and here is log output from KDS Dec 19 14:49:48 CH124 krb5kdc[16324](info): AS_REQ (12 etypes {18 17 16 23 1 3 2 11 10 15 12 13}) 192.168.10.126: SERVER_NOT_FOUND: host/monitor.benchmark....@benchmark.com for kadmin/kerberos.benchmark....@benchmark.com, Server not found in Kerberos database Dec 19 14:49:48 CH124 krb5kdc[16324](info): AS_REQ (12 etypes {18 17 16 23 1 3 2 11 10 15 12 13}) 192.168.10.126: ISSUE: authtime 1387435788, etypes {rep=18 tkt=18 ses=18}, host/monitor.benchmark....@benchmark.com for kadmin/ad...@benchmark.com
On Thu, Dec 19, 2013 at 2:57 PM, ch huang <justlo...@gmail.com> wrote: > hi,maillist: > i do the following action but seems not work > > # yum install krb5-workstation > copy krb5.conf from KDS host > > and here is my krb5.conf content > > [logging] > default = FILE:/var/log/krb5libs.log > kdc = FILE:/var/log/krb5kdc.log > admin_server = FILE:/var/log/kadmind.log > [libdefaults] > default_realm = EXAMPLE.COM <http://example.com/> > dns_lookup_realm = false > dns_lookup_kdc = false > ticket_lifetime = 24h > forwardable = yes > [realms] > BENCHMARK.COM <http://benchmark.com/> = { > kdc = kerberos.benchmark.com:88 > admin_server = kerberos.benchmark.com:749 > default_domain = benchmark.com > } > [domain_realm] > .benchmark.com = BENCHMARK.COM <http://benchmark.com/> > benchmark.com = BENCHMARK.COM <http://benchmark.com/> > [appdefaults] > pam = { > debug = false > ticket_lifetime = 36000 > renew_lifetime = 36000 > forwardable = true > krb4_convert = false > } > also, client can find KDS > > # nslookup 192.168.10.124 > Server: 192.168.10.124 > Address: 192.168.10.124#53 > 124.10.168.192.in-addr.arpa name = kerberos.benchmark.com. > # ping kerberos.benchmark.com > PING kerberos.benchmark.com (192.168.10.124) 56(84) bytes of data. > 64 bytes from CH124 (192.168.10.124): icmp_seq=1 ttl=64 time=0.109 ms > 64 bytes from CH124 (192.168.10.124): icmp_seq=2 ttl=64 time=0.166 ms > > when i do this from client ,it not work > > # kadmin -r BENCHMARK.COM <http://benchmark.com/> -p > host/monitor.benchmark....@benchmark.com -w root -q "ktadd -k > /etc/krb5.keytab host/monitor.benchmark....@benchmark.com" > Authenticating as principal host/monitor.benchmark....@benchmark.com with > password. > kadmin: Incorrect password while initializing kadmin interface > but i can do on KDS with same password,i do not know why? anyone can help? > > # kadmin -r BENCHMARK.COM <http://benchmark.com/> > Authenticating as principal root/ad...@benchmark.com with password. > Password for root/ad...@benchmark.com: > kadmin: > > > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos