.com
#

client.example.com:
# host srv
srv.example.com has address 192.168.180.30
# host 192.168.180.30
30.180.168.192.in-addr.arpa domain name pointer srv.example.com.
# host client
client.example.com has address 192.168.180.6
# host 192.168.180.6
6.180.168.192.in-addr.arpa domain name pointer client.example.com
#

Now from the server:
# kinit user
kinit: Cannot contact any KDC for realm 'EXAMPLE.COM' while getting
initial credentials

and from the client:
# kinit user
kinit: Cannot contact any KDC for realm 'EXAMPLE.COM' while getting
initial credentials

I am a bit lost what's going on here. In /etc/krb5.conf I have:
[libdefaults]
        default_realm = EXAMPLE.COM
        dns_lookup_kdc = true
        dns_lookup_realm = true

# The following krb5.conf variables are only for MIT Kerberos.
        krb4_config = /etc/krb.conf
        krb4_realms = /etc/krb.realms
        kdc_timesync = 1
        ccache_type = 4
        forwardable = true
        proxiable = true

[realms]
        EXAMPLE.COM = {
                kdc = srv.example.com
                admin_server = srv.example.com
                default_domain = example.com
        }

[domain_realm]
        .example.com = EXAMPLE.COM
        example.com = EXAMPLE.COM

[login]
        krb4_convert = true
        krb4_get_tickets = false

[logging]
        default = FILE:/var/log/kerberos/krb5lib.log

The dns-server returns for srv-queries:
# host -t srv _kerberos._tcp.example.com
_kerberos._tcp.example.com has SRV record 0 5 88 srv.example.com.

I'm a bit lost now. Turning dns_lookup_kdc on/off doesn't help.
kinit just keeps telling me It could not contact any kdc for this
realm (EXAMPLE.COM).

Any ideas?

-- 
Thomas

On Tue, Jan 25, 2011 at 05:54:16PM +0100, Thomas Schweikle wrote:
> kinit just keeps telling me It could not contact any kdc for this
> realm (EXAMPLE.COM).
> 
> Any ideas?

Is your KDC running? Is your KDC firewalled off?

Try running tcpdump udp port 88 on both client and server, then kinit.

Regards,

Brian.

Am 25.01.2011 23:06, schrieb Brian Candler:
> On Tue, Jan 25, 2011 at 05:54:16PM +0100, Thomas Schweikle wrote:
>> kinit just keeps telling me It could not contact any kdc for this
>> realm (EXAMPLE.COM).
>> 
>> Any ideas?
> 
> Is your KDC running? Is your KDC firewalled off?
> 
> Try running tcpdump udp port 88 on both client and server, then kinit.

kdc was running, no firewall settings, tcpdump on port 88 on client
and server gave communication between both.

At last I decided to reboot the server. After that it worked again :(

Looks a loot like Ubuntu is more and more some sort of Windows ;)


-- 
Thomas

How can I know if the KDC is running and if the KDC firewalled is off ?



--
View this message in context: http://kerberos.996246.n3.nabble.com/kinit-Cannot-contact-any-KDC-for-realm-EXAMPLE-COM-while-getting-initial-credentials-tp19145p37678.html
Sent from the Kerberos - General mailing list archive at Nabble.com.

It's nothing about the firewalled. I tried the samba 2:3.5.6 and samba
2:3.6.6-2.
All kinds of small tips should notice. Good luck to all.



--
View this message in context: http://kerberos.996246.n3.nabble.com/kinit-Cannot-contact-any-KDC-for-realm-EXAMPLE-COM-while-getting-initial-credentials-tp19145p37771.html
Sent from the Kerberos - General mailing list archive at Nabble.com.