kerberos >> Client not found in Kerberos database

by joakley » Wed, 14 Jan 2004 12:48:52 GMT

I get this from typing 'kadmin' on the commandline of the KDC server itself.
I have my own account on there which I can log into from gkadmin.


Client not found in Kerberos database while initializing kadmin interface



Regards,

Jason.

--------------------------
Jason Oakley +612 82821434
Open and Intel Systems
Systems Administrator
http://www.eds.com

Add a dab of lavender to milk
Leave town with an orange
and pretend you are laughing at it


________________________________________________
Kerberos mailing list XXXX@XXXXX.COM
https://mailman.mit.edu/mailman/listinfo/kerberos


kerberos >> Client not found in Kerberos database

by matthijs » Wed, 14 Jan 2004 18:33:32 GMT


What did you try ?

I think this is a RTFM question.




--
This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.

________________________________________________
Kerberos mailing list XXXX@XXXXX.COM
https://mailman.mit.edu/mailman/listinfo/kerberos

kerberos >> Client not found in Kerberos database

by joakley » Thu, 15 Jan 2004 07:13:17 GMT

kadmin

It works from the root account but not from my own. How do I add the
commandline 'kadmin' client to the database?

I've been reading through TFM and any other info I can find but I don't see
a lot of descriptive information for adding users etc to the database, so
I've been experimenting.



Regards,

Jason.

--------------------------
Jason Oakley +612 82821434
Open and Intel Systems
Systems Administrator
http://www.eds.com

Add a dab of lavender to milk
Leave town with an orange
and pretend you are laughing at it


________________________________________________
Kerberos mailing list XXXX@XXXXX.COM
https://mailman.mit.edu/mailman/listinfo/kerberos

kerberos >> Client not found in Kerberos database

by Zoron Tacker » Fri, 22 Jun 2007 06:50:11 GMT

Hi,

I have an Intel xseve 10.4.9 server bound to AD and also have OD configured
on the same server for Mac management.
Other services running are AFP and WINDOWS. I will also be using the same
server as a file server for both Mac and Windows.

Below are my issues.

When the WINDOWS service starts on our Intel Xserve with 10.4.9 installed I
receive the below error message.

I have tested single sign on "SSO" from Mac and Windows systems and
everything seems to work, but am concerned that this error may cause an
issue at a later date.

I also have an issue with windows users suddenly not being able to connect
to a share on the Intel Xserve via SMB which is strange as the same user on
a Mac could still connect via AFP or SMB a restart of the WINDOWS service
seems to clear this problem, not sure if this is related to the below error
but it's a real issue and seems to be very random. When this happen I seem
to receive "broken pipe" errors in the "smbd.conf" log.

I checked the "secrets.tdb" and found that this did not have the "\00" on
the end of the "SECRETS/MACHINE_PASSWORD/", so I ran the script at "afp548"
site under forum "10.4.8 Intel - AD, Samba kerberos machine password" which
added the "\00". The strange thing is that all seemed to still work even
thought the "secrets.tdb" was not correct, perhaps this could be the cause
of the SMB dropouts?

Below is from the SMBD.LOG
*********************

[2007/05/30 19:14:49, 0]
/SourceCache/samba/samba-100.7/samba/source/smbd/server.c:main(789)

smbd version 3.0.10 started.
Copyright Andrew Tridgell and the Samba Team 1992-2004
[2007/05/30 19:14:49, 0]
/SourceCache/samba/samba-100.7/samba/source/libads/kerberos.c:ads_kinit_password(146)

kerberos_kinit_password host/ XXXX@XXXXX.COM failed: Client not
found in Kerberos database
[2007/05/30 19:14:49, 0]
/SourceCache/samba/samba-100.7/samba/source/printing/nt_printing.c:nt_printing_init(386)

nt_printing_init: error checking published printers: WERR_ACCESS_DENIED
[2007/05/31 10:24:34, 0]

*****************

The above error occurs after I BIND the server to AD and run the "dsconfigad
nableSSO" command and restart the server. I have tried removing the OD
configuration and BINDING to AD again but still get the above error.

The "OSXSERVER" in the log is the OS X server name and the "REALM.EDU.AU"
is the AD realm. It seems to be related to the SMB.conf as when I change the
"netbios" name in the SMB.conf the "OSXSERVER" name changes in the SMBD.LOG..

