kadmin: Cannot contact any KDC for requested realm whileinitializing kadmin interface - Kerberos

This is a discussion on kadmin: Cannot contact any KDC for requested realm whileinitializing kadmin interface - Kerberos ; Hi, there, I set up a MIT Kerberos 5 master kdc on a pc in a private domain. I have /etc/hosts mapping hostname of the pc to its ip address and /etc/krb5.conf pointing kdc to the host name, which i ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: kadmin: Cannot contact any KDC for requested realm whileinitializing kadmin interface

  1. kadmin: Cannot contact any KDC for requested realm whileinitializing kadmin interface

    Hi, there,
    I set up a MIT Kerberos 5 master kdc on a pc in a private domain. I have
    /etc/hosts mapping hostname of the pc to its ip address and /etc/krb5.conf
    pointing kdc to the host name, which i believe correctly set.
    The problem is that, I can do kadmin.local but I just couldn't do kadmin.
    It always complains:
    kadmin: Cannot contact any KDC for requested realm while initializing kadmin
    interface
    kinit with no parameters reports the similar error:
    kinit(v5): Cannot contact any KDC for requested realm while getting initial
    credentials
    but kinit works if I supply a principal from another realm (that realm and
    its kdc is also set in /krb5.conf).
    I am confused that why kinit and kadmin just couldn't work in local realm?
    Is this a feature or I missed any setting issues?
    Thank you very much.
    yizeng
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos

  2. Re: kadmin: Cannot contact any KDC for requested realm whileinitializing kadmin interface

    I would suspect a simple error in the configuration of your local
    realm in /etc/krb5.conf, or a DNS issue.

    Can you post your /etc/krb5.conf ?

    On 10/26/05, yi zeng wrote:
    > Hi, there,
    > I set up a MIT Kerberos 5 master kdc on a pc in a private domain. I have
    > /etc/hosts mapping hostname of the pc to its ip address and /etc/krb5.conf
    > pointing kdc to the host name, which i believe correctly set.
    > The problem is that, I can do kadmin.local but I just couldn't do kadmin.
    > It always complains:
    > kadmin: Cannot contact any KDC for requested realm while initializing kadmin
    > interface
    > kinit with no parameters reports the similar error:
    > kinit(v5): Cannot contact any KDC for requested realm while getting initial
    > credentials
    > but kinit works if I supply a principal from another realm (that realm and
    > its kdc is also set in /krb5.conf).
    > I am confused that why kinit and kadmin just couldn't work in local realm?
    > Is this a feature or I missed any setting issues?
    > Thank you very much.
    > yizeng

    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos

  3. Re: kadmin: Cannot contact any KDC for requested realm while initializing kadmin interface

    Thank you, Kevin.

    After I did a few google search, i got the solution.
    Loopback address is not able to do kdc resolution, a mapping from
    *REAL* ip address to the full qualified hostname is required to get
    kadmin and kinit work. Please see below:

    ======================old /etc/hosts ===========================
    127.0.0.1 mykdc.krb.com localhost.localdomain localhost mykdc

    ======================new /etc/hosts ===========================
    10.195.3.99 mykdc.krb.com
    127.0.0.1 localhost.localdomain localhost mykdc

    Thanks,

    yizeng

    Kevin Coffman wrote:
    > I would suspect a simple error in the configuration of your local
    > realm in /etc/krb5.conf, or a DNS issue.
    >
    > Can you post your /etc/krb5.conf ?
    >
    > On 10/26/05, yi zeng wrote:
    > > Hi, there,
    > > I set up a MIT Kerberos 5 master kdc on a pc in a private domain. I have
    > > /etc/hosts mapping hostname of the pc to its ip address and /etc/krb5.conf
    > > pointing kdc to the host name, which i believe correctly set.
    > > The problem is that, I can do kadmin.local but I just couldn't do kadmin.
    > > It always complains:
    > > kadmin: Cannot contact any KDC for requested realm while initializing kadmin
    > > interface
    > > kinit with no parameters reports the similar error:
    > > kinit(v5): Cannot contact any KDC for requested realm while getting initial
    > > credentials
    > > but kinit works if I supply a principal from another realm (that realm and
    > > its kdc is also set in /krb5.conf).
    > > I am confused that why kinit and kadmin just couldn't work in local realm?
    > > Is this a feature or I missed any setting issues?
    > > Thank you very much.
    > > yizeng
    >
    > ________________________________________________
    > Kerberos mailing list Kerberos@mit.edu
    > https://mailman.mit.edu/mailman/listinfo/kerberos

