[14467] in Kerberos
Re: err w/ R-cmds -- Server not found in Kerberos database ???
daemon@ATHENA.MIT.EDU (Tony Silva)
Mon May 21 19:43:08 2001
Message-ID: <3B09A412.5ACF18E0@bose.com>
From: Tony Silva <silvat@bose.com>
Date: Mon, 21 May 2001 23:26:36 GMT
To: kerberos@MIT.EDU
forrest d whitcher wrote:
> from B I can r(sh|login) to C but NOT to A, error is
>
> Server not found in Kerberos database
>
> A's log shows:
>
> mozart krb5kdc[17586](info): TGS_REQ
> 63.101.67.4(88): UNKNOWN_SERVER: authtime 986391837,
> root@ATHENA.FWSYSTEMS.COM for host/mozart@ATHENA.FWSYSTEMS.COM, Server not
> found in Kerberos database
>
> Working on B I seem to be able to do all other tasks, kadmin and other
> tools all seem to work ok. I have combed the DNS and hosts files looking
> for any inconsistency, /etc/krb5.keytab match ....
I have been pulling my hair out for weeks on this same error message.
Thankfully, I finally found the source of the problem on my client
machine this evening. I knew I was picking up an unqualified
(domain-less) host name for all server machines to which I was trying
to connect using "telnet -x", "cvs -x", etc. Watching the log file on
my KDC machine (as you did) tipped me off about this a long time
ago. But it wasn't until today that it finally hit me that NIS
(possibly misconfigured) was to blame. Once I changed my Name Service
Switch configuration file to search DNS before NIS when asking for
host names, all was well:
#root@bumpcity> diff /etc/nsswitch.conf,0 /etc/nsswitch.conf
38c38
< hosts: files nisplus nis dns
---
> hosts: files dns nisplus nis
No rebooting or anything was necessary, so I could easily switch the
lookup ordering back and forth to see my Kerberos client apps succeed
and fail. FYI, I'm using Red Hat Linux release 7.0.
HTH,
-- Tony
Tony Silva (508)766-4121
Manager, Sound System Software Development (508)820-9522 fax
Bose Corporation, The Mountain, m/s 234 silvat@bose.com
Framingham, MA 01701-9168 USA tony_silva@alum.mit.edu
