Cannot find KDC for realm while initializing kadmin interface










0















Given the following krb5.config (where FOOBAR.COM is a made-up string)



[libdefaults]
 renew_lifetime = 7d
 forwardable = true
 default_realm = FOOBAR.COM
 ticket_lifetime = 24h
 dns_lookup_realm = false
 dns_lookup_kdc = false
 default_ccache_name = /tmp/krb5cc_%uid
 #default_tgs_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5
 #default_tkt_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5

[domain_realm]
#Been messing around with this part
FOOBAR.COM = FOOBAR.COM
.FOOBAR.COM = FOOBAR.COM


[logging]
 default = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log
 kdc = FILE:/var/log/krb5kdc.log

[realms]
 FOOBAR.COM = 
 admin_server = my_admin_server_hostname
 kdc = my_kdc_hostname


Calling kadmin with my realm name and other parameters doesn't work. It cannot find the kdc.



[kdc machine] kadmin -s localhost -p admin/admin@foobar.com -r FOOBAR.COM -q "get_principal admin/admin@foobar.com"
 Authenticating as principal admin/admin@foobar.com with password.
 kadmin: Cannot find KDC for realm "foobar.com" while initializing kadmin interface


However accessing kadmin first works (maybe because it accesses kadmin.local?)



[kdc machine]# kadmin
Authenticating as principal admin/admin@FOOBAR.COM with password.
Password for admin/admin@FOOBAR.COM:
kadmin: get_principal admin/admin@foobar.com
get_principal: Principal does not exist while retrieving "admin/admin@foobar.com".


And strangely, leaving out the principal flag works OK too



[kdc machine]# kadmin -s localhost -r FOOBAR.COM -q "get_principal admin/admin@foobar.com"
Authenticating as principal admin/admin@FOOBAR.COM with password.
Password for admin/admin@FOOBAR.COM:
get_principal: Principal does not exist while retrieving "admin/admin@foobar.com".


I'm assuming this is because of some DNS problem, since my realm string FOOBAR.COM is a fictional address. I've been editting my krb5.conf and hosts file trying to resolve this, but without much success. Using an actual FQDN instead of a random string as realm name is not an option. I don't get why leaving out -p would lead to a different result though...



Does anyone have ideas on how to still make the first query work?






hadoop kerberos







share|improve this question




























    0















    Given the following krb5.config (where FOOBAR.COM is a made-up string)



    [libdefaults]
     renew_lifetime = 7d
     forwardable = true
     default_realm = FOOBAR.COM
     ticket_lifetime = 24h
     dns_lookup_realm = false
     dns_lookup_kdc = false
     default_ccache_name = /tmp/krb5cc_%uid
     #default_tgs_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5
     #default_tkt_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5

    [domain_realm]
    #Been messing around with this part
    FOOBAR.COM = FOOBAR.COM
    .FOOBAR.COM = FOOBAR.COM


    [logging]
     default = FILE:/var/log/krb5kdc.log
     admin_server = FILE:/var/log/kadmind.log
     kdc = FILE:/var/log/krb5kdc.log

    [realms]
     FOOBAR.COM = 
     admin_server = my_admin_server_hostname
     kdc = my_kdc_hostname


    Calling kadmin with my realm name and other parameters doesn't work. It cannot find the kdc.



    [kdc machine] kadmin -s localhost -p admin/admin@foobar.com -r FOOBAR.COM -q "get_principal admin/admin@foobar.com"
     Authenticating as principal admin/admin@foobar.com with password.
     kadmin: Cannot find KDC for realm "foobar.com" while initializing kadmin interface


    However accessing kadmin first works (maybe because it accesses kadmin.local?)



    [kdc machine]# kadmin
    Authenticating as principal admin/admin@FOOBAR.COM with password.
    Password for admin/admin@FOOBAR.COM:
    kadmin: get_principal admin/admin@foobar.com
    get_principal: Principal does not exist while retrieving "admin/admin@foobar.com".


