kadmin: Cannot contact any KDC for requested realm while initializing kadmin interface

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

kadmin: Cannot contact any KDC for requested realm while initializing kadmin interface

yi zeng
Hi, there,
 I set up a MIT Kerberos 5 master kdc on a pc in a private domain. I have
/etc/hosts mapping hostname of the pc to its ip address and /etc/krb5.conf
pointing kdc to the host name, which i believe correctly set.
 The problem is that, I can do kadmin.local but I just couldn't do kadmin.
It always complains:
kadmin: Cannot contact any KDC for requested realm while initializing kadmin
interface
 kinit with no parameters reports the similar error:
kinit(v5): Cannot contact any KDC for requested realm while getting initial
credentials
 but kinit works if I supply a principal from another realm (that realm and
its kdc is also set in /krb5.conf).
 I am confused that why kinit and kadmin just couldn't work in local realm?
Is this a feature or I missed any setting issues?
 Thank you very much.
 yizeng
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: kadmin: Cannot contact any KDC for requested realm while initializing kadmin interface

Kevin Coffman
I would suspect a simple error in the configuration of your local
realm in /etc/krb5.conf, or a DNS issue.

Can you post your /etc/krb5.conf ?

On 10/26/05, yi zeng <[hidden email]> wrote:

> Hi, there,
>  I set up a MIT Kerberos 5 master kdc on a pc in a private domain. I have
> /etc/hosts mapping hostname of the pc to its ip address and /etc/krb5.conf
> pointing kdc to the host name, which i believe correctly set.
>  The problem is that, I can do kadmin.local but I just couldn't do kadmin.
> It always complains:
> kadmin: Cannot contact any KDC for requested realm while initializing kadmin
> interface
>  kinit with no parameters reports the similar error:
> kinit(v5): Cannot contact any KDC for requested realm while getting initial
> credentials
>  but kinit works if I supply a principal from another realm (that realm and
> its kdc is also set in /krb5.conf).
>  I am confused that why kinit and kadmin just couldn't work in local realm?
> Is this a feature or I missed any setting issues?
>  Thank you very much.
>  yizeng

________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: kadmin: Cannot contact any KDC for requested realm while initializing kadmin interface

yi zeng
In reply to this post by yi zeng
Thank you, Kevin.

After I did a few google search, i got the solution.
Loopback address is not able to do kdc resolution, a mapping from
*REAL* ip address to the full qualified hostname is required to get
kadmin and kinit work. Please see below:

======================old /etc/hosts ===========================
127.0.0.1      mykdc.krb.com localhost.localdomain   localhost mykdc

======================new /etc/hosts ===========================
10.195.3.99    mykdc.krb.com
127.0.0.1      localhost.localdomain   localhost  mykdc

Thanks,

yizeng

Kevin Coffman wrote:

> I would suspect a simple error in the configuration of your local
> realm in /etc/krb5.conf, or a DNS issue.
>
> Can you post your /etc/krb5.conf ?
>
> On 10/26/05, yi zeng <[hidden email]> wrote:
> > Hi, there,
> >  I set up a MIT Kerberos 5 master kdc on a pc in a private domain. I have
> > /etc/hosts mapping hostname of the pc to its ip address and /etc/krb5.conf
> > pointing kdc to the host name, which i believe correctly set.
> >  The problem is that, I can do kadmin.local but I just couldn't do kadmin.
> > It always complains:
> > kadmin: Cannot contact any KDC for requested realm while initializing kadmin
> > interface
> >  kinit with no parameters reports the similar error:
> > kinit(v5): Cannot contact any KDC for requested realm while getting initial
> > credentials
> >  but kinit works if I supply a principal from another realm (that realm and
> > its kdc is also set in /krb5.conf).
> >  I am confused that why kinit and kadmin just couldn't work in local realm?
> > Is this a feature or I missed any setting issues?
> >  Thank you very much.
> >  yizeng
>
> ________________________________________________
> Kerberos mailing list           [hidden email]
> https://mailman.mit.edu/mailman/listinfo/kerberos

________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: kadmin: Cannot contact any KDC for requested realm while initializing kadmin interface

david.turing
In reply to this post by Kevin Coffman
When kinit is run, it will find KDC for TGT .
Cannot contact any KDC for requested means that it can not find the KDC,
probably the DNS can resolve the KDC host name.
Solution is also very simple, in your krb.conf,  type your kdc's ip instead of the
KDC 's host name.  hope this would help :)


