[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cannot contact any KDC for requested realm

To: shashi <shashi.boddula@oracle.com>
Subject: Re: Cannot contact any KDC for requested realm
From: Love Hörnquist Åstrand <lha@kth.se>
Date: Wed, 13 Dec 2006 21:17:51 +0100
Cc: Donald Norwood <dnorwood@portalias.net>, Markus Moeller <huaraz@moeller.plus.com>, heimdal-discuss@sics.se
In-Reply-To: <45803A20.6020704@oracle.com>
References: <457E6326.2000701@oracle.com> <elnced$8n9$1@sea.gmane.org> <45803265.3040006@portalias.net> <45803A20.6020704@oracle.com>
Sender: owner-heimdal-discuss@sics.se

check with lsof if kadmind binds to the ports you expect it too.

strace kadmin to figure out whom it tries to talk to.

Love



13 dec 2006 kl. 18.36 skrev shashi:

> SuSE:~ # ps -ef | grep -i heimdal
> root      8758     1  0 13:12 pts/0    00:00:00 /usr/lib/heimdal/ 
> sbin/kdc
> root      8760     1  0 13:12 pts/0    00:00:00 /usr/lib/heimdal/ 
> sbin/kadmind
> root      8762     1  0 13:12 pts/0    00:00:00 /usr/lib/heimdal/ 
> sbin/kpasswdd
> root     16491  8510  0 23:05 pts/0    00:00:00 grep -i heimdal
> SuSE:~ #
>
>
> Donald Norwood wrote:
>>
>> My first thought was also a  dns issue, is the kadmind process  
>> running?
>> The only way I can duplicate this error on my end is to kill my  
>> kadmind
>> process which gives me a similar error.
>>
>> -Donald
>>
>>
>> Markus Moeller wrote:
>>> I think your problem is a missing config line under domain_realm.
>>> kadmin will try to get a principal for suse.idc.oracle.com, but you
>>> don't define to which realm oracle.com belongs
>>>
>>> Add .oracle.com = SUSE.DE to
>>>
>>> [domain_realm]
>>>         .suse.de = SUSE.DE
>>>
>>>
>>> Regards
>>> Markus
>>>
>>>
>>> "shashi" <shashi.boddula@oracle.com> wrote in message
>>> 457E6326.2000701@oracle.com">news:457E6326.2000701@oracle.com...
>>>
>>>> Hi All
>>>>
>>>> I am new to heimdal kerberos, i am facing problem with heimdal
>>>> 0.6.1rc3-55.24, and i am not able to
>>>> track where i have done mistake.
>>>>
>>>> My database is here
>>>> --------------------
>>>>
>>>> SuSE:/var/heimdal # ls
>>>> .  ..  heimdal.db  kadmind.acl  log  m-key
>>>> SuSE:/var/heimdal #
>>>>
>>>> My kdc.conf
>>>> -------------
>>>>
>>>> [libdefaults]
>>>>                                                                #
>>>> default_realm = MY.REALM
>>>>        clockskew = 300
>>>>        default_realm = SUSE.DE
>>>>
>>>> [realms]
>>>> SUSE.DE = {
>>>>        kdc = suse.idc.oracle.com
>>>>        default_domain = suse.de
>>>>        kpasswd_server = suse.idc.oracle.com
>>>> }
>>>> [domain_realm]
>>>>        .suse.de = SUSE.DE
>>>> #       .my.domain = MY.REALM
>>>>
>>>> [logging]
>>>>        default = SYSLOG:NOTICE:DAEMON
>>>>        kdc = FILE:/var/log/kdc.log
>>>>        kadmind = FILE:/var/log/kadmind.log
>>>>
>>>> [appdefaults]
>>>> pam = {
>>>>        ticket_lifetime = 1d
>>>>        renew_lifetime = 1d
>>>>        forwardable = true
>>>>        proxiable = false
>>>>        retain_after_close = false
>>>>        minimum_uid = 0
>>>>        debug = false
>>>> }
>>>> SuSE:~ #
>>>>
>>>>
>>>> My principles
>>>> -------------
>>>> SuSE:~ # kadmin -l
>>>> kadmin> list *
>>>>  default@SUSE.DE
>>>>  root/admin@SUSE.DE ----------------> This is what i added as my
>>>> administrator principle
>>>>  kadmin/admin@SUSE.DE
>>>>  kadmin/hprop@SUSE.DE
>>>>  krbtgt/SUSE.DE@SUSE.DE
>>>>  kadmin/changepw@SUSE.DE
>>>>  changepw/kerberos@SUSE.DE
>>>> kadmin>
>>>>
>>>>
>>>> My ACL
>>>> ------
>>>>
>>>> SuSE:/var/heimdal # cat kadmind.acl
>>>> root/admin      all     *
>>>> SuSE:/var/heimdal #
>>>>
>>>>
>>>> Got a ticket
>>>> -------------
>>>>
>>>> SuSE:~ # kinit root/admin
>>>> root/admin@SUSE.DE's Password:
>>>> kinit: NOTICE: ticket renewable lifetime is 1 week
>>>> SuSE:~ # klist -a
>>>> Credentials cache: FILE:/tmp/krb5cc_0
>>>>        Principal: root/admin@SUSE.DE
>>>>    Cache version: 4
>>>>
>>>> Server: krbtgt/SUSE.DE@SUSE.DE
>>>> Ticket etype: des3-cbc-sha1, kvno 1
>>>> Auth time:  Dec 12 13:31:57 2006
>>>> End time:   Dec 12 23:31:57 2006
>>>> Renew till: Dec 19 13:31:57 2006
>>>> Ticket flags: renewable, initial
>>>> Addresses: IPv4:152.69.168.146
>>>>
>>>> SuSE:~ #
>>>>
>>>>
>>>>
>>>> My problem
>>>> -----------
>>>> SuSE:~ # kadmin
>>>> kadmin: kadm5_init_with_password: Cannot contact any KDC for
>>>> requested realm
>>>> SuSE:~ #
>>>>
>>>>
>>>>
>>>> Please , anyone one can tell where i have done mistake , what is  
>>>> the
>>>> problem here ? . I am try to
>>>> solve this problem from the past two days , but no help from  
>>>> google.
>>>>
>>>> Another problem is, log files keep on complaining about
>>>> "/var/heimdal/kdc.conf:0: cannot open file"
>>>> , what is the value of this file ? what i need to define in this  
>>>> file ?
>>>>
>>>>
>>>> Thanks & Regards,
>>>> Shashi Kanth
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>

Follow-Ups:
- Re: Cannot contact any KDC for requested realm
  - From: Donald Norwood <dnorwood@portalias.net>

References:
- Cannot contact any KDC for requested realm
  - From: shashi <shashi.boddula@oracle.com>
- Re: Cannot contact any KDC for requested realm
  - From: "Markus Moeller" <huaraz@moeller.plus.com>
- Re: Cannot contact any KDC for requested realm
  - From: Donald Norwood <dnorwood@portalias.net>
- Re: Cannot contact any KDC for requested realm
  - From: shashi <shashi.boddula@oracle.com>

Prev by Date: Re: Cannot contact any KDC for requested realm
Next by Date: Re: hdb-ldap backend and Samba integration
Prev by thread: Re: Cannot contact any KDC for requested realm
Next by thread: Re: Cannot contact any KDC for requested realm
Index(es):
- Date
- Thread