krb5kdc: No such device - Cannot bind server socket to port 88

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

krb5kdc: No such device - Cannot bind server socket to port 88

Jim Pharis
My kdc will not start. I get an error message in my kdc log file...

krb5kdc[11331](info): listening on fd 7: udp 192.168.0.1.88
krb5kdc[11331](info): listening on fd 8: udp 192.168.0.1.750
krb5kdc: No such device - Cannot bind server socket to port 88 address
fe88::20f:1fff:feb2:b9c7%253

ifconfig shows that address associated eth1. I statically assigned
192.168.0.1 to that address. (no network). If I bring eth1 down I get
a message set up 0 sockets.

I can check the ports opened by nmap'ing myself. The port isn't
allocated.

I tried binding to that port with a python script and I have no
problem opening it.

Has anybody seen this before? By the way, I did create the principle and
stash files and they are pointed to correctly in the kdc.conf and
krb.conf files.  admin-server seems to start correctly and opens the
port.

I'm running Ubuntu Hoary. Is the KDC trying to bind to the ip6 address?
I have seen threads of other people with this problem but none of them
lead to any insight into how one might fix it.

TIA, Jim Pharis


________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos

signature.asc (196 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: krb5kdc: No such device - Cannot bind server socket to port 88

Kenneth G Raeburn
On Jun 22, 2005, at 16:59, Jim Pharis wrote:
> My kdc will not start. I get an error message in my kdc log file...
>
> krb5kdc[11331](info): listening on fd 7: udp 192.168.0.1.88
> krb5kdc[11331](info): listening on fd 8: udp 192.168.0.1.750
> krb5kdc: No such device - Cannot bind server socket to port 88 address
> fe88::20f:1fff:feb2:b9c7%253

I've seen the reports, but don't know the cause yet...

Could you try dropping in some code like this just before the call to
bind in kdc/network.c and see if it changes anything?

   if (addr->sa_family == AF_INET6) {
     struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *) addr;
     com_err(data->prog, 0, "zapping scope %d to 0",
sin6->sin6_scope_id);
     sin6->sin6_scope_id = 0;
   }

It does seem interesting that all the reports I've seen involve unusual
addresses.  Yours and one other concerned link-local addresses
(fe80::/10), and one more listed an fd80:: address (an unassigned
block, I think) in the report.  Since we're supposed to be filtering
out link-local addresses, this address shouldn't have been used in this
part of the code.

Please let me know what "grep ifaddrs config.cache" in the "src"
directory of your build tree shows.  We've got (at least) two different
code paths that could be used for getting the address list, and one of
them clearly isn't doing the filtering that it ought to.

> I'm running Ubuntu Hoary. Is the KDC trying to bind to the ip6 address?

Yes, we try to bind to all local ipv4 and ipv6 addresses separately.  
(There's another approach that could use just one socket for all IPv6
traffic, and carry the address info separately, but we're not using it
yet.)

Ken

________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos