LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-19-2006, 10:11 AM   #1
humayun
LQ Newbie
 
Registered: Feb 2006
Posts: 10

Rep: Reputation: 0
Cannot resolve network address for KDC in requested realm while getting initial crede


I have users who are unable to login to a Red Hat machine.

Linux version 2.6.9-5.ELsmp(bhcompile@decompose.build.redhat.com) (gcc version 3.4.3 20041212 (Red Hat 3.4.3-9.EL4)) #1 SMP Wed Jan 5 19:30:39 EST 2005

There error is below:
Cannot resolve network address for KDC in requested realm while getting initial credentials

I dont know what this error is about and didnt find the answer on google yet. Any help would be greatly appreciated.
Thanks.
 
Old 05-22-2006, 05:24 PM   #2
humayun
LQ Newbie
 
Registered: Feb 2006
Posts: 10

Original Poster
Rep: Reputation: 0
I hope someone can direct me to the right answer here.
Thanks.
 
Old 08-21-2007, 02:56 AM   #3
vimal
Red Hat India
 
Registered: Nov 2004
Location: Kerala/Pune,india
Distribution: RedHat, Fedora
Posts: 260

Rep: Reputation: 36
Hello Humayun,

The error "Cannot resolve network address for KDC in requested realm while getting initial credentials" mainly pops up when you don't have your /etc/resolv.conf' or '/etc/hosts' file set up properly. Could you please verify this and also check that all your DNS servers are working fine.Each host's canonical name must be a FQDN, including the domain, and each host's IP address must reverse-resolve the canonical name. The basic thing is that your client should be able to resolve the server address ( kerberos name specified in the /etc/krb5.conf ) properly. Also please ensure that your system time is synchronized with the Kerberos server.Hosts are configured to reject responses from any KDC whose clock is not within the specified maximum clock skew ( 300 secs / 5 min ), as specified in the krb5.conf file. This directive (clockskew) must be specified in the [libdefaults] section.

Please check these and update us on the details.

Warm regards,

Vimal Kumar

Last edited by vimal; 08-22-2007 at 02:49 AM.
 
Old 05-14-2009, 06:58 PM   #4
thyrsus
LQ Newbie
 
Registered: May 2006
Posts: 7

Rep: Reputation: 5
Unhappy Could be too many KDCs

In RHEL4, the kerberos library routine krb5int_make_srv_query_realm allocates a 2048 byte buffer for a DNS answer on the stack. I'm experiencing a DNS answer longer than that (2266 bytes) due to a large number of kdcs, but the routine just gives up, provoking the error message you experienced.

A workaround in /etc/krb5.conf is to use "dns_lookup_kdc = false" and to specify the kdc's for the domain explicitly. See the krb5.conf man page. Since I'm not reasonable, I'm trying to change the source code to allow a bigger DNS answer.
 
Old 04-22-2011, 03:09 PM   #5
Andersonian
LQ Newbie
 
Registered: Oct 2006
Location: California / Moldova
Distribution: bunch of Ubuntu flavors
Posts: 29

Rep: Reputation: 15
My fix

I was getting "kinit: Cannot find KDC for requested realm while getting initial credentials"

The fix was to rewrite the realm name in uppercase. I know, how silly. And it wasn't even me who wrote it "wrong" to begin with, it was the installer in Ubuntu.

Last edited by Andersonian; 04-22-2011 at 03:11 PM. Reason: typo
 
Old 11-15-2013, 09:45 AM   #6
Pithor
LQ Newbie
 
Registered: Nov 2013
Posts: 2

Rep: Reputation: Disabled
This is what worked for me

I fixed this problem by editing /etc/krb5.conf.
Changed it to:

[libdefaults]
default_realm = TESTDOM.LAN
dns_lookup_realm = false
dns_lookup_kdc = true

[realms]
TESTDOM.LAN = {
kdc = DC1.TESTDOM.LAN
admin_server = DC1.TESTDOM.LAN
}

[domain_realm]
.testdom.lan = TESTDOM.LAN
testdom.lan = TESTDOM.LAN

I hope this works for you.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ifup eth0 causing error messages - SIOCGIFADDR: Cannot assign requested address pxumsgdxpcvjm Linux - Networking 7 01-20-2006 06:22 PM
Ssh tunnel : cannot assign requested address sieker Linux - Networking 6 11-11-2005 01:10 PM
why does gateway ip address work to resolve names? tmmort Linux - Networking 3 09-26-2005 12:58 PM
Resolve IP to MAC Address TheRealDeal Linux - General 1 12-03-2003 07:16 PM
sendmail quits - cannot bind: Cannot assign requested address scott_r_wagner Linux - Software 5 09-14-2003 05:40 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 08:57 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration