Hello All,

As per subject i have configure LDAP and it's working fine. problem is that when i configure kerberos i have found below mention error during installation of kerberos packages:

krb5kdc: cannot initialize realm EXAMPLE.COM - see log file for details

as per error message i have check logs but not found any error regarding this.

kindly guide me where i made a mistake or how to resolve this issue.

Not enough info. Which log files did you check? Which log files did you configure kerberos to log to?

Hope that "EXAMPLE.COM" isn't in your krb5.conf file... (its there as an example, not something to use).

Thanks for prompt reply.

i have see logs in /var/log/syslog.
DNS and Ldap both working fine but still have problem in kerberos.

hi... does that mean that you have't set up kerberos yet? You need to create database first and a master administrator, try:
$ sudo krb5_newrealm
and follow from there

Dear esso82,

Thanks for suggest. Pl find details as below:
I have run this command for install kerberos:

# apt-get install krb5-kdc krb5-admin-server

status at the end of process is:
Setting up krb5-config (2.2) ...
Setting up krb5-user (1.10+dfsg~beta1-2ubuntu0.3) ...
Setting up libverto1 (0.2.2-1ubuntu1) ...
Setting up libverto-libevent1 (0.2.2-1ubuntu1) ...
Setting up krb5-kdc (1.10+dfsg~beta1-2ubuntu0.3) ...
krb5kdc: cannot initialize realm EXAMPLE.COM - see log file for details
Setting up krb5-admin-server (1.10+dfsg~beta1-2ubuntu0.3) ...
kadmind: No such file or directory while initializing, aborting
Processing triggers for libc-bin ...
ldconfig deferred processing now taking place.

and after this completion i have run below mention command:

# krb5_newrealm

and here system got stuck and not getting any output for long time.

when i see /var/log/syslog below mention status is found.

Apr 14 16:22:13 ldap kernel: [ 3527.508227] type=1400 audit(1397472733.011:13): apparmor="STATUS" operation="profile_load" name="/usr/sbin/slapd" pid=4291 comm="apparmor_parser"
Apr 14 16:22:13 ldap slapd[4320]: @(#) $OpenLDAP: slapd (Sep 19 2013 22:49:31) $#012#011buildd@batsu:/build/buildd/openldap-2.4.28/debian/build/servers/slapd
Apr 14 16:22:13 ldap slapd[4321]: slapd starting

Don't know why it tries to setup before getting configuration files...(though it could work if it already had configuration files).

You have to create a krb5.conf file to define the realm (both for clients and the KDC master, and hopefully a slave). Then the krb5_newrealm can do some of the following (can't do the slave stuff though)

Then you have to create the realm database for realm on the KDC.

After that you can start the KDC server(s) on the master (for password updates and the database)

create a user principal (for testing at a minimum), and see if you can do a kinit for that principal.

Define keytabs for the master, and start any kerberos services (ours only used ssh).

create a user principal (for testing at a minimum).

Define keytabs for the slave, and start any services...

start the slave server so that the master can propagate the initial data to the slave.

Take the krb5.conf file used and install it on a client system, and try a kinit.

If everything still works you are ready to create keytabs for any application servers and users.