On Tue, 2009-11-24 at 05:20 -0500, "kai plückhahn" wrote: > kadmin.local: Server error while initializing kadmin.local interface
Unfortunately, as noted in previous threads (http://mailman.mit.edu/pipermail/kerberos/2009-August/015187.html) the KDC LDAP code is generating a much more informative error message, but it isn't printed due to a problem with contexts. That problem is fixed for 1.8, but that doesn't help you right now. One workaround is to make a debugging build of the krb5 sources and step through the process with a debugger. This is painful and laborious, though. Another option is to run kadmin.local under a system call tracing tool like strace (Linux) or truss (Solaris) to see what system interactions kadmin.local made shortly before printing the error message, but that doesn't always yield helpful information. The most common problem I've seen with using the KDC LDAP back end is in setting up the stash file containing the LDAP passwords for the DNs used by the KDC and kadmind. This filename is specified with the variable ldap_service_password_file inside the database settings. If you created it correctly, it should look like: cn=admin,dc=directorate,dc=org#{HEX}abcde12345 where the DNs on the left should match the DNs specified in the ldap_kdc_dn and ldap_kadmind_dn variables. You say that the file is there with both passwords, but you might want to double check. There is a different file which holds the KDB master password. This filename is specified with the variable key_stash_file inside the realm settings, and should point to a different filename. It should contain binary data. Make sure this is separate from your LDAP password stash. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