    And strangely, leaving out the principal flag works OK too



    [kdc machine]# kadmin -s localhost -r FOOBAR.COM -q "get_principal admin/admin@foobar.com"
    Authenticating as principal admin/admin@FOOBAR.COM with password.
    Password for admin/admin@FOOBAR.COM:
    get_principal: Principal does not exist while retrieving "admin/admin@foobar.com".


    I'm assuming this is because of some DNS problem, since my realm string FOOBAR.COM is a fictional address. I've been editting my krb5.conf and hosts file trying to resolve this, but without much success. Using an actual FQDN instead of a random string as realm name is not an option. I don't get why leaving out -p would lead to a different result though...



    Does anyone have ideas on how to still make the first query work?






    hadoop kerberos







    share|improve this question


























      0












      0








      0








      Given the following krb5.config (where FOOBAR.COM is a made-up string)



      [libdefaults]
       renew_lifetime = 7d
       forwardable = true
       default_realm = FOOBAR.COM
       ticket_lifetime = 24h
       dns_lookup_realm = false
       dns_lookup_kdc = false
       default_ccache_name = /tmp/krb5cc_%uid
       #default_tgs_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5
       #default_tkt_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5

      [domain_realm]
      #Been messing around with this part
      FOOBAR.COM = FOOBAR.COM
      .FOOBAR.COM = FOOBAR.COM


      [logging]
       default = FILE:/var/log/krb5kdc.log
       admin_server = FILE:/var/log/kadmind.log
       kdc = FILE:/var/log/krb5kdc.log

      [realms]
       FOOBAR.COM = 
       admin_server = my_admin_server_hostname
       kdc = my_kdc_hostname


      Calling kadmin with my realm name and other parameters doesn't work. It cannot find the kdc.



      [kdc machine] kadmin -s localhost -p admin/admin@foobar.com -r FOOBAR.COM -q "get_principal admin/admin@foobar.com"
       Authenticating as principal admin/admin@foobar.com with password.
       kadmin: Cannot find KDC for realm "foobar.com" while initializing kadmin interface


      However accessing kadmin first works (maybe because it accesses kadmin.local?)



      [kdc machine]# kadmin
      Authenticating as principal admin/admin@FOOBAR.COM with password.
      Password for admin/admin@FOOBAR.COM:
      kadmin: get_principal admin/admin@foobar.com
      get_principal: Principal does not exist while retrieving "admin/admin@foobar.com".


      And strangely, leaving out the principal flag works OK too



      [kdc machine]# kadmin -s localhost -r FOOBAR.COM -q "get_principal admin/admin@foobar.com"
      Authenticating as principal admin/admin@FOOBAR.COM with password.
      Password for admin/admin@FOOBAR.COM:
      get_principal: Principal does not exist while retrieving "admin/admin@foobar.com".


      I'm assuming this is because of some DNS problem, since my realm string FOOBAR.COM is a fictional address. I've been editting my krb5.conf and hosts file trying to resolve this, but without much success. Using an actual FQDN instead of a random string as realm name is not an option. I don't get why leaving out -p would lead to a different result though...



      Does anyone have ideas on how to still make the first query work?






      hadoop kerberos







      share|improve this question
















      Given the following krb5.config (where FOOBAR.COM is a made-up string)



      [libdefaults]
       renew_lifetime = 7d
       forwardable = true
       default_realm = FOOBAR.COM
       ticket_lifetime = 24h
       dns_lookup_realm = false
       dns_lookup_kdc = false
       default_ccache_name = /tmp/krb5cc_%uid
       #default_tgs_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5
       #default_tkt_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5

      [domain_realm]
      #Been messing around with this part
      FOOBAR.COM = FOOBAR.COM
      .FOOBAR.COM = FOOBAR.COM


      [logging]
       default = FILE:/var/log/krb5kdc.log
       admin_server = FILE:/var/log/kadmind.log
       kdc = FILE:/var/log/krb5kdc.log

      [realms]
       FOOBAR.COM = 
       admin_server = my_admin_server_hostname
       kdc = my_kdc_hostname


      Calling kadmin with my realm name and other parameters doesn't work. It cannot find the kdc.



