From daemon@netmediatech.com Mon Nov 18 12:37:23 1996
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id MAA10636 for <bugs@RT-11.MIT.EDU>; Mon, 18 Nov 1996 12:37:22 -0500
Received: from netmediatech.com by MIT.EDU with SMTP
id AA07024; Mon, 18 Nov 96 12:37:20 EST
Received: from net ([207.34.208.137]) by media.netmediatech.com with SMTP id <38918-137>; Mon, 18 Nov 1996 12:37:39 -0500
Message-Id: <32909ED2.69D8@netmediatech.com>
Date: Mon, 18 Nov 1996 12:37:22 -0500
From: Peter Ziobrzynski <pzi@netmediatech.com>
Sender: daemon <daemon@netmediatech.com>
To: unlisted-recipients:;;@netmediatech.com (no To-header on input)
Cc: krb5-bugs@MIT.EDU
Subject: Re: error while initializing kadmin interface
State-Changed-From-To: open-feedback
State-Changed-By: bjaspan
State-Changed-When: Mon Nov 18 13:40:56 1996
State-Changed-Why:
I do not think this is a bug.
Responsible-Changed-From-To: gnats-admin->bjaspan
Responsible-Changed-By: bjaspan
Responsible-Changed-When: Mon Nov 18 13:41:35 1996
Responsible-Changed-Why:
From: "Barry Jaspan" <bjaspan@MIT.EDU>
To: pzi@netmediatech.com
Cc: unlisted-recipients:;;;@netmediatech.com;, krb5-bugs@MIT.EDU
Subject: Re: pending/202: Re: error while initializing kadmin interface
Date: Mon, 18 Nov 1996 13:40:48 -0500
Peter,
I am not convinced you are having the problem you think you are
having. The initial message in this thread was from a person who was
getting "Key table entry not found" GSS-API errors from kadmind and
"GSS-API error communicating with kadmind" errors from kadmin. You
are getting "Communication failure with server" from kadmin and *no*
messages from kadmind. This leads me to think your kadmind isn't
running, not that it has the wrong entries in its keytab.
My 'kinit' and 'klist' for users work fine - only 'kadmin' fails:
% kadmin
Enter password:
kadmin: Communication failure with server while initializing kadmin
interface
The syslog messages that follow every KDC transaction are like that:
Nov 18 12:25:36 tech syslog: AS_REQ 207.34.208.139(88):
ISSUE: authtime 848337936, pzi/admin@NETMEDIATECH.COM for
kadmin/admin@NETMEDIATECH.COM
Is kadmind running (check with ps)? Run it, and check the syslog
output; it should log "starting" when it starts, or some other error
message.
Barry
From: Peter Ziobrzynski <pzi@netmediatech.com>
To: Barry Jaspan <bjaspan@MIT.EDU>
Cc: krb5-bugs@MIT.EDU, kerberos@MIT.EDU
Subject: Re: pending/202: Re: error while initializing kadmin interface
Date: Mon, 18 Nov 1996 14:19:50 -0500
Barry Jaspan wrote:
Barry,
Many thanks for your advice/analysis/direction. It pointed me to the
solution rigth away.
I checked the process table - kadmind was there.
Then checked listening sockets for kerberos ports:
% netstat -a | grep kerb
udp 0 0 *:kerberos-sec *:*
udp 0 0 *:kerberos *:*
Only the KDC ports were there. I checked the kdc.conf which I copied
from the sample src/config-files directory of beta7 and found:
kadmind_port = 3761
Changed it to 749 and all works now.
thanks again
To krb5-bugs: I would remove the port 3761 from the sample configuration
files in src/config-files/kdc.conf.
--
Peter Ziobrzynski, netMedia Technology Inc. <pzi@netmediatech.com>
204 Richmond St. #300, Toronto Ontario, Canada, M5V-1V6
tel.(416) 596-8520x242, fax.(416) 596-8610
State-Changed-From-To: feedback-closed
State-Changed-By: bjaspan
State-Changed-When: Mon Nov 18 14:27:43 1996
State-Changed-Why:
Peter,
I'm glad you found the problem. That (incorrect) entry from the
default kdc.conf has already been removed from the development
sources, so the problem will not exist in 1.0.
