Jason Stelzer on 23 Mar 2010 11:58:40 -0700 |
can you ping dim-win2300.dacrib.local ? It looks like you're having a resolver problem with the name of the kdc, so no tickets for you. Double check that your dns is returning what you expect it to for the hosts. Once you get dns working correctly again, make sure you can ping the kdc and try again. If you can ping it, try adding a -V and see if that sheds any more light on things? On Tue, Mar 23, 2010 at 2:11 PM, Mike Leone <turgon@mike-leone.com> wrote: > I know that I used to have this working, and then I went and started > playing, and seem to have screwed something up royally. > > Here's what I have - A Windows 2003 domain named "dacrib.local". The DC > in that domain is called "dim-win2300" (IP 10.0.0.60). I have an Ubuntu > 9.04 server. Previously, I had added it to the AD domain. But I'm > getting errors now. > > root@workhorse:/etc# /etc/init.d/krb5-kdc restart > * Restarting Kerberos KDC krb5kdc > > krb5kdc: cannot initialize realm DACRIB.LOCAL - see log > file for details > > > [fail] > > root@workhorse:/etc# tail -f /var/log/messages > Mar 23 13:46:39 workhorse krb5kdc[4869]: No such file or directory - > while initializing database for realm DACRIB.LOCAL > > > root@workhorse:/etc# kinit administrator@DACRIB.LOCAL > kinit(v5): Cannot resolve network address for KDC in realm DACRIB.LOCAL > while getting initial credentials > > > I am following > <http://wiki.samba.org/index.php/Samba_&_Active_Directory> this page as > examples. This is the first step, before even configuring Samba. And I'm > failing here, altho I can't see why. > > Here's my krb5.conf. Can somebody slap me upside the head, and tell me > where I went wrong? > > ------------------------------------------- > root@workhorse:/etc# more krb5.conf > [logging] > default = FILE:/var/log/krb5libs.log > kdc = FILE:/var/log/krb5kdc.log > admin_server = FILE:/var/log/kadmind.log > > [libdefaults] > default_realm = DACRIB.LOCAL > dns_lookup_realm = false > dns_lookup_kdc = false > ticket_lifetime = 24h > forwardable = yes > > [realms] > DACRIB.LOCAL = { > kdc = dim-win2300.dacrib.local > admin_server = dim-win2300.dacrib.local > default_domain = dacrib.local > } > > [domain_realm] > .kerberos.server = DACRIB.LOCAL > .dacrib.local = DACRIB.LOCAL > > [kdc] > profile = /etc/krb5kdc/kdc.conf > > [appdefaults] > pam = { > debug = false > ticket_lifetime = 36000 > renew_lifetime = 36000 > forwardable = true > krb4_convert = false > } > > ------------------------------------- > > The krb5kdc.conf: > > root@workhorse:/etc/krb5kdc# more kdc.conf > [kdcdefaults] > kdc_ports = 750,88 > > [realms] > DACRIB.LOCAL = { > database_name = /var/lib/krb5kdc/principal > admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab > acl_file = /etc/krb5kdc/kadm5.acl > key_stash_file = /etc/krb5kdc/stash > kdc_ports = 750,88 > max_life = 10h 0m 0s > max_renewable_life = 7d 0h 0m 0s > master_key_type = des3-hmac-sha1 > supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal > des:normal des:v4 des:norealm des:onlyrealm des:afs3 > default_principal_flags = +preauth > } > ------------------------------------- > The AD is functioning fine, as my Windows clients have no problems > finding it, and logging in. So my problem must be my config here. But I > don't see where. > > Anyone? > ___________________________________________________________________________ > Philadelphia Linux Users Group -- http://www.phillylinux.org > Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce > General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug > -- J. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|