Thanks for any help,
Regan.

kerberos >> Client not found in Kerberos database

by zoron.tacker » Fri, 22 Jun 2007 06:50:11 GMT

Hi,

I have an Intel xseve 10.4.9 server bound to AD and also have OD configured
on the same server for Mac management.
Other services running are AFP and WINDOWS. I will also be using the same
server as a file server for both Mac and Windows.

Below are my issues.

When the WINDOWS service starts on our Intel Xserve with 10.4.9 installed I
receive the below error message.

I have tested single sign on "SSO" from Mac and Windows systems and
everything seems to work, but am concerned that this error may cause an
issue at a later date.

I also have an issue with windows users suddenly not being able to connect
to a share on the Intel Xserve via SMB which is strange as the same user on
a Mac could still connect via AFP or SMB a restart of the WINDOWS service
seems to clear this problem, not sure if this is related to the below error
but it's a real issue and seems to be very random. When this happen I seem
to receive "broken pipe" errors in the "smbd.conf" log.

I checked the "secrets.tdb" and found that this did not have the "\00" on
the end of the "SECRETS/MACHINE_PASSWORD/", so I ran the script at "afp548"
site under forum "10.4.8 Intel - AD, Samba kerberos machine password" which
added the "\00". The strange thing is that all seemed to still work even
thought the "secrets.tdb" was not correct, perhaps this could be the cause
of the SMB dropouts?

Below is from the SMBD.LOG
*********************

[2007/05/30 19:14:49, 0]
/SourceCache/samba/samba-100.7/samba/source/smbd/server.c:main(789)

smbd version 3.0.10 started.
Copyright Andrew Tridgell and the Samba Team 1992-2004
[2007/05/30 19:14:49, 0]
/SourceCache/samba/samba-100.7/samba/source/libads/kerberos.c:ads_kinit_password(146)

kerberos_kinit_password host/ XXXX@XXXXX.COM failed: Client not
found in Kerberos database
[2007/05/30 19:14:49, 0]
/SourceCache/samba/samba-100.7/samba/source/printing/nt_printing.c:nt_printing_init(386)

nt_printing_init: error checking published printers: WERR_ACCESS_DENIED
[2007/05/31 10:24:34, 0]

*****************

The above error occurs after I BIND the server to AD and run the "dsconfigad
nableSSO" command and restart the server. I have tried removing the OD
configuration and BINDING to AD again but still get the above error.

The "OSXSERVER" in the log is the OS X server name and the "REALM.EDU.AU"
is the AD realm. It seems to be related to the SMB.conf as when I change the
"netbios" name in the SMB.conf the "OSXSERVER" name changes in the SMBD.LOG.

Thanks for any help,
Regan.
________________________________________________
Kerberos mailing list XXXX@XXXXX.COM
https://mailman.mit.edu/mailman/listinfo/kerberos

Similar Threads

1. Client not found in Kerberos database while initializing kadmin interface

2. Client not found in Kerberos database while...

3. Error: Server not found in Kerberos database

4. Newbie: "Server not found in Kerberos database"

I am still in 'toy installation mode'.  I have set up a KDC
on a Linux machine, call it kervara.mygroup.org  I have successfully
set things up to the point that I can kinit from various clients.

I have also set up OpenSSH 3.9p1 to use GSSAPI authentication.
When I am logged into kervara, and have a valid TGT from this
realm, I can successfully ssh into kervara.mygroup.org without
a password; the keytab contains entries for the host/kervara.mygroup.org
principal.  This is the way things are supposed to work.  Life is good.

The problem comes when I attempt to do the same thing with the same
version of OpenSSH built with the same options on a Solaris machine.
In that case, the server logs a "Server not found in Kerberos database"
message and gives up.  I have looked at all the obvious candidates
(wrong DNS entry, disagreement as to host name in /etc/hosts and
DNS, etc) and come up empty.

Unfortunately, the log messages do not tell me _what_ principal it
was trying to find in krb5.keytab (I assume that this is where
the mismatch or missing entry is).

Is there a way to squeeze more diagnostic information?  Or does
this sound like a familiar problem?

5. newbie: error getting credentials: Server not found in Kerberos database

6. Server not found in Kerberos Database

7. Server not found in Kerberos database error on ldapsearch

8. Server not found in Kerberos database while getting a service url ticket