Barry
From: Peter Ziobrzynski <pzi@netmediatech.com>
To: Barry Jaspan <bjaspan@MIT.EDU>
Cc: krb5-bugs@MIT.EDU, kerberos@MIT.EDU
Subject: Re: pending/202: Re: error while initializing kadmin interface
Date: Mon, 18 Nov 1996 14:19:50 -0500
Barry Jaspan wrote:
Barry,
Many thanks for your advice/analysis/direction. It pointed me to the
solution rigth away.
I checked the process table - kadmind was there.
Then checked listening sockets for kerberos ports:
% netstat -a | grep kerb
udp 0 0 *:kerberos-sec *:*
udp 0 0 *:kerberos *:*
Only the KDC ports were there. I checked the kdc.conf which I copied
from the sample src/config-files directory of beta7 and found:
kadmind_port = 3761
Changed it to 749 and all works now.
thanks again
To krb5-bugs: I would remove the port 3761 from the sample configuration
files in src/config-files/kdc.conf.
--
Peter Ziobrzynski, netMedia Technology Inc. <pzi@netmediatech.com>
204 Richmond St. #300, Toronto Ontario, Canada, M5V-1V6
tel.(416) 596-8520x242, fax.(416) 596-8610
From: Peter Ziobrzynski <pzi@netmediatech.com>
To: Barry Jaspan <bjaspan@MIT.EDU>
Cc: krb5-bugs@MIT.EDU, kerberos@MIT.EDU
Subject: Re: pending/202: Re: error while initializing kadmin interface
Date: Mon, 18 Nov 1996 14:19:50 -0500
Barry Jaspan wrote:
Barry,
Many thanks for your advice/analysis/direction. It pointed me to the
solution rigth away.
I checked the process table - kadmind was there.
Then checked listening sockets for kerberos ports:
% netstat -a | grep kerb
udp 0 0 *:kerberos-sec *:*
udp 0 0 *:kerberos *:*
Only the KDC ports were there. I checked the kdc.conf which I copied
from the sample src/config-files directory of beta7 and found:
kadmind_port = 3761
Changed it to 749 and all works now.
thanks again
To krb5-bugs: I would remove the port 3761 from the sample configuration
files in src/config-files/kdc.conf.
--
Peter Ziobrzynski, netMedia Technology Inc. <pzi@netmediatech.com>
204 Richmond St. #300, Toronto Ontario, Canada, M5V-1V6
tel.(416) 596-8520x242, fax.(416) 596-8610
I have very similar problem (Linux). I followed your advice on checking
the KVNO in keytab file and the database - all the same:
% klist -k /usr/local/kerberos/lib/krb5kdc/kadm5.keytab
KVNO Principal
---- ---------------------------------------------------------------
7 kadmin/admin@NETMEDIATECH.COM
6 kadmin/changepw@NETMEDIATECH.COM
% kadmin.local
kadmin.local: getprinc kadmin/admin
<...>
Key: vno 7, DES cbc mode with CRC-32, no salt
<...>
kadmin.local: getprinc kadmin/changepw
<...>
Key: vno 6, DES cbc mode with CRC-32, no salt
<...>
My 'kinit' and 'klist' for users work fine - only 'kadmin' fails:
% kadmin
Enter password:
kadmin: Communication failure with server while initializing kadmin
interface
The syslog messages that follow every KDC transaction are like that:
Nov 18 12:25:36 tech syslog: AS_REQ 207.34.208.139(88):
ISSUE: authtime 848337936, pzi/admin@NETMEDIATECH.COM for
kadmin/admin@NETMEDIATECH.COM
Any ideas?
