Discussion:
kadmin: Cannot contact any KDC for requested realm while initializing kadmin interface
yi zeng
2005-10-26 05:17:59 UTC
Permalink
Hi, there,
I set up a MIT Kerberos 5 master kdc on a pc in a private domain. I have
/etc/hosts mapping hostname of the pc to its ip address and /etc/krb5.conf
pointing kdc to the host name, which i believe correctly set.
The problem is that, I can do kadmin.local but I just couldn't do kadmin.
It always complains:
kadmin: Cannot contact any KDC for requested realm while initializing kadmin
interface
kinit with no parameters reports the similar error:
kinit(v5): Cannot contact any KDC for requested realm while getting initial
credentials
but kinit works if I supply a principal from another realm (that realm and
its kdc is also set in /krb5.conf).
I am confused that why kinit and kadmin just couldn't work in local realm?
Is this a feature or I missed any setting issues?
Thank you very much.
yizeng
Kevin Coffman
2005-10-26 14:07:32 UTC
Permalink
I would suspect a simple error in the configuration of your local
realm in /etc/krb5.conf, or a DNS issue.

Can you post your /etc/krb5.conf ?
Post by yi zeng
Hi, there,
I set up a MIT Kerberos 5 master kdc on a pc in a private domain. I have
/etc/hosts mapping hostname of the pc to its ip address and /etc/krb5.conf
pointing kdc to the host name, which i believe correctly set.
The problem is that, I can do kadmin.local but I just couldn't do kadmin.
kadmin: Cannot contact any KDC for requested realm while initializing kadmin
interface
kinit(v5): Cannot contact any KDC for requested realm while getting initial
credentials
but kinit works if I supply a principal from another realm (that realm and
its kdc is also set in /krb5.conf).
I am confused that why kinit and kadmin just couldn't work in local realm?
Is this a feature or I missed any setting issues?
Thank you very much.
yizeng
david.turing
2005-11-09 06:35:19 UTC
Permalink
When kinit is run, it will find KDC for TGT .
Cannot contact any KDC for requested means that it can not find the KDC,
probably the DNS can resolve the KDC host name.
Solution is also very simple, in your krb.conf, type your kdc's ip instead of the
KDC 's host name. hope this would help :)


----- Original Message -----
From: "Kevin Coffman" <kwc at citi.umich.edu>
To: "yi zeng" <bigwhite at gmail.com>
Cc: <kerberos at mit.edu>
Sent: Wednesday, October 26, 2005 10:07 PM
Subject: Re: kadmin: Cannot contact any KDC for requested realm while initializing kadmin interface
Post by Kevin Coffman
I would suspect a simple error in the configuration of your local
realm in /etc/krb5.conf, or a DNS issue.
Can you post your /etc/krb5.conf ?
Post by yi zeng
Hi, there,
I set up a MIT Kerberos 5 master kdc on a pc in a private domain. I have
/etc/hosts mapping hostname of the pc to its ip address and /etc/krb5.conf
pointing kdc to the host name, which i believe correctly set.
The problem is that, I can do kadmin.local but I just couldn't do kadmin.
kadmin: Cannot contact any KDC for requested realm while initializing kadmin
interface
kinit(v5): Cannot contact any KDC for requested realm while getting initial
credentials
but kinit works if I supply a principal from another realm (that realm and
its kdc is also set in /krb5.conf).
I am confused that why kinit and kadmin just couldn't work in local realm?
Is this a feature or I missed any setting issues?
Thank you very much.
yizeng
________________________________________________
Kerberos mailing list Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
Jeremy Hunt
2005-11-09 22:35:58 UTC
Permalink
Including the following entry in the libdefaults section of krb5.conf
dns_lookup_kdc = false
will probably work.
and if you don't want dns for the realm either, then add the following
entry as well:
dns_lookup_realm = false

See /krb5/man/man5/krb5.conf.5 for details.
[safeTgram (optim1) receive status: NOT encrypted, NOT signed.]
When kinit is run, it will find KDC for TGT .
Cannot contact any KDC for requested means that it can not find the KDC,
probably the DNS can resolve the KDC host name.
Solution is also very simple, in your krb.conf, type your kdc's ip instead of the
KDC 's host name. hope this would help :)
----- Original Message -----
From: "Kevin Coffman" <kwc at citi.umich.edu>
To: "yi zeng" <bigwhite at gmail.com>
Cc: <kerberos at mit.edu>
Sent: Wednesday, October 26, 2005 10:07 PM
Subject: Re: kadmin: Cannot contact any KDC for requested realm while initializing kadmin interface
Post by Kevin Coffman
I would suspect a simple error in the configuration of your local
realm in /etc/krb5.conf, or a DNS issue.
Can you post your /etc/krb5.conf ?
Post by yi zeng
Hi, there,
I set up a MIT Kerberos 5 master kdc on a pc in a private domain. I have
/etc/hosts mapping hostname of the pc to its ip address and /etc/krb5.conf
pointing kdc to the host name, which i believe correctly set.
The problem is that, I can do kadmin.local but I just couldn't do kadmin.
kadmin: Cannot contact any KDC for requested realm while initializing kadmin
interface
kinit(v5): Cannot contact any KDC for requested realm while getting initial
credentials
but kinit works if I supply a principal from another realm (that realm and
its kdc is also set in /krb5.conf).
I am confused that why kinit and kadmin just couldn't work in local realm?
Is this a feature or I missed any setting issues?
Thank you very much.
yizeng
________________________________________________
Kerberos mailing list Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
bigwhite
2005-10-26 16:55:07 UTC
Permalink
Thank you, Kevin.

After I did a few google search, i got the solution.
Loopback address is not able to do kdc resolution, a mapping from
*REAL* ip address to the full qualified hostname is required to get
kadmin and kinit work. Please see below:

======================old /etc/hosts ===========================
127.0.0.1 mykdc.krb.com localhost.localdomain localhost mykdc

======================new /etc/hosts ===========================
10.195.3.99 mykdc.krb.com
127.0.0.1 localhost.localdomain localhost mykdc

Thanks,

yizeng
Post by Kevin Coffman
I would suspect a simple error in the configuration of your local
realm in /etc/krb5.conf, or a DNS issue.
Can you post your /etc/krb5.conf ?
Post by yi zeng
Hi, there,
I set up a MIT Kerberos 5 master kdc on a pc in a private domain. I have
/etc/hosts mapping hostname of the pc to its ip address and /etc/krb5.conf
pointing kdc to the host name, which i believe correctly set.
The problem is that, I can do kadmin.local but I just couldn't do kadmin.
kadmin: Cannot contact any KDC for requested realm while initializing kadmin
interface
kinit(v5): Cannot contact any KDC for requested realm while getting initial
credentials
but kinit works if I supply a principal from another realm (that realm and
its kdc is also set in /krb5.conf).
I am confused that why kinit and kadmin just couldn't work in local realm?
Is this a feature or I missed any setting issues?
Thank you very much.
yizeng
________________________________________________
Kerberos mailing list Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
Loading...