""Yan"" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Heres the messages I exchanged with Srini > from the newsgroup, the problem remains unsolved > looking forward for more help > > Yan > > > Hi group, > I compiled it from source on Solaris8. > I followed the installation guide, created an admin > principal, an ACL, filled krb5.conf and kdc.conf. > The installation as /opt/k5 for --prefix so I created > /opt/k5/etc and /opt/k5/var manually to put my config > files. > > When starting krb5kdc this port appears : > -begin------------------------------------------------------- > UDP: IPv4 > 192.168.0.8.88 Idle > -end------------------------------------------------------- > > and the ports for kadmind : > -begin------------------------------------------------------- > UDP: IPv4 > *.464 Idle > TCP: IPv4 > *.749 *.* 0 0 24576 0 LISTEN > -end------------------------------------------------------- > > So I assume my servers are up and running, the procs > are in ps -ef output as well. > > kadmin.local works here is the getprincs output: > -begin------------------------------------------------------- > kadmin.local: getprincs > K/[EMAIL PROTECTED] > kadmin/[EMAIL PROTECTED] > kadmin/[EMAIL PROTECTED] > kadmin/[EMAIL PROTECTED] > krbtgt/[EMAIL PROTECTED] > yan/[EMAIL PROTECTED] > -end------------------------------------------------------- > > I found while googling that someone has had this problem > before, and he was told to make sure that its host file was > configured to have the FQDN of the machine appearing first > in the host file for that IP. It didnt solved my problem. > > Heres the problem : > -begin------------------------------------------------------- > sun2# kadmin -p yan/[EMAIL PROTECTED] > Authenticating as principal yan/[EMAIL PROTECTED] with password. > kadmin: Cannot contact any KDC for requested realm while initializing > kadmin > interface > -end------------------------------------------------------- > > Here is my krb5.conf file : > -begin------------------------------------------------------- > [libdefaults] > ticket_lifetime = 600 > default_realm = NEOTOKYO.COM > default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc > default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc > > [realms] > NEOTOKYO.COM = { > kdc = SUN2.NEOTOKYO.COM > admin_server = SUN2.NEOTOKYO.COM > default_domain = NEOTOKYO.COM > } > > [domain_realm] > .neotokyo.com = NEOTOKYO.COM > neotokyo.com = NEOTOKYO.COM > > [logging] > kdc = FILE:/opt/k5/var/krb5kdc/kdc.log > admin_server = FILE:/opt/k5/var/krb5kdc/kadmin.log > -end------------------------------------------------------- > > Neither kdc.log nor kadmind.log are showing anything > special, not even the connection requests. > > You can reach me at [EMAIL PROTECTED] if you wish > to help > > Yannick > > > ________________________________________________ > > ---------------------- > Hi, > Try to get the TGT first by giving the command "kinit <principal name>". > > Did you update the /etc/services file with the following services: > kerberos 88/udp kdc # Kerberos authentication (udp) > kerberos 88/tcp kdc # Kerberos authentication (tcp) > krb5_prop 754/tcp # Kerberos slave propagation > kerberos-adm 749/tcp # Kerberos 5 admin/changepw (tcp) > kerberos-adm 749/udp # Kerberos 5 admin/changepw (udp) > eklogin 2105/tcp # Kerberos encrypted rlogin > > Also what does your kdc.conf look like and where(path) is it exactly. > > Good Luck, > Srini > > ------------------- > Hi, > my /etc/services wasnt updated so I added the entries you specified > below, thank you > > The problem is still here though : > -begin------------------------------- > sun2# kinit -V yan/[EMAIL PROTECTED] > kinit(v5): Cannot contact any KDC for requested realm while > getting initial credentials > -end------------------------------- > > Here is my kdc.conf : > -begin------------------------------- > sun2# pwd > /opt/k5/var/krb5kdc > sun2# cat kdc.conf > [kdcdefaults] > kdc_ports = 88 > > [realms] > NEOTOKYO.COM = { > database_name = /opt/k5/var/krb5kdc/principal > key_stash_file = /opt/k5/var/krb5kdc/.k5.NEOTOKYO.COM > kadmind_port = 749 > admin_keytab = /opt/k5/var/krb5kdc/kadm5.keytab > acl_file = /opt/k5/var/krb5kdc/kadm5.acl > max_life = 10h 0m 0s > max_renewable_life = 7d 0h 0m 0s > master_key_type = des3-hmac-sha1 > supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal > des-cbc-crc:v4 > kdc_supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal > des-cbc-crc:v4 > } > > sun2# > -end---------------------------------------------- > > --------------------- > > Hi Yan, > I think it is unable to locate the kdc. Where is your krb5.conf? > - it is currently in /opt/k5/etc - I think it is used by kadmin when > connecting > - because I tested it changing the hostname of the kdc in there and > sniffing the > - network, I see kadmin trying to connect to the other machine. The thing I > - found strange is that it is trying to connect to a udp port which is not > - listening on the server. I have not specified any port in the config > files, I > - assumed the client and server would use the default ports.. > > Copy the krb5.conf to /etc and check. Then Please try to kill the krb5kdc > and > start it again. > - Ill try that this evening when back at home. > > Are you able to ping SUN2.NEOTOKYO.COM? > - Yep thats the same machine > Are the KDC and the client on the same m/c? > - Yep > > Cheers, > Srini >
Can you run 'telnet SUN2.NEOTOKYO.COM 749' ? Christian. ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
