[24145] in Kerberos
kpropd fails on multihomed KDCs set up according to FAQ
daemon@ATHENA.MIT.EDU (Michael Marziani)
Fri Jun 24 16:28:17 2005
Message-ID: <20050624202736.7656.qmail@web33201.mail.mud.yahoo.com>
Date: Fri, 24 Jun 2005 13:27:36 -0700 (PDT)
From: Michael Marziani <mdmarziani@yahoo.com>
To: kerberos@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Errors-To: kerberos-bounces@mit.edu
I have scoured the internet for information on this error and found what should
be the answer in the Kerberos FAQ, only it still isn't working.
I'm running from kdc1:
/usr/krb5/sbin/kdb5_util dump /usr/krb5/lib/krb5kdc/slave_datatrans
then:
/usr/krb5/sbin/kprop -f /usr/krb5/lib/krb5kdc/slave_datatrans kdc2.mydomain.com
The error is:
/usr/krb5/sbin/kprop: Server rejected authentication (during sendauth exchange)
while authenticating to server
/usr/krb5/sbin/kprop: Incorrect net address signalled from server
Error text from server: Incorrect net address
I configured my DNS with the multi-homed hosts in mind as directed by Subject
2.14 of the Kerberos FAQ v2.0, using the "multiple address records per host"
scheme that the author recommends. Output of the 'dig' command on both kdc1
and kdc2 shows all 3 addresses for each host pointing to the same hostname:
;; ANSWER SECTION:
kdc1.mydomain.com. 1D IN A 10.1.1.98
kdc1.mydomain.com. 1D IN A 10.1.1.99
kdc1.mydomain.com. 1D IN A 10.1.1.101
;; ANSWER SECTION:
kdc2.mydomain.com. 1D IN A 10.1.1.102
kdc2.mydomain.com. 1D IN A 10.1.1.103
kdc2.mydomain.com. 1D IN A 10.1.1.104
The reverse lookup records are all there as well and 'dig' confirms each one
matches the above forward lookup entries.
I'm using Solaris 9. I know that I've confined the problem to the multihoming
because if I remove multihoming on kdc1 and re-try the replication, it works
fine. Does anyone know what I might be doing wrong?.
Thanks and best regards,
-Michael
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
