Return-Path: X-Original-To: krb5-send-pr-nospam1@krbdev.mit.edu Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (Postfix) with ESMTP id 3DA10CC859; Wed, 11 Mar 2009 21:38:18 +0000 (UTC) Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id n2BLcIBZ023557; Wed, 11 Mar 2009 17:38:18 -0400 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id n2BLcG3j023543 for ; Wed, 11 Mar 2009 17:38:16 -0400 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id n2BLcEjF009497; Wed, 11 Mar 2009 17:38:14 -0400 (EDT) Received: from NOME-KING.MIT.EDU (NOME-KING.MIT.EDU [18.18.1.160]) (authenticated bits=0) (User authenticated as raeburn@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id n2BLcDEk021845 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Wed, 11 Mar 2009 17:38:13 -0400 (EDT) Message-ID: <21B34640-9138-4AEF-811D-253EFDD99D87@mit.edu> From: Ken Raeburn To: krb5-bugs@MIT.EDU Content-Type: text/plain; charset=WINDOWS-1252; format=flowed; delsp=yes Subject: useless error message from krb5kdc MIME-Version: 1.0 (Apple Message framework v930.3) Date: Wed, 11 Mar 2009 17:38:13 -0400 References: X-Mailer: Apple Mail (2.930.3) X-Scanned-BY: MIMEDefang 2.42 X-Spam-Flag: NO X-Spam-Score: 0.00 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id n2BLcG3j023543 X-Beenthere: krb5-bugs-incoming@mailman.mit.edu X-Mailman-Version: 2.1.6 Precedence: list Sender: krb5-bugs-incoming-bounces@PCH.mit.edu Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu X-RT-Original-Encoding: windows-1252 Content-Length: 4155 A minor typo in a config file caused a useless error message to be displayed. It probably should've said something about not finding a definition for the database module "opeldap_ldapconf". Begin forwarded message: > From: Mathew Rowley > Date: March 11, 2009 14:39:14 EDT > To: Mathew Rowley , > "kerberos@mit.edu" > Subject: Re: Forgetting something? krb5kdc: No such file or > directory - whileinitializing database for realm COMCAST.COM > X-Spam-Score: -0.963 > > My problem was actually a typo. In my realm, I had: > > database_module = opeldap_ldapconf > > Which did not match ‘opeNldap_ldapconf’ > > MAT > > > > On 3/11/09 9:15 AM, "Mathew Rowley" > wrote: > >> I am trying to start up a freshly installed/configured MIT kerberos >> (1.6.1-31) implementation, but I am obviously missing something. I >> am using >> an LDAP backend, but the service will not start. Here is what I >> have done, >> can anyone see something I am missing? Or know of a way I can get >> more >> logging? Thanks. >> >> 1. Modified /var/kerberos/krb5kdc/krb.conf to set up the realm >> >> 2. Modified /etc/krb5.conf to include ldap information: >> [dbdefaults] >> ldap_kerberos_container_dn = cn=krbcontainer,dc=comcast,dc=com >> [dbmodules] >> openldap_ldapconf = { >> db_library = kldap >> ldap_kerberos_container_dn = cn=krbcontainer,dc=comcast,dc=com >> ldap_kdc_dn = "cn=kdc,dc=comcast,dc=com" >> # this object needs to have read rights on >> # the realm container, principal container and realm sub-trees >> ldap_kadmind_dn = "cn=kadmin,dc=comcast,dc=com" >> # this object needs to have read and write rights on >> # the realm container, principal container and realm sub-trees >> ldap_service_password_file = /var/kerberos/krb5kdc/kdc5.keyfile >> ldap_servers = ldap://kdc01.security.lab.comcast.net >> ldap_conns_per_server = 5 >> } >> >> 3. Created the ldap users (kadmin, kdc) >> >> 4. Initialized the ldap backed with kdb5_ldap_util ( kdb5_ldap_util >> -H >> ldap://10.252.152.78 -D 'cn=manager,dc=comcast,dc=com' create - >> subtrees >> 'dc=comcast,dc=com' -r COMCAST.NET –s) >> >> 5. Stased kadmin and kdc passwords in /var/kerberos/krb5kdc/ >> kdc5.keyfile >> using kdb5_ldap_util (kdb5_ldap_util stashsrvpw -f >> /var/kerberos/krb5kdc/kdc5.keyfile 'cn=kadmin,dc=comcast,dc=com') >> >> 6. Modified ldap ACL as according to >> http://web.mit.edu/kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-admin.html >> but with >> my kadmin/kdc name and my dn >> (using ldap 2.4.15 – with new cn=config) >> olcAccess: to dn.base="" by * read >> olcAccess: to dn.base="cn=Subschema" by * read >> olcAccess: to attrs=userPassword,userPKCS12 by self write >> by * read >> olcAccess: to dn.subtree="dc=comcast,dc=com" by >> dn.exact="cn=kdc,dc=comcast,dc=com" read >> by dn.exact="cn=kadmin,dc=comcast,dc=com" write >> by * none >> olcAccess: to >> dn.subtree="cn=COMCAST.COM,cn=krbcontainer,dc=comcast,dc=com" >> by dn.exact="cn=kdc,dc=comcast,dc=com" read >> by dn.exact="cn=kadmin,dc=comcast,dc=com" write >> by * none >> olcAccess: to * by * read >> >> 7. Confirmed I can ldapsearch with kadmin and kdc ldap users >> >> 8. Tried to start krb5kdc - /etc/init.d/krb5kdc start: >> [root@kdc01 krb5kdc]# /etc/init.d/krb5kdc start >> Starting Kerberos 5 KDC: krb5kdc: cannot initialize realm >> COMCAST.COM - see >> log file for details >> [FAILED] >> [root@kdc01 krb5kdc]# cat /var/log/krb5kdc.log >> krb5kdc: No such file or directory - while initializing database >> for realm >> COMCAST.COM >> >> Any ideas? Thanks for any help. >> >> -- >> MAT >> >> ________________________________________________ >> Kerberos mailing list Kerberos@mit.edu >> https://mailman.mit.edu/mailman/listinfo/kerberos >> > > -- > MAT > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos