Samvel Baghdasaryan | 16 Sep 23:49 2011
Picon
Picon

kinit: Client not found in Kerberos database while getting initial credentials

Dear Heimdal Experts

Could You please help me with the following question.

I have installed heimdal 1.5 release on one of our servers ( to understand how one time password works ).

Everything works perfect instead of one. 

When I am trying to do "kinit"  it looks for the given user in our central database (instead of looking it up in
his own DB) 
and shows the following error " kinit: Client not found in Kerberos database while getting initial
credentials ".

How can I correct this, to let it search in it's own database?
The realms from the central server and from the server on which I am testing/working on are different.

Thanks a lot
Samuel

P.S When Heimdal 1.5 is installed, how can I make one time password work.
Guillaume Rousse | 17 Sep 12:21 2011
Picon

Re: kinit: Client not found in Kerberos database while getting initial credentials

Le 16/09/2011 23:49, Samvel Baghdasaryan a écrit :
> When I am trying to do "kinit"  it looks for the given user in our central database (instead of looking it up in
his own DB)
> and shows the following error " kinit: Client not found in Kerberos database while getting initial
credentials ".
>
> How can I correct this, to let it search in it's own database?
> The realms from the central server and from the server on which I am testing/working on are different.
If your client is asking the wrong server, it is probably misconfigured. 
Check your kerberos configuration file settings, and eventually disable 
DNS realm and KDC lookup (though they're supposed to have a lower 
precedence than local configuration settings).
--

-- 
BOFH excuse #89:

Electromagnetic energy loss

Samvel Baghdasaryan | 18 Sep 11:55 2011
Picon
Picon

Re: kinit: Client not found in Kerberos database while getting initial credentials

Dear Guillaume

After disabling DNS lookups (I simply removed /etc/resolv.conf ) it started to look in his own database at least when I put my user name from central database it doesn't recognize it.
But when I put a username from the server on which I am testing it the heimdal gives the following error  "Configuration file does not specify default realm when parsing name sam/admin". Am I headed in the right direction? :)

This is my krb5.conf.

                        


        [libdefaults]
             default_realm = SAM.SAM

        [realms]
             SAM.SAM = {
                     kdc = "ip adress from server"
                     admin_server = "ip adress from server"
             }

        [domain_realm]
             .sam.sam = SAM.SAM

Thanks
Sam
On Sep 17, 2011, at 12:21 PM, Guillaume Rousse wrote:

Le 16/09/2011 23:49, Samvel Baghdasaryan a écrit :
When I am trying to do "kinit"  it looks for the given user in our central database (instead of looking it up in his own DB)
and shows the following error " kinit: Client not found in Kerberos database while getting initial credentials ".

How can I correct this, to let it search in it's own database?
The realms from the central server and from the server on which I am testing/working on are different.
If your client is asking the wrong server, it is probably misconfigured. Check your kerberos configuration file settings, and eventually disable DNS realm and KDC lookup (though they're supposed to have a lower precedence than local configuration settings).
--
BOFH excuse #89:

Electromagnetic energy loss

Samvel Baghdasaryan | 18 Sep 16:50 2011
Picon
Picon

Re: kinit: Client not found in Kerberos database while getting initial credentials

Dear Guillaume

I have put /etc/resolv.conf back and replaced the configuration to the newer one
---------------------------------------------------------------------------------------------------------------------------
search sam.sam
nameserver " IP ADDRESS FROM SERVER"
nameserver " IP ADDRESS FROM SERVER"
______________________________________________________________________

and disabled DNS realm and KDC lookup from krb5.conf.

---------------------------------------------------------------------------------------------------------------------------
       [libdefaults]
                dns_lookup_kdc   = false
                dns_lookup_realm = false
                default_realm = SAM.SAM

        [realms]
             SAM.SAM = {
                     kdc = ip address from server
                     admin_server = ip address from server
             }
        [domain_realm]
             .sam.sam = SAM.SAM
             sam.sam = SAM.SAM
______________________________________________________________________

But it still gives this error "kinit: Configuration file does not specify default realm when parsing name sam/admin"

kadmin> list *
default
sam/admin
root/admin
kadmin/admin
kadmin/hprop
krbtgt/SAM.SAM
kadmin/changepw
changepw/kerberos
WELLKNOWN/ANONYMOUS
kadmin> 

What else can I try to do.

THANKS A LOT
SAM

On Sep 17, 2011, at 12:21 PM, Guillaume Rousse wrote:

> Le 16/09/2011 23:49, Samvel Baghdasaryan a écrit :
>> When I am trying to do "kinit"  it looks for the given user in our central database (instead of looking it up
in his own DB)
>> and shows the following error " kinit: Client not found in Kerberos database while getting initial
credentials ".
>> 
>> How can I correct this, to let it search in it's own database?
>> The realms from the central server and from the server on which I am testing/working on are different.
> If your client is asking the wrong server, it is probably misconfigured. Check your kerberos
configuration file settings, and eventually disable DNS realm and KDC lookup (though they're supposed
to have a lower precedence than local configuration settings).
> -- 
> BOFH excuse #89:
> 
> Electromagnetic energy loss


Gmane