[27162] in Kerberos
Re: kadmin problem
daemon@ATHENA.MIT.EDU (Edward Murrell)
Wed Jan 3 17:39:24 2007
Message-ID: <459C307C.90403@dlconsulting.com>
Date: Thu, 04 Jan 2007 11:38:52 +1300
From: Edward Murrell <edward@dlconsulting.com>
MIME-Version: 1.0
To: kerberos@mit.edu
In-Reply-To: <254749.46375.qm@web55303.mail.re4.yahoo.com>
X-SA-Exim-Mail-From: edward@dlconsulting.com
Reply-To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi Soctty,
Unfortunately, I've been on Holiday for over the Christmas break, so I
didn't check my email.
It looks like the problem is that you're defining a realm for each
computer rather than for your network.
So, if your domain is called example.com, and your computers are called
gaza and horse, you should have one realm called EXAMPLE.COM, and then
create two principle entries for gaza and horse, and another for your
user. eg;
host/horse.example.com@EXAMPLE.COM
host/gaza.example.com@EXAMPLE.COM
scotty@EXAMPLE.COM
I'm afraid can't help you with the exact details of your setup, since I
have not used Solaris or Win2K3 with Kerberos. I am led to believe that
they are mostly compatible for the purposes of passwords though.
Regards
Edward
P.S. I would heartily recommend replying to the list next time.
scotty adams wrote:
> Hi Edward,
>
> Can you please elaborate more on this issue, i urgently need your help.
> As mentioned i have 2 machines. A windows 2003 and a solaris 9 machine.
> If you can guide me to set kerberos and make it operate in a short
> time i will be really thankful.
> Please advise me what should i do on both machines.
> Please provide me with the set of command to accomplish that.
>
> Thanks,
> Scotty
>
> */Edward Murrell <edward@dlconsulting.com>/* wrote:
>
> Hi Scotty,
>
> The problem sounds like the Kerberos realms are different on each
> machine, rather than the hosts name.
>
> What is the default realm for the kdc and the client machine? Also, if
> you do a klist before running kadmin, what realm does it list?
>
> Regards
> Edward Murrell
> edward@dlconsulting.com
>
>
> scotty adams wrote:
> > hi everyone,
> >
> > i am trying to configure kerberos 5 on a solaris 9 machine
> > i am getting this error:
> > kadmin: Client/server realm mismatch in initial ticket request
> while initializing kadmin interface
> > can anyone help me fix this problem, the server and client have
> their corresponding hostnames in their hosts file
> >
> > thanks,
> > Scotty
> Hi Edward,
>
> This is my klist output
>
> --------------------------------
> #klist
> Ticket cache: /tmp/krb5cc_0
> Default principal: amadmin@SCOTTY.COMPUTER1.COM
>
> Valid starting
> Expires Service principal
> Sun 24 Dec 2006 11:17:49 AM EET Sun 24 Dec 2006 07:17:49 PM EET
> krbtgt/SCOTTY.COMPUTER1.COM@SCOTTY.COMPUTER1.COM
> renew until Sun 31 Dec 2006 11:17:49 AM EET
> -----------------------------------------------
>
> can you please advise me how to continue?
>
> Thanks,
> Scotty
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