cheers - Peter
--
Peter Ziobrzynski, netMedia Technology Inc. <pzi@netmediatech.com>
204 Richmond St. #300, Toronto Ontario, Canada, M5V-1V6
tel.(416) 596-8520x242, fax.(416) 596-8610
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id MAA10636 for <bugs@RT-11.MIT.EDU>; Mon, 18 Nov 1996 12:37:22 -0500
Received: from netmediatech.com by MIT.EDU with SMTP
id AA07024; Mon, 18 Nov 96 12:37:20 EST
Received: from net ([207.34.208.137]) by media.netmediatech.com with SMTP id <38918-137>; Mon, 18 Nov 1996 12:37:39 -0500
Message-Id: <32909ED2.69D8@netmediatech.com>
Date: Mon, 18 Nov 1996 12:37:22 -0500
From: Peter Ziobrzynski <pzi@netmediatech.com>
Sender: daemon <daemon@netmediatech.com>
To: unlisted-recipients:;;@netmediatech.com (no To-header on input)
Cc: krb5-bugs@MIT.EDU
Subject: Re: error while initializing kadmin interface
Show quoted text
>Number: 202
>Category: pending
>Synopsis: Re: error while initializing kadmin interface
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: bjaspan
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Mon Nov 18 12:38:01 EST 1996
>Last-Modified: Tue Nov 19 17:15:01 EST 1996
>Originator:
>Organization:
>Release:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Category: pending
>Synopsis: Re: error while initializing kadmin interface
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: bjaspan
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Mon Nov 18 12:38:01 EST 1996
>Last-Modified: Tue Nov 19 17:15:01 EST 1996
>Originator:
>Organization:
>Release:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Audit-Trail:
State-Changed-From-To: open-feedback
State-Changed-By: bjaspan
State-Changed-When: Mon Nov 18 13:40:56 1996
State-Changed-Why:
I do not think this is a bug.
Responsible-Changed-From-To: gnats-admin->bjaspan
Responsible-Changed-By: bjaspan
Responsible-Changed-When: Mon Nov 18 13:41:35 1996
Responsible-Changed-Why:
From: "Barry Jaspan" <bjaspan@MIT.EDU>
To: pzi@netmediatech.com
Cc: unlisted-recipients:;;;@netmediatech.com;, krb5-bugs@MIT.EDU
Subject: Re: pending/202: Re: error while initializing kadmin interface
Date: Mon, 18 Nov 1996 13:40:48 -0500
Peter,
I am not convinced you are having the problem you think you are
having. The initial message in this thread was from a person who was
getting "Key table entry not found" GSS-API errors from kadmind and
"GSS-API error communicating with kadmind" errors from kadmin. You
are getting "Communication failure with server" from kadmin and *no*
messages from kadmind. This leads me to think your kadmind isn't
running, not that it has the wrong entries in its keytab.
My 'kinit' and 'klist' for users work fine - only 'kadmin' fails:
% kadmin
Enter password:
kadmin: Communication failure with server while initializing kadmin
interface
The syslog messages that follow every KDC transaction are like that:
Nov 18 12:25:36 tech syslog: AS_REQ 207.34.208.139(88):
ISSUE: authtime 848337936, pzi/admin@NETMEDIATECH.COM for
kadmin/admin@NETMEDIATECH.COM
Is kadmind running (check with ps)? Run it, and check the syslog
output; it should log "starting" when it starts, or some other error
message.
Barry
From: Peter Ziobrzynski <pzi@netmediatech.com>
To: Barry Jaspan <bjaspan@MIT.EDU>
Cc: krb5-bugs@MIT.EDU, kerberos@MIT.EDU
Subject: Re: pending/202: Re: error while initializing kadmin interface
Date: Mon, 18 Nov 1996 14:19:50 -0500
Barry Jaspan wrote:
Show quoted text
>
> Peter,
>
> I am not convinced you are having the problem you think you are
> having. The initial message in this thread was from a person who was
> getting "Key table entry not found" GSS-API errors from kadmind and
> "GSS-API error communicating with kadmind" errors from kadmin. You
> are getting "Communication failure with server" from kadmin and *no*
> messages from kadmind. This leads me to think your kadmind isn't
> running, not that it has the wrong entries in its keytab.
