Folks I am struggling a bit to set up a KDC Slave and was hoping some one might be able to point out my mistakes.
KDC Master = starsky.uk.ad.ep.corp.local KDC Slave = hutch.uk.ad.ep.corp.local On the KDC Master I have done the following kadmin addprinc -randkey host/starsky.uk.ad.ep.corp.local addprinc -randkey host/hutch.uk.ad.ep.corp.local ktadd host/hutch.uk.ad.ep.corp.local ktadd host/starsky.uk.ad.ep.corp.local Then copied via scp the file /etc/krb5.keytab to the KDC Slave hutch Created on both KDC Master and Slave /var/kerberos/krb5kdc/kpropd.acl host/[email protected] host/[email protected] Setup xinetd for krb5_prop etc etc The Dump on the KDC Master works fine. kdb5_util dump /var/kerberos/krb5kdc/slavedump However when I try and do the kprop I get the following kprop -f /var/kerberos/krb5kdc/slavedump hutch.uk.ad.ep.corp.local kprop: Server not found in Kerberos database while getting initial ticket DNS both forward and reverse work fine for the Slave KDC ktutil looks correct to me. ktutil: rkt /etc/krb5.keytab ktutil: l slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 3 host/[email protected] 2 3 host/[email protected] 3 3 host/[email protected] 4 3 host/[email protected] 5 6 host/[email protected] 6 6 host/[email protected] 7 6 host/[email protected] 8 6 host/[email protected] NTP is setup on both Master and Slave and is working fine. Clients can happily connect to the Master , I just can not get the dump to work. Thanks in advance. Matthew Matthew Garrett Senior IS Technical Analyst Tel: 01224 297889 Fax: 01224 296806 Email: [email protected] Total E&P UK, Crawpeel Road, Altens Industrial Estate, Aberdeen AB12 3FG Registered in England and Wales No.811900 Registered Office 33 Cavendish Square, London W1G 0PW This e-mail and any attachments are intended only for the person or entity to whom it is addressed and may contain confidential or privileged information. If you are not the addressee, any disclosure, reproduction, copying, distribution, or use of this communication is strictly prohibited. If you are not the intended recipient or person responsible for delivering this message to the named addressee, please notify us immediately and delete this e-mail. It is the responsibility of the addressee to scan this email and any attachments for computer viruses or other defects. The sender does not accept liability for any loss or damage of any nature, however caused, which may result directly or indirectly from this email or any file attached. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
