[30891] in Kerberos
Help with trying to setup a KDC Slave
daemon@ATHENA.MIT.EDU (Matthew.GARRETT@external.total.com)
Thu Mar 19 15:38:48 2009
X-Barracuda-Envelope-From: Matthew.GARRETT@external.total.com
To: kerberos@mit.edu
MIME-Version: 1.0
Message-ID: <OF0DD75CC8.00B0AA56-ON8025757E.005A11A8-8025757E.005C07CC@total.com>
From: Matthew.GARRETT@external.total.com
Date: Thu, 19 Mar 2009 16:45:13 +0000
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Folks
I am struggling a bit to set up a KDC Slave and was hoping some one might
be able to point out my mistakes.
KDC Master = starsky.uk.ad.ep.corp.local
KDC Slave = hutch.uk.ad.ep.corp.local
On the KDC Master I have done the following
kadmin
addprinc -randkey host/starsky.uk.ad.ep.corp.local
addprinc -randkey host/hutch.uk.ad.ep.corp.local
ktadd host/hutch.uk.ad.ep.corp.local
ktadd host/starsky.uk.ad.ep.corp.local
Then copied via scp the file /etc/krb5.keytab to the KDC Slave hutch
Created on both KDC Master and Slave
/var/kerberos/krb5kdc/kpropd.acl
host/starsky.uk.ad.ep.corp.local@UK.AD.EP.CORP.LOCAL
host/hutch.uk.ad.ep.corp.local@UK.AD.EP.CORP.LOCAL
Setup xinetd for krb5_prop etc etc
The Dump on the KDC Master works fine.
kdb5_util dump /var/kerberos/krb5kdc/slavedump
However when I try and do the kprop I get the following
kprop -f /var/kerberos/krb5kdc/slavedump hutch.uk.ad.ep.corp.local
kprop: Server not found in Kerberos database while getting initial ticket
DNS both forward and reverse work fine for the Slave KDC
ktutil looks correct to me.
ktutil: rkt /etc/krb5.keytab
ktutil: l
slot KVNO Principal
---- ----
---------------------------------------------------------------------
1 3 host/hutch.uk.ad.ep.corp.local@UK.AD.EP.CORP.LOCAL
2 3 host/hutch.uk.ad.ep.corp.local@UK.AD.EP.CORP.LOCAL
3 3 host/hutch.uk.ad.ep.corp.local@UK.AD.EP.CORP.LOCAL
4 3 host/hutch.uk.ad.ep.corp.local@UK.AD.EP.CORP.LOCAL
5 6 host/starsky.uk.ad.ep.corp.local@UK.AD.EP.CORP.LOCAL
6 6 host/starsky.uk.ad.ep.corp.local@UK.AD.EP.CORP.LOCAL
7 6 host/starsky.uk.ad.ep.corp.local@UK.AD.EP.CORP.LOCAL
8 6 host/starsky.uk.ad.ep.corp.local@UK.AD.EP.CORP.LOCAL
NTP is setup on both Master and Slave and is working fine.
Clients can happily connect to the Master , I just can not get the dump to
work.
Thanks in advance.
Matthew
Matthew Garrett
Senior IS Technical Analyst
Tel: 01224 297889
Fax: 01224 296806
Email: Matthew.Garrett@total.com
Total E&P UK, Crawpeel Road, Altens Industrial Estate, Aberdeen AB12 3FG
Registered in England and Wales No.811900 Registered Office 33 Cavendish Square, London W1G 0PWThis e-mail and any attachments are intended only for the person or entityto whom it is addressed and may contain confidential or privilegedinformation. If you are not the addressee, any disclosure, reproduction,copying, distribution, or use of this communication is strictly prohibited.If you are not the intended recipient or person responsible for deliveringthis message to the named addressee, please notify us immediately and deletethis e-mail.It is the responsibility of the addressee to scan this email and anyattachments for computer viruses or other defects. The sender does notaccept liability for any loss or damage of any nature, however caused,which may result directly or indirectly from this email or any file attached.________________________________________________Kerberos mailing list Kerberos@mit.eduhttps://mailman.mit.edu/mailman/listinfo/kerberos