>
> My 'kinit' and 'klist' for users work fine - only 'kadmin' fails:
>
> % kadmin
> Enter password:
> kadmin: Communication failure with server while initializing kadmin
> interface
>
> The syslog messages that follow every KDC transaction are like that:
>
> Nov 18 12:25:36 tech syslog: AS_REQ 207.34.208.139(88):
> ISSUE: authtime 848337936, pzi/admin@NETMEDIATECH.COM for
> kadmin/admin@NETMEDIATECH.COM
>
> Is kadmind running (check with ps)? Run it, and check the syslog
> output; it should log "starting" when it starts, or some other error
> message.
>
> Barry
> Peter,
>
> I am not convinced you are having the problem you think you are
> having. The initial message in this thread was from a person who was
> getting "Key table entry not found" GSS-API errors from kadmind and
> "GSS-API error communicating with kadmind" errors from kadmin. You
> are getting "Communication failure with server" from kadmin and *no*
> messages from kadmind. This leads me to think your kadmind isn't
> running, not that it has the wrong entries in its keytab.
>
> My 'kinit' and 'klist' for users work fine - only 'kadmin' fails:
>
> % kadmin
> Enter password:
> kadmin: Communication failure with server while initializing kadmin
> interface
>
> The syslog messages that follow every KDC transaction are like that:
>
> Nov 18 12:25:36 tech syslog: AS_REQ 207.34.208.139(88):
> ISSUE: authtime 848337936, pzi/admin@NETMEDIATECH.COM for
> kadmin/admin@NETMEDIATECH.COM
>
> Is kadmind running (check with ps)? Run it, and check the syslog
> output; it should log "starting" when it starts, or some other error
> message.
>
> Barry
Barry,
Many thanks for your advice/analysis/direction. It pointed me to the
solution rigth away.
I checked the process table - kadmind was there.
Then checked listening sockets for kerberos ports:
% netstat -a | grep kerb
udp 0 0 *:kerberos-sec *:*
udp 0 0 *:kerberos *:*
Only the KDC ports were there. I checked the kdc.conf which I copied
from the sample src/config-files directory of beta7 and found:
kadmind_port = 3761
Changed it to 749 and all works now.
thanks again
To krb5-bugs: I would remove the port 3761 from the sample configuration
files in src/config-files/kdc.conf.
--
Peter Ziobrzynski, netMedia Technology Inc. <pzi@netmediatech.com>
204 Richmond St. #300, Toronto Ontario, Canada, M5V-1V6
tel.(416) 596-8520x242, fax.(416) 596-8610
State-Changed-From-To: feedback-closed
State-Changed-By: bjaspan
State-Changed-When: Mon Nov 18 14:27:43 1996
State-Changed-Why:
Peter,
I'm glad you found the problem. That (incorrect) entry from the
default kdc.conf has already been removed from the development
sources, so the problem will not exist in 1.0.
Barry
From: Peter Ziobrzynski <pzi@netmediatech.com>
To: Barry Jaspan <bjaspan@MIT.EDU>
Cc: krb5-bugs@MIT.EDU, kerberos@MIT.EDU
Subject: Re: pending/202: Re: error while initializing kadmin interface
Date: Mon, 18 Nov 1996 14:19:50 -0500
Barry Jaspan wrote:
Show quoted text
>
> Peter,
>
> I am not convinced you are having the problem you think you are
> having. The initial message in this thread was from a person who was
> getting "Key table entry not found" GSS-API errors from kadmind and
> "GSS-API error communicating with kadmind" errors from kadmin. You
> are getting "Communication failure with server" from kadmin and *no*
> messages from kadmind. This leads me to think your kadmind isn't
> running, not that it has the wrong entries in its keytab.
>
> My 'kinit' and 'klist' for users work fine - only 'kadmin' fails:
>
> % kadmin
> Enter password:
> kadmin: Communication failure with server while initializing kadmin
> interface
>
> The syslog messages that follow every KDC transaction are like that:
>
> Nov 18 12:25:36 tech syslog: AS_REQ 207.34.208.139(88):
> ISSUE: authtime 848337936, pzi/admin@NETMEDIATECH.COM for
> kadmin/admin@NETMEDIATECH.COM
>
> Is kadmind running (check with ps)? Run it, and check the syslog
> output; it should log "starting" when it starts, or some other error
> message.
