[30215] in Kerberos
Cannot contact any KDC for requested realm while getting initial
daemon@ATHENA.MIT.EDU (Jeff Blaine)
Tue Aug 12 17:08:18 2008
Message-ID: <48A1FB6C.9000302@kickflop.net>
Date: Tue, 12 Aug 2008 17:06:52 -0400
From: Jeff Blaine <jblaine@kickflop.net>
MIME-Version: 1.0
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi all, I'm having a very strange problem below that I
cannot figure out. Any advice would be great to hear.
First a block showing the problem, then a block showing
that a different machine works perfectly fine (and others
I've tested but not showing here for briefness).
Basically, the master KDC, rcf-kdc1.foo.com, can't seem
to do jack.
============================================================
rcf-kdc1# grep hosts /etc/nsswitch.conf
hosts: files dns
rcf-kdc1#
rcf-kdc1# cat /etc/krb5.conf
[libdefaults]
default_realm = RCF.FOO.COM
forwardable = yes
ticket_lifetime = 7d
[appdefaults]
forwardable = yes
[domain_realm]
.foo.com = RCF.FOO.COM
[realms]
RCF.FOO.COM = {
kdc = rcf-kdc1.foo.com
kdc = rcf-kdc2.foo.com
kdc = rcf-kdc3.foo.com
admin_server = rcf-kdc1.foo.com
}
[logging]
kdc = FILE:/var/adm/krb5kdc.log
admin_server = FILE:/var/adm/kadmin.log
default = FILE:/var/adm/krb5lib.log
rcf-kdc1# uname -n
rcf-kdc1.foo.com
rcf-kdc1# nslookup rcf-kdc1.foo.com
Server: 1xx.xx.xx.xxx
Address: 1xx.xx.xx.xxx#53
Name: rcf-kdc1.foo.com
Address: 1xx.xx.xx.yyy
rcf-kdc1# kinit -p jblaine
kinit(v5): Cannot contact any KDC for realm 'RCF.FOO.COM' while getting
initial credentials
rcf-kdc1# ps -ef | grep krb5kdc
root 6837 1 0 13:21 ? 00:00:00
/var/rcf-kdc1-krb5/sbin/krb5kdc
root 14166 2856 0 16:57 pts/0 00:00:00 grep krb5kdc
rcf-kdc1# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
rcf-kdc1#
============================================================
~:cairo> cat /etc/krb5.conf
[libdefaults]
default_realm = RCF.FOO.COM
forwardable = yes
ticket_lifetime = 7d
[appdefaults]
forwardable = yes
[domain_realm]
.foo.com = RCF.FOO.COM
[realms]
RCF.FOO.COM = {
kdc = rcf-kdc1.foo.com
kdc = rcf-kdc2.foo.com
kdc = rcf-kdc3.foo.com
admin_server = rcf-kdc1.foo.com
}
[logging]
kdc = FILE:/var/adm/krb5kdc.log
admin_server = FILE:/var/adm/kadmin.log
default = FILE:/var/adm/krb5lib.log
~:cairo> kinit -p jblaine
Password for jblaine@RCF.FOO.COM:
~:cairo>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
