Cannot resolve network address for KDC in requested realm while getting initial crede
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Cannot resolve network address for KDC in requested realm while getting initial crede
I have users who are unable to login to a Red Hat machine.
Linux version 2.6.9-5.ELsmp(bhcompile@decompose.build.redhat.com) (gcc version 3.4.3 20041212 (Red Hat 3.4.3-9.EL4)) #1 SMP Wed Jan 5 19:30:39 EST 2005
There error is below:
Cannot resolve network address for KDC in requested realm while getting initial credentials
I dont know what this error is about and didnt find the answer on google yet. Any help would be greatly appreciated.
Thanks.
The error "Cannot resolve network address for KDC in requested realm while getting initial credentials" mainly pops up when you don't have your /etc/resolv.conf' or '/etc/hosts' file set up properly. Could you please verify this and also check that all your DNS servers are working fine.Each host's canonical name must be a FQDN, including the domain, and each host's IP address must reverse-resolve the canonical name. The basic thing is that your client should be able to resolve the server address ( kerberos name specified in the /etc/krb5.conf ) properly. Also please ensure that your system time is synchronized with the Kerberos server.Hosts are configured to reject responses from any KDC whose clock is not within the specified maximum clock skew ( 300 secs / 5 min ), as specified in the krb5.conf file. This directive (clockskew) must be specified in the [libdefaults] section.
In RHEL4, the kerberos library routine krb5int_make_srv_query_realm allocates a 2048 byte buffer for a DNS answer on the stack. I'm experiencing a DNS answer longer than that (2266 bytes) due to a large number of kdcs, but the routine just gives up, provoking the error message you experienced.
A workaround in /etc/krb5.conf is to use "dns_lookup_kdc = false" and to specify the kdc's for the domain explicitly. See the krb5.conf man page. Since I'm not reasonable, I'm trying to change the source code to allow a bigger DNS answer.
I was getting "kinit: Cannot find KDC for requested realm while getting initial credentials"
The fix was to rewrite the realm name in uppercase. I know, how silly. And it wasn't even me who wrote it "wrong" to begin with, it was the installer in Ubuntu.
Last edited by Andersonian; 04-22-2011 at 03:11 PM.
Reason: typo
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.