[39119] in Kerberos
Re: Help with replication
daemon@ATHENA.MIT.EDU (Ken Hornstein via Kerberos)
Mon Jul 18 00:07:05 2022
Message-ID: <202207180403.26I43CgF030277@hedwig.cmf.nrl.navy.mil>
To: Bill MacAllister <bill@ca-zephyr.org>
In-Reply-To: <2096c771ad96df84cd2b8113011d7ea9@ca-zephyr.org>
MIME-Version: 1.0
Date: Mon, 18 Jul 2022 00:03:08 -0400
From: Ken Hornstein via Kerberos <kerberos@mit.edu>
Reply-To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
>Thanks Greg. I should have remembered that. It exposed the fact
>that the kiprop/ principal for the host was missing. I created the
>principal and added it to /etc/krb5.keytab. This moved the error, but
>I am still getting failures to replicate. Here is the debug log:
Did you, in fact, create that principal? I ask because the error you
are getting is:
>[27738] 1658108981.225629: Received error from KDC: -1765328377/Server not found in Kerberos database
Which suggests you did not (although it wasn't from the primary KDC, which
suggests that maybe whatever KDC you used didn't have it replicated yet).
The KDC logs should explain what went wrong.
As a side note: I ran into an issue on CentOS 7 where systemd would
start up kpropd before DNS resolution was working, so on reboot kpropd
wouldn't work because it couldn't canonicalize it's local hostname. My
solution was to write a special systemd service which would act as a
provider for nss-lookup.target (because nothing on CentOS 7 actually
provides that functionality). I'm not saying that's your issue, but
something worth noting.
--Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
