kerberos server replication - Kerberos

This is a discussion on kerberos server replication - Kerberos ; hi I have two server , both working kdc right. The master (shogun) the slave (shinobi). I use debian and teh domain is IRONMAN.ES The replication doesn't work. I followed the next steps: I created the file /etc/krb5kdc/kpropd.acl in the ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: kerberos server replication

  1. kerberos server replication

    hi
    I have two server , both working kdc right. The master (shogun) the
    slave (shinobi). I use debian and teh domain is IRONMAN.ES The
    replication doesn't work. I followed the next steps:

    I created the file /etc/krb5kdc/kpropd.acl in the slave with:

    host/shogun.ironman.es@IRONMAN.ES
    host/shinobi.ironman.es@IRONMAN.ES

    I add in the master server the next(kadmin.local):



    addprinc -randkey host/shogun.ironman.es

    addprinc -randkey host/shinobi.ironman.es

    ktadd host/shogun.ironman.es

    ktadd host/shinobi.ironman.es

    In the server i did:

    scp /etc/krb5.keytab shinobi:/etc

    and finally i did:

    kdb5_util dump /var/Kerberos/krb5kdc/slave_datatrans

    I didn't get any error untill here but when i did:

    kprop -f /var/Kerberos/krb5kdc/slave_datatrans shinobi.ironman.es
    > /dev/null


    i got this error:

    kprop: Connection refused in call to connect while opening connection to
    shinobi.ironman.es

    The /var/log/kerberos/krb5kdc.log from the master shoows:

    Oct 18 22:45:39 shogun krb5kdc[6080](info): AS_REQ (7 etypes {18 17 16
    23 1 3 2}) 192.168.2.3: ISSUE: authtime 1161204339, etypes {rep=16
    tkt=16 ses=16}, host/shogun.ironman.es@IRONMAN.ES for
    host/shinobi.ironman.es@IRONMAN.ES

    anyone can help me...

    thanks




    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  2. Re: kerberos server replication

    On 2006-10-18 22:50:16 +0200, chechuironman@hotmail.com (chechu chechu) said:


    > kprop: Connection refused in call to connect while opening connection to
    > shinobi.ironman.es


    Run kpropd alone or with inetd/xinetd.

    --
    Sensei

    Research (n.): a discovery already published by a chinese guy one month
    before you, copying a russian who did it in the 60s.


+ Reply to Thread