subject:"hi,how can i add a client to KDS\? kadmin\: Incorrect password while initializing kadmin interface"

hi,how can i add a client to KDS? kadmin: Incorrect password while initializing kadmin interface

2013-12-19 Thread ch huang

hi,maillist:
   i do the following action but seems not work

# yum install krb5-workstation
copy krb5.conf from KDS host

and here is my krb5.conf content

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log
[libdefaults]
 default_realm = EXAMPLE.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 forwardable = yes
[realms]
 BENCHMARK.COM = {
  kdc = kerberos.benchmark.com:88
  admin_server = kerberos.benchmark.com:749
  default_domain = benchmark.com
 }
[domain_realm]
 .benchmark.com = BENCHMARK.COM
 benchmark.com = BENCHMARK.COM
[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }
also, client can find KDS

# nslookup 192.168.10.124
Server: 192.168.10.124
Address:192.168.10.124#53
124.10.168.192.in-addr.arpa name = kerberos.benchmark.com.
# ping kerberos.benchmark.com
PING kerberos.benchmark.com (192.168.10.124) 56(84) bytes of data.
64 bytes from CH124 (192.168.10.124): icmp_seq=1 ttl=64 time=0.109 ms
64 bytes from CH124 (192.168.10.124): icmp_seq=2 ttl=64 time=0.166 ms

when i do this from client ,it not work

# kadmin -r BENCHMARK.COM -p host/monitor.benchmark@benchmark.com -w
root -q ktadd  -k /etc/krb5.keytab host/monitor.benchmark@benchmark.com

Authenticating as principal host/monitor.benchmark@benchmark.com with
password.
kadmin: Incorrect password while initializing kadmin interface
but i can do on KDS with same password,i do not know why? anyone can help?

# kadmin -r BENCHMARK.COM
Authenticating as principal root/ad...@benchmark.com with password.
Password for root/ad...@benchmark.com:
kadmin:

Kerberos mailing list   Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

Re: hi,how can i add a client to KDS? kadmin: Incorrect password while initializing kadmin interface

2013-12-19 Thread ch huang

and here is log output from KDS

Dec 19 14:49:48 CH124 krb5kdc[16324](info): AS_REQ (12 etypes {18 17 16 23
1 3 2 11 10 15 12 13}) 192.168.10.126: SERVER_NOT_FOUND:
host/monitor.benchmark@benchmark.com for
kadmin/kerberos.benchmark@benchmark.com, Server not found in Kerberos
database
Dec 19 14:49:48 CH124 krb5kdc[16324](info): AS_REQ (12 etypes {18 17 16 23
1 3 2 11 10 15 12 13}) 192.168.10.126: ISSUE: authtime 1387435788, etypes
{rep=18 tkt=18 ses=18}, host/monitor.benchmark@benchmark.com for
kadmin/ad...@benchmark.com

On Thu, Dec 19, 2013 at 2:57 PM, ch huang justlo...@gmail.com wrote:

 hi,maillist:
i do the following action but seems not work

 # yum install krb5-workstation
 copy krb5.conf from KDS host

 and here is my krb5.conf content

 [logging]
  default = FILE:/var/log/krb5libs.log
  kdc = FILE:/var/log/krb5kdc.log
  admin_server = FILE:/var/log/kadmind.log
 [libdefaults]
  default_realm = EXAMPLE.COM http://example.com/
  dns_lookup_realm = false
  dns_lookup_kdc = false
  ticket_lifetime = 24h
  forwardable = yes
 [realms]
  BENCHMARK.COM http://benchmark.com/ = {
   kdc = kerberos.benchmark.com:88
   admin_server = kerberos.benchmark.com:749
   default_domain = benchmark.com
  }
 [domain_realm]
  .benchmark.com = BENCHMARK.COM http://benchmark.com/
  benchmark.com = BENCHMARK.COM http://benchmark.com/
 [appdefaults]
  pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
  }
 also, client can find KDS

 # nslookup 192.168.10.124
 Server: 192.168.10.124
 Address:192.168.10.124#53
 124.10.168.192.in-addr.arpa name = kerberos.benchmark.com.
 # ping kerberos.benchmark.com
 PING kerberos.benchmark.com (192.168.10.124) 56(84) bytes of data.
 64 bytes from CH124 (192.168.10.124): icmp_seq=1 ttl=64 time=0.109 ms
 64 bytes from CH124 (192.168.10.124): icmp_seq=2 ttl=64 time=0.166 ms

 when i do this from client ,it not work

 # kadmin -r BENCHMARK.COM http://benchmark.com/ -p
 host/monitor.benchmark@benchmark.com -w root -q ktadd  -k
 /etc/krb5.keytab host/monitor.benchmark@benchmark.com
 Authenticating as principal host/monitor.benchmark@benchmark.com with
 password.
 kadmin: Incorrect password while initializing kadmin interface
 but i can do on KDS with same password,i do not know why? anyone can help?

 # kadmin -r BENCHMARK.COM http://benchmark.com/
 Authenticating as principal root/ad...@benchmark.com with password.
 Password for root/ad...@benchmark.com:
 kadmin:




Kerberos mailing list   Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

hi,how can i add a client to KDS? kadmin: Incorrect password while initializing kadmin interface

Re: hi,how can i add a client to KDS? kadmin: Incorrect password while initializing kadmin interface

2 matches

Site Navigation

Mail list logo

Footer information