[28730] in Kerberos
RE: Server not found in Kerberos database error on ldapsearch
daemon@ATHENA.MIT.EDU (Zharovsky Evgeniy)
Wed Nov 14 07:07:41 2007
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Date: Wed, 14 Nov 2007 13:07:15 +0100
Message-ID: <1B6C0C71A8E4C947A73CE5F8A562C0DA075E917C@mail2.zuv.uni-muenchen.de>
From: "Zharovsky Evgeniy" <Evgeniy.Zharovsky@Verwaltung.Uni-Muenchen.DE>
To: "Douglas E. Engert" <deengert@anl.gov>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
> You should not need these.
Ok.
> Some things to try:
>
> Wireshare or other trace program to see DNS and Kerberos requests.
> This should show name of the "Server not found in Kerberos database"
I captured the request dialog with wireshark and got this (the things I think
are important):
MSG Type: KRB-ERROR
Error_code: KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
Realm: EXAMPLE.COM
Server Name (Unknown): krbtgt/COM
Name-type: Unknown (0)
Name: krbtgt
Name: COM
I guess that indicates an error in my krbtgt setup. But where should I search
for it and what does the right setup look like?
> On the unix side, do you have a /etc/krb5.conf or /etc/krb5.conf?
> Is the default realm (in uppercase) the same as the AD domain name?
> if not, you may need a krb5.conf, or the -R option on ldapsearch.
Yes, I do have a krb5.conf on the unix side. Here it is:
[libdefaults]
default_realm=EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = false
# default_tkt_enctypes = des-cbc-md5 des-cbc-crc
# default_tgs_enctypes = des-cbc-md5 des-cbc-crc
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
# v4_instance_resolve = false
# v4_name_convert = {
[realms]
EXAMPLE.COM = {
kdc = 192.168.10.4:88
admin_server = 192.168.10.4:749
}
[domain_realm]
.example.com = EXAMPLE.COM
As you can see, it is a setup for some tests...
-----------------
Evgeniy Zharovsky
Ludwig-Maximilians-Universitaet
Ref. IIIA5 (Sicherheitstechnik und Verzeichnisdienste)
Martiusstr. 4 / 207
80539 Muenchen
email mailto:evgeniy.zharovsky@verwaltung.uni-muenchen.de
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