----- Original Message -----
From: "Kevin Coffman" <[hidden email]>
To: "yi zeng" <[hidden email]>
Cc: <[hidden email]>
Sent: Wednesday, October 26, 2005 10:07 PM
Subject: Re: kadmin: Cannot contact any KDC for requested realm while initializing kadmin interface


> I would suspect a simple error in the configuration of your local
> realm in /etc/krb5.conf, or a DNS issue.
>
> Can you post your /etc/krb5.conf ?
>
> On 10/26/05, yi zeng <[hidden email]> wrote:
> > Hi, there,
> >  I set up a MIT Kerberos 5 master kdc on a pc in a private domain. I have
> > /etc/hosts mapping hostname of the pc to its ip address and /etc/krb5.conf
> > pointing kdc to the host name, which i believe correctly set.
> >  The problem is that, I can do kadmin.local but I just couldn't do kadmin.
> > It always complains:
> > kadmin: Cannot contact any KDC for requested realm while initializing kadmin
> > interface
> >  kinit with no parameters reports the similar error:
> > kinit(v5): Cannot contact any KDC for requested realm while getting initial
> > credentials
> >  but kinit works if I supply a principal from another realm (that realm and
> > its kdc is also set in /krb5.conf).
> >  I am confused that why kinit and kadmin just couldn't work in local realm?
> > Is this a feature or I missed any setting issues?
> >  Thank you very much.
> >  yizeng
>
> ________________________________________________
> Kerberos mailing list           [hidden email]
> https://mailman.mit.edu/mailman/listinfo/kerberos
>

________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: kadmin: Cannot contact any KDC for requested realm whileinitializing kadmin interface

Jeremy Hunt-2
In reply to this post by Kevin Coffman
Including the following entry in the libdefaults section of krb5.conf
     dns_lookup_kdc = false
will probably work.
and if you don't want dns for the realm either, then add the following
entry as well:
     dns_lookup_realm = false

See /krb5/man/man5/krb5.conf.5 for details.

david.turing wrote:

> [safeTgram (optim1) receive status: NOT encrypted, NOT signed.]
>
>
> When kinit is run, it will find KDC for TGT .
> Cannot contact any KDC for requested means that it can not find the KDC,
> probably the DNS can resolve the KDC host name.
> Solution is also very simple, in your krb.conf,  type your kdc's ip instead of the
> KDC 's host name.  hope this would help :)
>
>
> ----- Original Message -----
> From: "Kevin Coffman" <[hidden email]>
> To: "yi zeng" <[hidden email]>
> Cc: <[hidden email]>
> Sent: Wednesday, October 26, 2005 10:07 PM
> Subject: Re: kadmin: Cannot contact any KDC for requested realm while initializing kadmin interface
>
>
>  
>> I would suspect a simple error in the configuration of your local
>> realm in /etc/krb5.conf, or a DNS issue.
>>
>> Can you post your /etc/krb5.conf ?
>>
>> On 10/26/05, yi zeng <[hidden email]> wrote:
>>    
>>> Hi, there,
>>>  I set up a MIT Kerberos 5 master kdc on a pc in a private domain. I have
>>> /etc/hosts mapping hostname of the pc to its ip address and /etc/krb5.conf
>>> pointing kdc to the host name, which i believe correctly set.
>>>  The problem is that, I can do kadmin.local but I just couldn't do kadmin.
>>> It always complains:
>>> kadmin: Cannot contact any KDC for requested realm while initializing kadmin
>>> interface
>>>  kinit with no parameters reports the similar error:
>>> kinit(v5): Cannot contact any KDC for requested realm while getting initial
>>> credentials
>>>  but kinit works if I supply a principal from another realm (that realm and
>>> its kdc is also set in /krb5.conf).
>>>  I am confused that why kinit and kadmin just couldn't work in local realm?
>>> Is this a feature or I missed any setting issues?
>>>  Thank you very much.
>>>  yizeng
>>>      
>> ________________________________________________
>> Kerberos mailing list           [hidden email]
>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>
>>    
>
> ________________________________________________
> Kerberos mailing list           [hidden email]
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
>
>  

________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos