Fwd: Installing heimdal-kdc

[Lothar Schilling]

Thanks, will try tomorrow!

Am 06.03.2019 um 14:47 schrieb Jeffrey Hutzelman:
>
> You need to tell the Kerberos library where to find your kdc. You have
> basically two options:
>
>
> 1) Add the following to /etc/krb5.conf on every client:
>
>
> [realms]
>
> MYDOMAIN.DE = {
>
>   kdc = kdc.mydomain.de:88
>
> }
>
>
>
> 2) Publish SRV records in DNS:
>
>
> _kerberos._udp.mydomain.de IN SRV kdc.mydomain.de 88 1 1
>
> _kerberos._tcp.mydomain.de IN SRV kdc.mydomain.de 88 1 1
>
>
>
> I strongly recommend the SRV approach, particularly if you have a lot
> of clients, or expect any that you don't directly control.
>
>
> ------------------------------------------------------------------------
> *From:* Lothar Schilling <l...@proasyl.de>
> *Sent:* Wednesday, March 6, 2019 08:30
> *To:* kerberos@mit.edu
> *Subject:* Installing heimdal-kdc
>
> Hi,
>
> being a newbie to kerberos I am trying to setup heimdal-kdc 7.1.0 on a
> Debian 9.8 VM. Heimdal because we need Kerberos to be compliant with
> Samba 4 acting as an ADDC. So here's what I did:
>
> /apt-get install heimdal-kdc. /It's up and running: ps ax => 
> /usr/lib/heimdal-servers/kdc --config-file=/etc/heimdal-kdc/kdc.conf/
> //systemctl stop heimdal-kdc//
> //
> ///etc/heimdal-kdc/kdc-conf//
> //[libdefaults]//
> //        default_realm = MYDOMAIN.DE//
> //[domain_realm]//
> //        .MYDOMAIN.DE = MYDOMAIN.DE//
> //[logging]//
> //kdc = FILE:/var/log/heimdal-kdc.log//
> //[kdc]//
> //database = {//
> //  dbname = /var/lib/heimdal-kdc/heimdal//
> //  kdc = KDC.MYDOMAIN.DE:88//
> //  realm = MYDOMAIN.DE//
> //  mkey_file = /var/lib/heimdal-kdc/m-key//
> //  acl_file = /etc/heimdal-kdc/kadmind.acl//
> //  log_file = /var/lib/heimdal-kdc/log//
> //}//
> //
> //systemctl start heimdal-kdc//
> /
> /kadmin -l/ is working, /list */ is giving me this:
> admin
> default
> kadmin/admin
> kadmin/hprop
> kadmin/changepw
> krbtgt/MYDOMAIN.DE
> changepw/kerberos
> WELLKNOWN/ANONYMOUS
> WELLKNOWN/org.h5l.fast-cookie@WELLKNOWN:ORG.H5L
>
> But /kadmin/ (not-local) is not: kadm5_init_with_password: No KDC found
> for realm MYDOMAIN.DE.
>
> I thought it might be DNS-related, so I made sure nsswitch.conf fits the
> bill, added the server's name to /etc/hosts. I even set up bind9 on that
> very machine:
> KDC.MYDOMAIN.DE.     43200   IN      A       192.168.27.3
> Also made sure Kerberos is listening on port 88. I even tried localhost
> and IP address instead of KDC.MYDOMAIN.DE in kdc.conf - didn't help
> either.
>
> I've been trying now for 2 days, it's driving me nuts. Would anybody
> please enlighten me what kind of mistake I make?
>
> Thank you
>
> Lothar Schilling
> ________________________________________________
> Kerberos mailing list           Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos