[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cannot contact any KDC for requested realm



Some troubleshooting to follow up on Loves posting.

Also be sure to check your firewall and /etc/services to be sure that 
those ports are open and listening and that the box doesn't have a rule 
setup that is throwing this off.

For lsof use, do lsof -i | grep PID (lsof -i | grep 8760)
Also try nestat -anp | grep PID    (netstat -anp | grep 8760)

The netstat cmd will tell you directly which port kadmind is listening on.

-Donald

Love Hörnquist Åstrand wrote:
> check with lsof if kadmind binds to the ports you expect it too.
>
> strace kadmin to figure out whom it tries to talk to.
>
> Love
>
>
>
> 13 dec 2006 kl. 18.36 skrev shashi:
>
>> SuSE:~ # ps -ef | grep -i heimdal
>> root      8758     1  0 13:12 pts/0    00:00:00 
>> /usr/lib/heimdal/sbin/kdc
>> root      8760     1  0 13:12 pts/0    00:00:00 
>> /usr/lib/heimdal/sbin/kadmind
>> root      8762     1  0 13:12 pts/0    00:00:00 
>> /usr/lib/heimdal/sbin/kpasswdd
>> root     16491  8510  0 23:05 pts/0    00:00:00 grep -i heimdal
>> SuSE:~ #
>>
>>
>> Donald Norwood wrote:
>>>
>>> My first thought was also a  dns issue, is the kadmind process running?
>>> The only way I can duplicate this error on my end is to kill my kadmind
>>> process which gives me a similar error.
>>>
>>> -Donald
>>>
>>>
>>> Markus Moeller wrote:
>>>> I think your problem is a missing config line under domain_realm.
>>>> kadmin will try to get a principal for suse.idc.oracle.com, but you
>>>> don't define to which realm oracle.com belongs
>>>>
>>>> Add .oracle.com = SUSE.DE to
>>>>
>>>> [domain_realm]
>>>>         .suse.de = SUSE.DE
>>>>
>>>>
>>>> Regards
>>>> Markus
>>>>
>>>>
>>>> "shashi" <shashi.boddula@oracle.com> wrote in message
>>>> 457E6326.2000701@oracle.com">news:457E6326.2000701@oracle.com...
>>>>
>>>>> Hi All
>>>>>
>>>>> I am new to heimdal kerberos, i am facing problem with heimdal
>>>>> 0.6.1rc3-55.24, and i am not able to
>>>>> track where i have done mistake.
>>>>>
>>>>> My database is here
>>>>> --------------------
>>>>>
>>>>> SuSE:/var/heimdal # ls
>>>>> .  ..  heimdal.db  kadmind.acl  log  m-key
>>>>> SuSE:/var/heimdal #
>>>>>
>>>>> My kdc.conf
>>>>> -------------
>>>>>
>>>>> [libdefaults]
>>>>>                                                                #
>>>>> default_realm = MY.REALM
>>>>>        clockskew = 300
>>>>>        default_realm = SUSE.DE
>>>>>
>>>>> [realms]
>>>>> SUSE.DE = {
>>>>>        kdc = suse.idc.oracle.com
>>>>>        default_domain = suse.de
>>>>>        kpasswd_server = suse.idc.oracle.com
>>>>> }
>>>>> [domain_realm]
>>>>>        .suse.de = SUSE.DE
>>>>> #       .my.domain = MY.REALM
>>>>>
>>>>> [logging]
>>>>>        default = SYSLOG:NOTICE:DAEMON
>>>>>        kdc = FILE:/var/log/kdc.log
>>>>>        kadmind = FILE:/var/log/kadmind.log
>>>>>
>>>>> [appdefaults]
>>>>> pam = {
>>>>>        ticket_lifetime = 1d
>>>>>        renew_lifetime = 1d
>>>>>        forwardable = true
>>>>>        proxiable = false
>>>>>        retain_after_close = false
>>>>>        minimum_uid = 0
>>>>>        debug = false
>>>>> }
>>>>> SuSE:~ #
>>>>>
>>>>>
>>>>> My principles
>>>>> -------------
>>>>> SuSE:~ # kadmin -l
>>>>> kadmin> list *
>>>>>  default@SUSE.DE
>>>>>  root/admin@SUSE.DE ----------------> This is what i added as my
>>>>> administrator principle
>>>>>  kadmin/admin@SUSE.DE
>>>>>  kadmin/hprop@SUSE.DE
>>>>>  krbtgt/SUSE.DE@SUSE.DE
>>>>>  kadmin/changepw@SUSE.DE
>>>>>  changepw/kerberos@SUSE.DE
>>>>> kadmin>
>>>>>
>>>>>
>>>>> My ACL
>>>>> ------
>>>>>
>>>>> SuSE:/var/heimdal # cat kadmind.acl
>>>>> root/admin      all     *
>>>>> SuSE:/var/heimdal #
>>>>>
>>>>>
>>>>> Got a ticket
>>>>> -------------
>>>>>
>>>>> SuSE:~ # kinit root/admin
>>>>> root/admin@SUSE.DE's Password:
>>>>> kinit: NOTICE: ticket renewable lifetime is 1 week
>>>>> SuSE:~ # klist -a
>>>>> Credentials cache: FILE:/tmp/krb5cc_0
>>>>>        Principal: root/admin@SUSE.DE
>>>>>    Cache version: 4
>>>>>
>>>>> Server: krbtgt/SUSE.DE@SUSE.DE
>>>>> Ticket etype: des3-cbc-sha1, kvno 1
>>>>> Auth time:  Dec 12 13:31:57 2006
>>>>> End time:   Dec 12 23:31:57 2006
>>>>> Renew till: Dec 19 13:31:57 2006
>>>>> Ticket flags: renewable, initial
>>>>> Addresses: IPv4:152.69.168.146
>>>>>
>>>>> SuSE:~ #
>>>>>
>>>>>
>>>>>
>>>>> My problem
>>>>> -----------
>>>>> SuSE:~ # kadmin
>>>>> kadmin: kadm5_init_with_password: Cannot contact any KDC for
>>>>> requested realm
>>>>> SuSE:~ #
>>>>>
>>>>>
>>>>>
>>>>> Please , anyone one can tell where i have done mistake , what is the
>>>>> problem here ? . I am try to
>>>>> solve this problem from the past two days , but no help from google.
>>>>>
>>>>> Another problem is, log files keep on complaining about
>>>>> "/var/heimdal/kdc.conf:0: cannot open file"
>>>>> , what is the value of this file ? what i need to define in this 
>>>>> file ?
>>>>>
>>>>>
>>>>> Thanks & Regards,
>>>>> Shashi Kanth
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>
>
>
>
>