Hi all - building my first kerberos realm and
following the installation guide very closely (please
bear with me).

I have a master and a slave kdc similar to daisy and
use-the-force-luke in the tutorial. I reference them
as kerberos and kerberos-1, respectively, throughout
all the exercises. I've setup DNS to include the
CNAME and SRV records as shown in the document.

I have no reference to "daisy" or "use-the-force-luke"
in krb5.conf, addprinc (host/kerberos.domain.org),
ktadd (host/kerberos.domain.org), or the kpropd.acl
(host/kerberos.domain.org). If I run from kadmin a
listprincs command i get the proper
host/kerberos.domain.org@REALM.ORG. All of these
references also have kerberos-1.

I am able to perform a kdb5_util dump ok, but when I
attempt a kprop -f to kerberos-1.domain.org, the error
"Client not found in Kerberos database while getting
initial ticket" appears. Looking at the krb5kdc.log
file, I have a lot of CLIENT_NOT_FOUND:
host/daisy.domain.org@REALM.ORG for
host/use-the-force-luke.domain.org@REALM.ORG, Client
not found in Kerberos database.

In the krb5.conf I've changed dns_lookup_realm = true
and dns_lookup_kdc = true, (both from false) but this
doesn't solve the problem.

Could someone please point me the right direction?
Any help would be grealy appreciated - I'm almost
there!

Thanks,
Jonathan
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos