[38496] in Kerberos
Fwd: Installing heimdal-kdc
daemon@ATHENA.MIT.EDU (Lothar Schilling)
Wed Mar 6 09:07:28 2019
To: <kerberos@mit.edu>
From: Lothar Schilling <ls@proasyl.de>
Message-ID: <adacccfb-526d-bed7-8c42-cfff82168f8e@proasyl.de>
Date: Wed, 6 Mar 2019 15:06:30 +0100
MIME-Version: 1.0
In-Reply-To: <1c2f3d56-eb68-5d93-a83c-1cfebb219850@proasyl.de>
Content-Language: de-DE
Content-Type: text/plain; charset="windows-1252"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Thanks, will try tomorrow!
Am 06.03.2019 um 14:47 schrieb Jeffrey Hutzelman:
>
> You need to tell the Kerberos library where to find your kdc. You have
> basically two options:
>
>
> 1) Add the following to /etc/krb5.conf on every client:
>
>
> [realms]
>
> MYDOMAIN.DE = {
>
> kdc = kdc.mydomain.de:88
>
> }
>
>
>
> 2) Publish SRV records in DNS:
>
>
> _kerberos._udp.mydomain.de IN SRV kdc.mydomain.de 88 1 1
>
> _kerberos._tcp.mydomain.de IN SRV kdc.mydomain.de 88 1 1
>
>
>
> I strongly recommend the SRV approach, particularly if you have a lot
> of clients, or expect any that you don't directly control.
>
>
> ------------------------------------------------------------------------
> *From:* Lothar Schilling <ls@proasyl.de>
> *Sent:* Wednesday, March 6, 2019 08:30
> *To:* kerberos@mit.edu
> *Subject:* Installing heimdal-kdc
>
> Hi,
>
> being a newbie to kerberos I am trying to setup heimdal-kdc 7.1.0 on a
> Debian 9.8 VM. Heimdal because we need Kerberos to be compliant with
> Samba 4 acting as an ADDC. So here's what I did:
>
> /apt-get install heimdal-kdc. /It's up and running: ps ax =>
> /usr/lib/heimdal-servers/kdc --config-file=/etc/heimdal-kdc/kdc.conf/
> //systemctl stop heimdal-kdc//
> //
> ///etc/heimdal-kdc/kdc-conf//
> //[libdefaults]//
> // default_realm = MYDOMAIN.DE//
> //[domain_realm]//
> // .MYDOMAIN.DE = MYDOMAIN.DE//
> //[logging]//
> //kdc = FILE:/var/log/heimdal-kdc.log//
> //[kdc]//
> //database = {//
> // dbname = /var/lib/heimdal-kdc/heimdal//
> // kdc = KDC.MYDOMAIN.DE:88//
> // realm = MYDOMAIN.DE//
> // mkey_file = /var/lib/heimdal-kdc/m-key//
> // acl_file = /etc/heimdal-kdc/kadmind.acl//
> // log_file = /var/lib/heimdal-kdc/log//
> //}//
> //
> //systemctl start heimdal-kdc//
> /
> /kadmin -l/ is working, /list */ is giving me this:
> admin
> default
> kadmin/admin
> kadmin/hprop
> kadmin/changepw
> krbtgt/MYDOMAIN.DE
> changepw/kerberos
> WELLKNOWN/ANONYMOUS
> WELLKNOWN/org.h5l.fast-cookie@WELLKNOWN:ORG.H5L
>
> But /kadmin/ (not-local) is not: kadm5_init_with_password: No KDC found
> for realm MYDOMAIN.DE.
>
> I thought it might be DNS-related, so I made sure nsswitch.conf fits the
> bill, added the server's name to /etc/hosts. I even set up bind9 on that
> very machine:
> KDC.MYDOMAIN.DE. 43200 IN A 192.168.27.3
> Also made sure Kerberos is listening on port 88. I even tried localhost
> and IP address instead of KDC.MYDOMAIN.DE in kdc.conf - didn't help
> either.
>
> I've been trying now for 2 days, it's driving me nuts. Would anybody
> please enlighten me what kind of mistake I make?
>
> Thank you
>
> Lothar Schilling
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
