Ken Thanks for pointing out my stupidly DNS was the problem.
The file /etc/nsswitch.conf had NIS then DNS So doing a gethostbyaddr returned the short name which was in NIS but not the FQDN from DNS So change /etc/nsswitch.conf file to have DNS first. kprop -d -f slavedump hutch.uk.ad.ep.corp.local 8515 bytes sent. Database propagation to hutch.uk.ad.ep.corp.local: SUCCEEDED Matt Ken Raeburn <[email protected]> wrote on 19/03/2009 19:52:23: > On Mar 19, 2009, at 12:45, [email protected] wrote: > > DNS both forward and reverse work fine for the Slave KDC > > By "work fine", do you mean that when you look up > hutch.uk.ad.ep.corp.local you get an address (or more than one), and > when you look up that address, you get back the name > hutch.uk.ad.ep.corp.local? Or do you just mean you get a name back? > In the default configuration of the MIT code, the name you get back > from looking up the address is generally the name that'll be used in > constructing a principal name. > > Does your config file or DNS data indicate that > hutch.uk.ad.ep.corp.local is in UK.AD.EP.CORP.LOCAL? > > Check the log file on the KDC. It should indicate some kprop/* > principal being looked up if the host name is coming out wrong, or > possibly some krbtgt/* principal if it's coming up with the wrong > realm name. > > Ken Registered in England and Wales No.811900 Registered Office 33 Cavendish Square, London W1G 0PW This e-mail and any attachments are intended only for the person or entity to whom it is addressed and may contain confidential or privileged information. If you are not the addressee, any disclosure, reproduction, copying, distribution, or use of this communication is strictly prohibited. If you are not the intended recipient or person responsible for delivering this message to the named addressee, please notify us immediately and delete this e-mail. It is the responsibility of the addressee to scan this email and any attachments for computer viruses or other defects. The sender does not accept liability for any loss or damage of any nature, however caused, which may result directly or indirectly from this email or any file attached. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
