Hi,
being a newbie to kerberos I am trying to setup heimdal-kdc 7.1.0 on a
Debian 9.8 VM. Heimdal because we need Kerberos to be compliant with
Samba 4 acting as an ADDC. So here's what I did:
/apt-get install heimdal-kdc. /It's up and running: ps ax =>
/usr/lib/heimdal-servers/kdc --config-file=/etc/heimdal-kdc/kdc.conf/
//systemctl stop heimdal-kdc//
//
///etc/heimdal-kdc/kdc-conf//
//[libdefaults]//
// default_realm = MYDOMAIN.DE//
//[domain_realm]//
// .MYDOMAIN.DE = MYDOMAIN.DE//
//[logging]//
//kdc = FILE:/var/log/heimdal-kdc.log//
//[kdc]//
//database = {//
// dbname = /var/lib/heimdal-kdc/heimdal//
// kdc = KDC.MYDOMAIN.DE:88//
// realm = MYDOMAIN.DE//
// mkey_file = /var/lib/heimdal-kdc/m-key//
// acl_file = /etc/heimdal-kdc/kadmind.acl//
// log_file = /var/lib/heimdal-kdc/log//
//}//
//
//systemctl start heimdal-kdc//
/
/kadmin -l/ is working, /list */ is giving me this:
admin
default
kadmin/admin
kadmin/hprop
kadmin/changepw
krbtgt/MYDOMAIN.DE
changepw/kerberos
WELLKNOWN/ANONYMOUS
WELLKNOWN/org.h5l.fast-cookie@WELLKNOWN:ORG.H5L
But /kadmin/ (not-local) is not: kadm5_init_with_password: No KDC found
for realm MYDOMAIN.DE.
I thought it might be DNS-related, so I made sure nsswitch.conf fits the
bill, added the server's name to /etc/hosts. I even set up bind9 on that
very machine:
KDC.MYDOMAIN.DE. 43200 IN A 192.168.27.3
Also made sure Kerberos is listening on port 88. I even tried localhost
and IP address instead of KDC.MYDOMAIN.DE in kdc.conf - didn't help either.
I've been trying now for 2 days, it's driving me nuts. Would anybody
please enlighten me what kind of mistake I make?
Thank you
Lothar Schilling
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