      [kdc machine] kadmin -s localhost -p admin/admin@foobar.com -r FOOBAR.COM -q "get_principal admin/admin@foobar.com"
       Authenticating as principal admin/admin@foobar.com with password.
       kadmin: Cannot find KDC for realm "foobar.com" while initializing kadmin interface


      However accessing kadmin first works (maybe because it accesses kadmin.local?)



      [kdc machine]# kadmin
      Authenticating as principal admin/admin@FOOBAR.COM with password.
      Password for admin/admin@FOOBAR.COM:
      kadmin: get_principal admin/admin@foobar.com
      get_principal: Principal does not exist while retrieving "admin/admin@foobar.com".


      And strangely, leaving out the principal flag works OK too



      [kdc machine]# kadmin -s localhost -r FOOBAR.COM -q "get_principal admin/admin@foobar.com"
      Authenticating as principal admin/admin@FOOBAR.COM with password.
      Password for admin/admin@FOOBAR.COM:
      get_principal: Principal does not exist while retrieving "admin/admin@foobar.com".


      I'm assuming this is because of some DNS problem, since my realm string FOOBAR.COM is a fictional address. I've been editting my krb5.conf and hosts file trying to resolve this, but without much success. Using an actual FQDN instead of a random string as realm name is not an option. I don't get why leaving out -p would lead to a different result though...



      Does anyone have ideas on how to still make the first query work?






      hadoop kerberos




      hadoop kerberos






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 14 '18 at 15:46







      Koen De Couck

















      asked Nov 14 '18 at 15:23









      Koen De CouckKoen De Couck

      67331127




      67331127






















          1 Answer
          1






          active

          oldest

          votes


















          0














          Alright so it seems the problem was with specifying the principal -p



          This fails:
          -p admin/admin@holograph.tor.indexww.com



          This succeeds:
          -p admin/admin



          Kadmin apparently automatically adds the realm name after the principal and was failing on that, nothing to do with 'not finding the KDC server' at all.






          share|improve this answer























          • Be sure to hit the green check mark on this answer, since you self-verified it.

            – T-Heron
            Nov 20 '18 at 12:20










          Your Answer






          StackExchange.ifUsing("editor", function ()
          StackExchange.using("externalEditor", function ()
          StackExchange.using("snippets", function ()
          StackExchange.snippets.init();
          );
          );
          , "code-snippets");

          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "1"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













          draft saved

          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53303506%2fcannot-find-kdc-for-realm-while-initializing-kadmin-interface%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          0














          Alright so it seems the problem was with specifying the principal -p



          This fails:
          -p admin/admin@holograph.tor.indexww.com



          This succeeds:
          -p admin/admin



          Kadmin apparently automatically adds the realm name after the principal and was failing on that, nothing to do with 'not finding the KDC server' at all.






          share|improve this answer























          • Be sure to hit the green check mark on this answer, since you self-verified it.

            – T-Heron
            Nov 20 '18 at 12:20















          0














          Alright so it seems the problem was with specifying the principal -p



          This fails:
          -p admin/admin@holograph.tor.indexww.com



          This succeeds:
          -p admin/admin



          Kadmin apparently automatically adds the realm name after the principal and was failing on that, nothing to do with 'not finding the KDC server' at all.






          share|improve this answer























          • Be sure to hit the green check mark on this answer, since you self-verified it.

