Celia Clark wrote: > [safeTgram (optim1) receive status: NOT encrypted, NOT signed.] > > > Hi, > > I am having problems with using kinit, with keytab and username/password. > > When issuing the kinit command I get the following error: > kinit: Cannot contact any KDC for requested realm while getting initial > credentials > There is a firewall between the webservers where I issue the command from > and the domain controller. > The webservers are able to connect to the domain controller on port 88 over > UDP. > > The webservers are able to resolve themselves and the domain controller, > both forward and reverse lookup. > > Do any of you guys out there have an idea of what is going wrong? > > Many thanks, > > Celia > > You do not say if this is a new or updated webserver, or one that has just stopped working. I assume the former.
Do the webservers work without the firewall? Can you test this by moving the webserver the other side of the firewall (where it is not exposed to the outside world)? If so, when it is back in place do you have access to the logs of dropped packet? Generally a firewall administrator can monitor dropped packets while you do a kinit command. If not, it is probably a configuration file issue. I suggest you check that your default realm is defined in the libdefaults section of your krb5.conf and that there is a matching realm section with a kdc defined, or that the kdc name as it appears in the krb5.conf is resolvable from your DNS on the webserver. Otherwise, if you have a previously working webserver, check that all it's configuration files match those of this new one. I hope that helps, Jeremy ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
