Kerberos Can't Find Users

Wed, 21 Apr 2010 13:33:43 -0700 

I'm setting up an embedded ADS server, and I'm trying to get a KDC running
as well, but for some reason the KDC can't find any users. I'm creating a
partition in dc=wileynet,dc=org and
adding uid=administrator,ou=Administrators,dc=wileynet,dc=org with the
objectClasses account, posixAccount, andkrb5Principal. The entry winds up
looking like this:
ServerEntry
    dn[n]: uid=administrator,ou=Administrators,dc=wileynet,dc=org
    objectClass: krb5Principal
    objectClass: posixAccount
    objectClass: account
    objectClass: top
    uid: administrator
    krb5PrincipalName: [email protected]
    userPassword: (null)
    uidNumber: 1000
    cn: administrator
    gidNumber: 1000
    homeDirectory:

I have also created a KdcServer with this code, where defaultSuffix is
wileynet.org and getDN simply converts wileynet.org to dc=wileynet,dc=org
KdcServer kdcServer = new KdcServer();
kdcServer.setDirectoryService(service);
String temp = "krbtgt/" + defaultSuffix.toUpperCase() + "@"
+ defaultSuffix.toUpperCase();
System.out.println(temp);
kdcServer.setKdcPrincipal(temp);
temp = defaultSuffix.toUpperCase();
System.out.println(temp);
kdcServer.setPrimaryRealm(temp);
temp = getDN(defaultSuffix);
System.out.println(temp);
kdcServer.setSearchBaseDn(getDN(defaultSuffix));
kdcServer.setMaximumTicketLifetime(1000);
kdcServer.setMaximumRenewableLifetime(2000);
Transport kt = new UdpTransport(1088);
kdcServer.addTransports(kt);
kdcServer.setEncryptionTypes(EncryptionType.values());
 try {
kdcServer.start();
} catch (Exception e) {
log.error("Failed to start Kerberos Server", e);
}
I've got all the printlns in there to prove that these values are being fed
in:
KdcPrincipal: krbtgt/[email protected]
PrimaryRealm: WILEYNET.ORG
SearchBaseDN: dc=wileynet,dc=org
I then go to a console (I'm running Ubuntu), and try to run kinit
[email protected] and see this on the command line:
kinit: Client not found in Kerberos database while getting initial
credentials
and this in the ADS log:
160564 [NioDatagramAcceptor-3] WARN
org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler  -
Client not found in Kerberos database (6)

Am I missing something here?

Thanks,
Andrew Wiley

Reply via email to