>
> Barry
> Peter,
>
> I am not convinced you are having the problem you think you are
> having. The initial message in this thread was from a person who was
> getting "Key table entry not found" GSS-API errors from kadmind and
> "GSS-API error communicating with kadmind" errors from kadmin. You
> are getting "Communication failure with server" from kadmin and *no*
> messages from kadmind. This leads me to think your kadmind isn't
> running, not that it has the wrong entries in its keytab.
>
> My 'kinit' and 'klist' for users work fine - only 'kadmin' fails:
>
> % kadmin
> Enter password:
> kadmin: Communication failure with server while initializing kadmin
> interface
>
> The syslog messages that follow every KDC transaction are like that:
>
> Nov 18 12:25:36 tech syslog: AS_REQ 207.34.208.139(88):
> ISSUE: authtime 848337936, pzi/admin@NETMEDIATECH.COM for
> kadmin/admin@NETMEDIATECH.COM
>
> Is kadmind running (check with ps)? Run it, and check the syslog
> output; it should log "starting" when it starts, or some other error
> message.
>
> Barry
Barry,
Many thanks for your advice/analysis/direction. It pointed me to the
solution rigth away.
I checked the process table - kadmind was there.
Then checked listening sockets for kerberos ports:
% netstat -a | grep kerb
udp 0 0 *:kerberos-sec *:*
udp 0 0 *:kerberos *:*
Only the KDC ports were there. I checked the kdc.conf which I copied
from the sample src/config-files directory of beta7 and found:
kadmind_port = 3761
Changed it to 749 and all works now.
thanks again
To krb5-bugs: I would remove the port 3761 from the sample configuration
files in src/config-files/kdc.conf.
--
Peter Ziobrzynski, netMedia Technology Inc. <pzi@netmediatech.com>
204 Richmond St. #300, Toronto Ontario, Canada, M5V-1V6
tel.(416) 596-8520x242, fax.(416) 596-8610
From: Peter Ziobrzynski <pzi@netmediatech.com>
To: Barry Jaspan <bjaspan@MIT.EDU>
Cc: krb5-bugs@MIT.EDU, kerberos@MIT.EDU
Subject: Re: pending/202: Re: error while initializing kadmin interface
Date: Mon, 18 Nov 1996 14:19:50 -0500
Barry Jaspan wrote:
Show quoted text
>
> Peter,
>
> I am not convinced you are having the problem you think you are
> having. The initial message in this thread was from a person who was
> getting "Key table entry not found" GSS-API errors from kadmind and
> "GSS-API error communicating with kadmind" errors from kadmin. You
> are getting "Communication failure with server" from kadmin and *no*
> messages from kadmind. This leads me to think your kadmind isn't
> running, not that it has the wrong entries in its keytab.
>
> My 'kinit' and 'klist' for users work fine - only 'kadmin' fails:
>
> % kadmin
> Enter password:
> kadmin: Communication failure with server while initializing kadmin
> interface
>
> The syslog messages that follow every KDC transaction are like that:
>
> Nov 18 12:25:36 tech syslog: AS_REQ 207.34.208.139(88):
> ISSUE: authtime 848337936, pzi/admin@NETMEDIATECH.COM for
> kadmin/admin@NETMEDIATECH.COM
>
> Is kadmind running (check with ps)? Run it, and check the syslog
> output; it should log "starting" when it starts, or some other error
> message.
>
> Barry
> Peter,
>
> I am not convinced you are having the problem you think you are
> having. The initial message in this thread was from a person who was
> getting "Key table entry not found" GSS-API errors from kadmind and
> "GSS-API error communicating with kadmind" errors from kadmin. You
> are getting "Communication failure with server" from kadmin and *no*
> messages from kadmind. This leads me to think your kadmind isn't
> running, not that it has the wrong entries in its keytab.
>
> My 'kinit' and 'klist' for users work fine - only 'kadmin' fails:
>
> % kadmin
> Enter password:
> kadmin: Communication failure with server while initializing kadmin
> interface
>
> The syslog messages that follow every KDC transaction are like that:
>
> Nov 18 12:25:36 tech syslog: AS_REQ 207.34.208.139(88):
> ISSUE: authtime 848337936, pzi/admin@NETMEDIATECH.COM for
> kadmin/admin@NETMEDIATECH.COM
>
> Is kadmind running (check with ps)? Run it, and check the syslog
> output; it should log "starting" when it starts, or some other error
> message.