            – T-Heron
            Nov 20 '18 at 12:20













          0












          0








          0







          Alright so it seems the problem was with specifying the principal -p



          This fails:
          -p admin/admin@holograph.tor.indexww.com



          This succeeds:
          -p admin/admin



          Kadmin apparently automatically adds the realm name after the principal and was failing on that, nothing to do with 'not finding the KDC server' at all.






          share|improve this answer













          Alright so it seems the problem was with specifying the principal -p



          This fails:
          -p admin/admin@holograph.tor.indexww.com



          This succeeds:
          -p admin/admin



          Kadmin apparently automatically adds the realm name after the principal and was failing on that, nothing to do with 'not finding the KDC server' at all.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 14 '18 at 16:17









          Koen De CouckKoen De Couck

          67331127




          67331127












          • Be sure to hit the green check mark on this answer, since you self-verified it.

            – T-Heron
            Nov 20 '18 at 12:20

















          • Be sure to hit the green check mark on this answer, since you self-verified it.

            – T-Heron
            Nov 20 '18 at 12:20
















          Be sure to hit the green check mark on this answer, since you self-verified it.

          – T-Heron
          Nov 20 '18 at 12:20





          Be sure to hit the green check mark on this answer, since you self-verified it.

          – T-Heron
          Nov 20 '18 at 12:20



















          draft saved

          draft discarded
















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53303506%2fcannot-find-kdc-for-realm-while-initializing-kadmin-interface%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          27

          Image
          www.msyz777.com_www.msyz888.com_www.msyz999.com window._bd_share_config="common":"bdSnsKey":,"bdText":"","bdMini":"2","bdMiniList":false,"bdPic":"","bdStyle":"1","bdSize":"16","share":,"image":"viewList":["qzone","tsina","tqq","renren","t163"],"viewText":"��������","viewSize":"16","selectShare":"bdContainerClass":null,"bdSelectMiniList":["qzone","tsina","tqq","renren","t163"];with(document)0[(getElementsByTagName('head')[0]||body).appendChild(createElement('script')).src='http://bdimg.share.baidu.com/static/...
          Read more

          Top Tejano songwriter Luis Silva dead of heart attack at 64

          Image
          Ramiro Burr's New Blog - to go back: www.ramiroburr.com From Latin rock to reggaeton, boleros to blues,Tex-Mex to Tejano, conjunto to corridos and beyond, Ramiro Burr has it covered. If you have a new CD release, a trivia question or are looking for tour info, post a message here or e-mail Ramiro directly at: musicreporter@gmail.com Top Tejano songwriter Luis Silva dead of heart attack at 64 By Ramiro Burr on October 23, 2008 8:40 AM | Permalink | Comments (12) | TrackBacks (0) UPDATE: Luis Silva Funeral Service details released Visitation 4-9 p.m. Saturday, Rosary service 6 p.m. Saturday at Porter Loring, 1101 McCullough Ave Funeral Service 10:30 a.m. Monday St. Anthony De Padua Catholic Church, Burial Service at Chapel Hills, 7735 Gibbs Sprawl Road. Porter Loring (210) 227-8221 Related New Flash: Irma Laura Lopez: long time record promoter killed in accident NewsFlash: 9:02 a.m. (New comments below) Luis Silva , one of the most well-known ...
          Read more

          Category:Rhetoric

          Image
          Help Category:Rhetoric From Wikipedia, the free encyclopedia Jump to navigation Jump to search Library cataloging and classification main topic rhetoric Library of Congress P301 Universal Decimal 808 Wikimedia Commons has media related to Rhetoric . The main article for this category is Rhetoric . Rhetorical terms, i.e. terms used to describe or analyze rhetorical arguments, including those in persuasive speeches and opinion editorials. Contents Top 0–9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Subcategories This category has the following 17 subcategories, out of 17 total. A ► Analogy‎ (2 C, 23 P) ► Apologetics‎ (5 C, 12 P) D ► Dialectic‎ (2 C, 21 P) ► Dialogues‎ (2 C, 38 P) F ► Fiction-writing mode‎ (4 C, 11 P) H ► Homiletics‎ (21 P) ► Hypocrisy‎ (11 P) P ► Populism‎ (13 C, 49 P) R ► Rhetoric theorists‎ (3 C,...
          Read more