[kerberos-discuss] Kadmind fails to start in zone

Gunnarsson, Gunnar Tue, 13 Oct 2009 14:56:15 +0200

I've an isolated local DNS zone not connected to root servers on the internet. 
Could that be an issue here ?


-- GG

; <<>> DiG 9.3.6-P1 <<>> -t soa svkhansa.local.
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 592
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 4

;; QUESTION SECTION:
;svkhansa.local.                        IN      SOA

;; ANSWER SECTION:
svkhansa.local.         86400   IN      SOA     hansabck.svkhansa.local. 
unix.svkhansa.local. 2009100800 10800 3600 604800 600

;; AUTHORITY SECTION:
svkhansa.local.         86400   IN      NS      hansabck.svkhansa.local.
svkhansa.local.         86400   IN      NS      hansalog.svkhansa.local.

;; ADDITIONAL SECTION:
hansabck.svkhansa.local. 86400  IN      A       172.16.100.10
hansabck.svkhansa.local. 86400  IN      A       172.16.101.10
hansalog.svkhansa.local. 86400  IN      A       172.16.100.9
hansalog.svkhansa.local. 86400  IN      A       172.16.101.9

;; Query time: 2 msec
;; SERVER: 172.16.100.10#53(172.16.100.10)
;; WHEN: Tue Oct 13 13:41:23 2009
 
# hostname
hansakdc1

# cat /etc/hosts
#
# Internet host table
#
::1     localhost
127.0.0.1       localhost
172.16.100.204  hansakdc1.svkhansa.local hansakdc1 loghost

# nslookup hansakdc1
Server:         172.16.100.10
Address:        172.16.100.10#53

Name:   hansakdc1.svkhansa.local
Address: 172.16.100.204

# nslookup hansakdc1.svkhansa.local
Server:         172.16.100.10
Address:        172.16.100.10#53

Name:   hansakdc1.svkhansa.local
Address: 172.16.100.204


# nslookup 172.16.100.204
Server:         172.16.100.10
Address:        172.16.100.10#53

204.100.16.172.in-addr.arpa     name = hansakdc1.svkhansa.local.




-----Ursprungligt meddelande-----
Fr?n: Mark.Phalan at Sun.COM [mailto:Mark.Phalan at Sun.COM] 
Skickat: den 13 oktober 2009 11:48
Till: Gunnarsson, Gunnar
Kopia: kerberos-discuss at opensolaris.org
?mne: Re: SV: SV: [kerberos-discuss] Kadmind fails to start in zone

On 10/13/09 11:40 AM, Gunnarsson, Gunnar wrote:
> Okay Sorry about that, yes the keytab is popluated with:
> 
>  bash-3.00# klist -k /etc/krb5/kadm5.keytab Keytab name: 
> FILE:/etc/krb5/kadm5.keytab KVNO Principal
> ---- 
> --------------------------------------------------------------------------
>    3 kadmin/hansakdc1.svkhansa.local at SVKHANSA.LOCAL
>    3 kadmin/hansakdc1.svkhansa.local at SVKHANSA.LOCAL
>    3 kadmin/hansakdc1.svkhansa.local at SVKHANSA.LOCAL
>    3 kadmin/hansakdc1.svkhansa.local at SVKHANSA.LOCAL
>    3 kadmin/hansakdc1.svkhansa.local at SVKHANSA.LOCAL
>    3 changepw/hansakdc1.svkhansa.local at SVKHANSA.LOCAL
>    3 changepw/hansakdc1.svkhansa.local at SVKHANSA.LOCAL
>    3 changepw/hansakdc1.svkhansa.local at SVKHANSA.LOCAL
>    3 changepw/hansakdc1.svkhansa.local at SVKHANSA.LOCAL
>    3 changepw/hansakdc1.svkhansa.local at SVKHANSA.LOCAL
>    3 kadmin/changepw at SVKHANSA.LOCAL
>    3 kadmin/changepw at SVKHANSA.LOCAL
>    3 kadmin/changepw at SVKHANSA.LOCAL
>    3 kadmin/changepw at SVKHANSA.LOCAL
>    3 kadmin/changepw at SVKHANSA.LOCAL
> 
> 

Sounds like it may be related to how your DNS is configured. Can you describe a 
little more how you've configured DNS? If you use nslookup to look up 
hansakdc1.svkhansa.local do you get the correct IP? Does a reverse lookup of 
the IP address give you hansakdc1.svkhansa.local? What is the contents of 
/etc/hosts? What does hostname return?

-M

[kerberos-discuss] Kadmind fails to start in zone

Reply via email to