>
> Barry
Barry,
Many thanks for your advice/analysis/direction. It pointed me to the
solution rigth away.
I checked the process table - kadmind was there.
Then checked listening sockets for kerberos ports:
% netstat -a | grep kerb
udp 0 0 *:kerberos-sec *:*
udp 0 0 *:kerberos *:*
Only the KDC ports were there. I checked the kdc.conf which I copied
from the sample src/config-files directory of beta7 and found:
kadmind_port = 3761
Changed it to 749 and all works now.
thanks again
To krb5-bugs: I would remove the port 3761 from the sample configuration
files in src/config-files/kdc.conf.
--
Peter Ziobrzynski, netMedia Technology Inc. <pzi@netmediatech.com>
204 Richmond St. #300, Toronto Ontario, Canada, M5V-1V6
tel.(416) 596-8520x242, fax.(416) 596-8610
Show quoted text
>Unformatted:
Barry Jaspan wrote:Show quoted text
>
> # ls -l /usr/local/lib/krb5kdc/kadm5.keytab
> -rw------- 1 root other 119 Nov 1 10:41 /usr/local/lib/krb5kdc/kadm5.keytab
>
> It appears that I have everything I need to run kadmin, but I keep
> getting the GSS-API error. Have I overlooked something?
>
> Check the key version number of kadmin/admin and kadmin/changepw in
> the keytab and in the database (use klist -k for the keytab, and
> get_principal in kadmin for the database). If they don't match,
> that's the problem. Fix it by re-extracting the keytab with kadmin's
> ktadd.
>
> Hmmm. Perhaps there should be a separate error code for "No key table
> entry with matching key version number found" to identify this error
> more precisely...
>
> Barry
> # ls -l /usr/local/lib/krb5kdc/kadm5.keytab
> -rw------- 1 root other 119 Nov 1 10:41 /usr/local/lib/krb5kdc/kadm5.keytab
>
> It appears that I have everything I need to run kadmin, but I keep
> getting the GSS-API error. Have I overlooked something?
>
> Check the key version number of kadmin/admin and kadmin/changepw in
> the keytab and in the database (use klist -k for the keytab, and
> get_principal in kadmin for the database). If they don't match,
> that's the problem. Fix it by re-extracting the keytab with kadmin's
> ktadd.
>
> Hmmm. Perhaps there should be a separate error code for "No key table
> entry with matching key version number found" to identify this error
> more precisely...
>
> Barry
I have very similar problem (Linux). I followed your advice on checking
the KVNO in keytab file and the database - all the same:
% klist -k /usr/local/kerberos/lib/krb5kdc/kadm5.keytab
KVNO Principal
---- ---------------------------------------------------------------
7 kadmin/admin@NETMEDIATECH.COM
6 kadmin/changepw@NETMEDIATECH.COM
% kadmin.local
kadmin.local: getprinc kadmin/admin
<...>
Key: vno 7, DES cbc mode with CRC-32, no salt
<...>
kadmin.local: getprinc kadmin/changepw
<...>
Key: vno 6, DES cbc mode with CRC-32, no salt
<...>
My 'kinit' and 'klist' for users work fine - only 'kadmin' fails:
% kadmin
Enter password:
kadmin: Communication failure with server while initializing kadmin
interface
The syslog messages that follow every KDC transaction are like that:
Nov 18 12:25:36 tech syslog: AS_REQ 207.34.208.139(88):
ISSUE: authtime 848337936, pzi/admin@NETMEDIATECH.COM for
kadmin/admin@NETMEDIATECH.COM
Any ideas?
cheers - Peter
--
Peter Ziobrzynski, netMedia Technology Inc. <pzi@netmediatech.com>
204 Richmond St. #300, Toronto Ontario, Canada, M5V-1V6
tel.(416) 596-8520x242, fax.(416) 596-8610