  4. Re: kadmin: Cannot contact any KDC for requested realm whileinitializing kadmin interface

    When kinit is run, it will find KDC for TGT .
    Cannot contact any KDC for requested means that it can not find the KDC,
    probably the DNS can resolve the KDC host name.
    Solution is also very simple, in your krb.conf, type your kdc's ip instead of the
    KDC 's host name. hope this would help


    ----- Original Message -----
    From: "Kevin Coffman"
    To: "yi zeng"
    Cc:
    Sent: Wednesday, October 26, 2005 10:07 PM
    Subject: Re: kadmin: Cannot contact any KDC for requested realm while initializing kadmin interface


    > I would suspect a simple error in the configuration of your local
    > realm in /etc/krb5.conf, or a DNS issue.
    >
    > Can you post your /etc/krb5.conf ?
    >
    > On 10/26/05, yi zeng wrote:
    > > Hi, there,
    > > I set up a MIT Kerberos 5 master kdc on a pc in a private domain. I have
    > > /etc/hosts mapping hostname of the pc to its ip address and /etc/krb5.conf
    > > pointing kdc to the host name, which i believe correctly set.
    > > The problem is that, I can do kadmin.local but I just couldn't do kadmin.
    > > It always complains:
    > > kadmin: Cannot contact any KDC for requested realm while initializing kadmin
    > > interface
    > > kinit with no parameters reports the similar error:
    > > kinit(v5): Cannot contact any KDC for requested realm while getting initial
    > > credentials
    > > but kinit works if I supply a principal from another realm (that realm and
    > > its kdc is also set in /krb5.conf).
    > > I am confused that why kinit and kadmin just couldn't work in local realm?
    > > Is this a feature or I missed any setting issues?
    > > Thank you very much.
    > > yizeng
    >
    > ________________________________________________
    > Kerberos mailing list Kerberos@mit.edu
    > https://mailman.mit.edu/mailman/listinfo/kerberos
    >

    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos

  5. Re: kadmin: Cannot contact any KDC for requested realmwhileinitializing kadmin interface

    Including the following entry in the libdefaults section of krb5.conf
    dns_lookup_kdc = false
    will probably work.
    and if you don't want dns for the realm either, then add the following
    entry as well:
    dns_lookup_realm = false

    See /krb5/man/man5/krb5.conf.5 for details.

    david.turing wrote:
    > [safeTgram (optim1) receive status: NOT encrypted, NOT signed.]
    >
    >
    > When kinit is run, it will find KDC for TGT .
    > Cannot contact any KDC for requested means that it can not find the KDC,
    > probably the DNS can resolve the KDC host name.
    > Solution is also very simple, in your krb.conf, type your kdc's ip instead of the
    > KDC 's host name. hope this would help
    >
    >
    > ----- Original Message -----
    > From: "Kevin Coffman"
    > To: "yi zeng"
    > Cc:
    > Sent: Wednesday, October 26, 2005 10:07 PM
    > Subject: Re: kadmin: Cannot contact any KDC for requested realm while initializing kadmin interface
    >
    >
    >
    >> I would suspect a simple error in the configuration of your local
    >> realm in /etc/krb5.conf, or a DNS issue.
    >>
    >> Can you post your /etc/krb5.conf ?
    >>
    >> On 10/26/05, yi zeng wrote:
    >>
    >>> Hi, there,
    >>> I set up a MIT Kerberos 5 master kdc on a pc in a private domain. I have
    >>> /etc/hosts mapping hostname of the pc to its ip address and /etc/krb5.conf
    >>> pointing kdc to the host name, which i believe correctly set.
    >>> The problem is that, I can do kadmin.local but I just couldn't do kadmin.
    >>> It always complains:
    >>> kadmin: Cannot contact any KDC for requested realm while initializing kadmin
    >>> interface
    >>> kinit with no parameters reports the similar error:
    >>> kinit(v5): Cannot contact any KDC for requested realm while getting initial
    >>> credentials
    >>> but kinit works if I supply a principal from another realm (that realm and
    >>> its kdc is also set in /krb5.conf).
    >>> I am confused that why kinit and kadmin just couldn't work in local realm?
    >>> Is this a feature or I missed any setting issues?
    >>> Thank you very much.
    >>> yizeng
    >>>
    >> ________________________________________________
    >> Kerberos mailing list Kerberos@mit.edu
    >> https://mailman.mit.edu/mailman/listinfo/kerberos
    >>
    >>
    >
    > ________________________________________________
    > Kerberos mailing list Kerberos@mit.edu
    > https://mailman.mit.edu/mailman/listinfo/kerberos
    >
    >
    >
    >

    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos

+ Reply to Thread
« AIX 5.3: kinit(v5): Cannot resolve network address for KDC in requestedrealm while getting initial credentials | Re: AIX 5.3: kinit(v5): Cannot resolve network address for KDC inrequested realm while getting initial credentials »