[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: KDC not found even after connection was made


Well, after more testing I can tell the following:

- kinit causes no writes to logs on the master server side, only the
client complains it cannot find the KDC
- if kadmind is not running on the master, ktutil complains that
"ktutil: failed to contact master.b.c.d" but no messages in the master
logs"
- if kadmind is running on the master, ktutil complains that "ktutil:
kadm5_create_principal(host/slavename): unable to reach any KDC in realm
B.C.D". On the server, there is after this just one message in the
krb5libs.log: "2003-10-14T16:43:37 connection from IPv4:slavename.b.c.d"
- all of the aboves works fine when issuing directly on the machine where
master server of heimdal is running
- manual connect from slave to master kerberos ports and typing random
characters to the socket gives hints to logfiles on the master, so network
is working:
"
2003-10-13T13:35:45 TCP data of strange type from IPv4:slavename.b.c.d
2003-10-13T13:35:49 TCP-connection from IPv4:slavename.b.c.d expired after 5 bytes
"

My /etc/krb5.conf follows. There is probably much vaste, but I hope
nothing what could cause my problems. The client apparently knows the
hostname of the master server and connects to it, but is then somehow
rejected.

[logging]
default = FILE:/var/heimdal/krb5libs.log
kdc = FILE:/var/heimdal/krb5kdc.log
admin_server = FILE:/var/heimdal/kadmind.log

[ktutil]
        dns_lookup_realm = false
        dns_lookup_kdc = false
        kdc = master.b.c.d

[libdefaults]
        default_realm = B.C.D
        dns_lookup_realm = false
        dns_lookup_kdc = false
        ktype_is_etype = true
        encrypt = yes
        forward = yes
        srv_lookup = no
        srv_try_txt = no
        srv_try_rfc2052 = no
        clockskew = 300
        kdc = master.b.c.d
        v4_instance_resolve = true
        krb4_get_tickets = false
        forwardable = true
        v4_name_convert = {
                host = {
                        rcmd = host
                        ftp = ftp
                }
                plain = {
                        something = something-else
                }
        }

[realms]
        B.C.D = {
                kdc = master.b.c.d
                admin_server = master.b.c.d
                krb525_server = master.b.c.d
                v4_name_convert = {
                        ftp = ftp
                        pop = pop
                        rcmd = host
                }
                v4_instance_convert = {
                        master = master.b.c.d
                        slavename = slavename.b.c.d
                        test = slavename.b.c.d
                }
                default-domain = b.c.d
        }
[domain_realm]
        .b.c.d = B.C.D
        b.c.d = B.C.D

[kadmin]
kdc = master.b.c.d
dns_lookup_realm = false
dns_lookup_kdc = false
default_keys = v5 des3:pw-salt des:pw-salt v4
supported_enctypes = des-cbc-crc:normal des-cbc-crc:v4

[kdc]
        enable-kerberos4 = false


Thanks,
David


> I suppose this is in the kadmind logfile? Is there anything of
> interest in the kdc log? Can you kinit on the slave?
>
> /Johan
>