LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Cannot resolve network address for KDC in requested realm while getting initial crede (https://www.linuxquestions.org/questions/linux-networking-3/cannot-resolve-network-address-for-kdc-in-requested-realm-while-getting-initial-crede-446435/)

humayun 05-19-2006 10:11 AM

Cannot resolve network address for KDC in requested realm while getting initial crede
 
I have users who are unable to login to a Red Hat machine.

Linux version 2.6.9-5.ELsmp(bhcompile@decompose.build.redhat.com) (gcc version 3.4.3 20041212 (Red Hat 3.4.3-9.EL4)) #1 SMP Wed Jan 5 19:30:39 EST 2005

There error is below:
Cannot resolve network address for KDC in requested realm while getting initial credentials

I dont know what this error is about and didnt find the answer on google yet. Any help would be greatly appreciated.
Thanks.

humayun 05-22-2006 05:24 PM

I hope someone can direct me to the right answer here.
Thanks.

vimal 08-21-2007 02:56 AM

Hello Humayun,

The error "Cannot resolve network address for KDC in requested realm while getting initial credentials" mainly pops up when you don't have your /etc/resolv.conf' or '/etc/hosts' file set up properly. Could you please verify this and also check that all your DNS servers are working fine.Each host's canonical name must be a FQDN, including the domain, and each host's IP address must reverse-resolve the canonical name. The basic thing is that your client should be able to resolve the server address ( kerberos name specified in the /etc/krb5.conf ) properly. Also please ensure that your system time is synchronized with the Kerberos server.Hosts are configured to reject responses from any KDC whose clock is not within the specified maximum clock skew ( 300 secs / 5 min ), as specified in the krb5.conf file. This directive (clockskew) must be specified in the [libdefaults] section.

Please check these and update us on the details.

Warm regards,

Vimal Kumar

thyrsus 05-14-2009 06:58 PM

Could be too many KDCs
 
In RHEL4, the kerberos library routine krb5int_make_srv_query_realm allocates a 2048 byte buffer for a DNS answer on the stack. I'm experiencing a DNS answer longer than that (2266 bytes) due to a large number of kdcs, but the routine just gives up, provoking the error message you experienced.

A workaround in /etc/krb5.conf is to use "dns_lookup_kdc = false" and to specify the kdc's for the domain explicitly. See the krb5.conf man page. Since I'm not reasonable, I'm trying to change the source code to allow a bigger DNS answer.

Andersonian 04-22-2011 03:09 PM

My fix
 
I was getting "kinit: Cannot find KDC for requested realm while getting initial credentials"

The fix was to rewrite the realm name in uppercase. I know, how silly. And it wasn't even me who wrote it "wrong" to begin with, it was the installer in Ubuntu.

Pithor 11-15-2013 09:45 AM

This is what worked for me
 
I fixed this problem by editing /etc/krb5.conf.
Changed it to:

[libdefaults]
default_realm = TESTDOM.LAN
dns_lookup_realm = false
dns_lookup_kdc = true

[realms]
TESTDOM.LAN = {
kdc = DC1.TESTDOM.LAN
admin_server = DC1.TESTDOM.LAN
}

[domain_realm]
.testdom.lan = TESTDOM.LAN
testdom.lan = TESTDOM.LAN

I hope this works for you.


All times are GMT -5. The time now is 09:18 PM.