[30903] in Kerberos

home help back first fref pref prev next nref lref last post

Re: Help with trying to setup a KDC Slave

daemon@ATHENA.MIT.EDU (Matthew.GARRETT@external.total.com)
Fri Mar 20 13:52:02 2009

In-Reply-To: <3ED72BA0-5F04-4355-8658-4C29F9381FE3@mit.edu>
To: kerberos@mit.edu
MIME-Version: 1.0
Message-ID: <OFC86D976B.110DB4C3-ON8025757F.0032F109-8025757F.003804A3@total.com>
From: Matthew.GARRETT@external.total.com
Date: Fri, 20 Mar 2009 10:11:04 +0000
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit

Ken

Thanks for pointing out my stupidly
DNS was the problem.

The file /etc/nsswitch.conf had NIS then DNS
So doing a gethostbyaddr returned the short name which was in NIS but not 
the FQDN from DNS
So change /etc/nsswitch.conf file to have DNS first.


kprop -d -f slavedump hutch.uk.ad.ep.corp.local
8515 bytes sent.
Database propagation to hutch.uk.ad.ep.corp.local: SUCCEEDED

Matt

 


Ken Raeburn <rXXXXX@MIT.EDU> wrote on 19/03/2009 19:52:23:

> On Mar 19, 2009, at 12:45, Matthew.GARRETT@XXXXX.XXX.com wrote:
> > DNS both forward and reverse work fine for the Slave KDC
> 
> By "work fine", do you mean that when you look up 
> hutch.uk.ad.ep.corp.local you get an address (or more than one), and 
> when you look up that address, you get back the name 
> hutch.uk.ad.ep.corp.local?  Or do you just mean you get a name back? 
> In the default configuration of the MIT code, the name you get back 
> from looking up the address is generally the name that'll be used in 
> constructing a principal name.
> 
> Does your config file or DNS data indicate that 
> hutch.uk.ad.ep.corp.local is in UK.AD.EP.CORP.LOCAL?
> 
> Check the log file on the KDC.  It should indicate some kprop/* 
> principal being looked up if the host name is coming out wrong, or 
> possibly some krbtgt/* principal if it's coming up with the wrong 
> realm name.
> 
> Ken

Registered in England and Wales No.811900          Registered Office 33 Cavendish Square, London W1G 0PWThis e-mail and any attachments are intended only for the person or entityto whom it is addressed and may contain confidential or privilegedinformation.  If you are not the addressee, any disclosure, reproduction,copying, distribution, or use of this communication is strictly prohibited.If you are not the intended recipient or person responsible for deliveringthis message to the named addressee, please notify us immediately and deletethis e-mail.It is the responsibility of the addressee to scan this email and anyattachments for computer viruses or other defects.  The sender does notaccept liability for any loss or damage of any nature, however caused,which may result directly or indirectly from this email or any file attached.________________________________________________Kerberos mailing list           Kerberos@mit.eduhttps://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post