I don't think your image attachments made it through the mailing list
server.
Single-component KDC hostnames should not cause a problem as long as the
client can resolve them. If you are using an MIT krb5 client, the best
way to get more insight is to use "env KRB5_TRACE=filename kinit ..."
and look at the file for messages like:
Resolving hostname equal-rites.mit.edu
Sending initial UDP request to dgram 127.0.1.1:61000
On 01/17/2015 01:06 AM, Zaid Arafeh wrote:
> Hello,
> I'd like your help please
> BackgroundI stood up a test Kerberos KDC with hostname kdc, I can get tickets
> locally on the kdc itself and I can run kadmin successfully. firewall is
> disabled on KDCI stood up a host named CLI, I sync'ed the krb5.conf from the
> KDC. I added the IP address for kdc in the /etc/hosts file and
> /etc/resolv.conf and I am able to ping the KDC
> ProblemWhen I run kinit or kadmin on the client, I get the following error
> "Cannot contact any KDC for real 'TR.LAB' while getting initial credentials"I
> tried this from multiple hosts that have krb5.conf sync'ed same problem
> here are snaptshots of my config (question follows)
>
>
>
>
> Could the fact that Im running single label hosts (not FQDN) be the
> cause?What could be the problem if Im able to reach the KDC by all other
> means (SCP, Ping etc)
>
>
>
>
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
