Discussion:
kinit: Client not found in Kerberos database while getting initial credentials
Samvel Baghdasaryan
2011-09-16 21:49:59 UTC
Permalink
Dear Heimdal Experts

Could You please help me with the following question.

I have installed heimdal 1.5 release on one of our servers ( to understand how one time password works ).

Everything works perfect instead of one.

When I am trying to do "kinit" it looks for the given user in our central database (instead of looking it up in his own DB)
and shows the following error " kinit: Client not found in Kerberos database while getting initial credentials ".

How can I correct this, to let it search in it's own database?
The realms from the central server and from the server on which I am testing/working on are different.



Thanks a lot
Samuel

P.S When Heimdal 1.5 is installed, how can I make one time password work.
Guillaume Rousse
2011-09-17 10:21:11 UTC
Permalink
Post by Samvel Baghdasaryan
When I am trying to do "kinit" it looks for the given user in our central database (instead of looking it up in his own DB)
and shows the following error " kinit: Client not found in Kerberos database while getting initial credentials ".
How can I correct this, to let it search in it's own database?
The realms from the central server and from the server on which I am testing/working on are different.
If your client is asking the wrong server, it is probably misconfigured.
Check your kerberos configuration file settings, and eventually disable
DNS realm and KDC lookup (though they're supposed to have a lower
precedence than local configuration settings).
--
BOFH excuse #89:

Electromagnetic energy loss
Samvel Baghdasaryan
2011-09-18 09:55:43 UTC
Permalink
Dear Guillaume

After disabling DNS lookups (I simply removed /etc/resolv.conf ) it started to look in his own database at least when I put my user name from central database it doesn't recognize it.
But when I put a username from the server on which I am testing it the heimdal gives the following error "Configuration file does not specify default realm when parsing name sam/admin". Am I headed in the right direction? :)

This is my krb5.conf.


[libdefaults]
default_realm = SAM.SAM

[realms]
SAM.SAM = {
kdc = "ip adress from server"
admin_server = "ip adress from server"
}

[domain_realm]
.sam.sam = SAM.SAM

Thanks
Sam
Post by Samvel Baghdasaryan
When I am trying to do "kinit" it looks for the given user in our central database (instead of looking it up in his own DB)
and shows the following error " kinit: Client not found in Kerberos database while getting initial credentials ".
How can I correct this, to let it search in it's own database?
The realms from the central server and from the server on which I am testing/working on are different.
If your client is asking the wrong server, it is probably misconfigured. Check your kerberos configuration file settings, and eventually disable DNS realm and KDC lookup (though they're supposed to have a lower precedence than local configuration settings).
--
Electromagnetic energy loss
Samvel Baghdasaryan
2011-09-18 14:50:55 UTC
Permalink
Dear Guillaume

I have put /etc/resolv.conf back and replaced the configuration to the newer one
---------------------------------------------------------------------------------------------------------------------------
search sam.sam
nameserver " IP ADDRESS FROM SERVER"
nameserver " IP ADDRESS FROM SERVER"
______________________________________________________________________


and disabled DNS realm and KDC lookup from krb5.conf.

---------------------------------------------------------------------------------------------------------------------------
[libdefaults]
dns_lookup_kdc = false
dns_lookup_realm = false
default_realm = SAM.SAM

[realms]
SAM.SAM = {
kdc = ip address from server
admin_server = ip address from server
}
[domain_realm]
.sam.sam = SAM.SAM
sam.sam = SAM.SAM
______________________________________________________________________

But it still gives this error "kinit: Configuration file does not specify default realm when parsing name sam/admin"

kadmin> list *
default
sam/admin
root/admin
kadmin/admin
kadmin/hprop
krbtgt/SAM.SAM
kadmin/changepw
changepw/kerberos
WELLKNOWN/ANONYMOUS
kadmin>



What else can I try to do.

THANKS A LOT
SAM
Post by Samvel Baghdasaryan
When I am trying to do "kinit" it looks for the given user in our central database (instead of looking it up in his own DB)
and shows the following error " kinit: Client not found in Kerberos database while getting initial credentials ".
How can I correct this, to let it search in it's own database?
The realms from the central server and from the server on which I am testing/working on are different.
If your client is asking the wrong server, it is probably misconfigured. Check your kerberos configuration file settings, and eventually disable DNS realm and KDC lookup (though they're supposed to have a lower precedence than local configuration settings).
--
Electromagnetic energy loss
Loading...