Hi all,
Thanks for your responses! I was finally able to set up the slave KDC!! :-) Here's what happened: My master KDC is named "mlau" (machine's hostname), and my slave KDC is named "LynxOS" (machine's hostname). When I tried to propagate the database to the slave KDC, I got this error message in the krb5kdc.log file:
Jul 11 14:14:49 mlau krb5kdc[18](info): AS_REQ (1 etypes {1}) (Master KDC's IP)(88):
CLIENT_NOT_FOUND: host/mlau@REALMNAME for host/lynxos@REALMNAME, Client
not found in Kerberos database
I already have the principals host/mlau and host/LynxOS in the database, but I noticed that Kerberos is case-sensitive, so I changed the principal to host/lynxos. Then the propagation worked!
However, now, I want to change the kdc names to "kdcmaster" and "kdcslave." I added these names to the /etc/hosts file, updated krb5.conf file, and I wiped out the database to start all over again (removed principal* files, keytab files, log files, killed the krb5kdc and kadmind processes). I added the principals host/kdcmaster and host/kdcslave, but when I tried to propagate the database, I got the same error message above in the log files. Why is this? Is there something that I've forgotten to update? Why does it keep asking for the principals host/mlau and host/lynxos?
Furthermore, why doesn't the kadm5.acl file get propagated over to the slave KDC?
Again, thank you very much for your time and help.
Regards,
Monica
Do You Yahoo!?
New! SBC Yahoo! Dial - 1st Month Free & unlimited access
