Verify you have created the database and added principals .
]]>sudo tail -n 50 /var/log/krb5kdc.log
Jul 30 01:19:25 archlinux krb5kdc[1068](Error): Cannot open DB2 database '/var/lib/krb5kdc/principal': No such file or directory - while initializing database for realm LAB.FAMILYOFJACKSONS.COM
]]>The problem that I am having is that when I run kinit admin, it sits for a few seconds, them exits with an error message.
Output of
KRB5_TRACE=/dev/stdout kinit admin
:
123456789[423] 1659197814.878661: Getting initial credentials for admin@LAB.FAMILYOFJACKSONS.COM
[423] 1659197814.878663: Sending unauthenticated request
[423] 1659197814.878664: Sending request (209 bytes) to LAB.FAMILYOFJACKSONS.COM
[423] 1659197814.878665: Resolving hostname freeipa.lab.familyofjacksons.com
[423] 1659197814.878666: Sending initial UDP request to dgram 192.168.1.224:749
[423] 1659197814.878667: Initiating TCP connection to stream 192.168.1.224:749
[423] 1659197814.878668: Sending TCP request to stream 192.168.1.224:749
[423] 1659197838.906248: Terminating TCP connection to stream 192.168.1.224:749
kinit: Cannot contact any KDC for realm 'LAB.FAMILYOFJACKSONS.COM' while getting initial credentials
My /etc/sssd/sssd.conf file: https://bucket.arsrobotics.org/minecraf … 925597762e
My /etc/krb5.conf file: https://bucket.arsrobotics.org/minecraf … 4bdc63c9ea
Output of
dig -t srv _ldap._tcp.lab.familyofjacksons.com
:
12345678910111213141516171819202122; <<>> DiG 9.18.5 <<>> -t srv _ldap._tcp.lab.familyofjacksons.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32498
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 051b84665380ec480100000062e559e4246c929649b78661 (good)
;; QUESTION SECTION:
;_ldap._tcp.lab.familyofjacksons.com. IN SRV
;; ANSWER SECTION:
_ldap._tcp.lab.familyofjacksons.com. 86400 IN SRV 0 100 389 freeipa.lab.familyofjacksons.com.
;; ADDITIONAL SECTION:
freeipa.lab.familyofjacksons.com. 1200 IN A 192.168.1.224
;; Query time: 0 msec
;; SERVER: 192.168.1.224#53(192.168.1.224) (UDP)
;; WHEN: Sat Jul 30 16:18:44 UTC 2022
;; MSG SIZE rcvd: 160
Output of
dig -t srv _kerberos._udp.lab.familyofjacksons.com
:
12345678910111213141516171819202122; <<>> DiG 9.18.5 <<>> -t srv _kerberos._udp.lab.familyofjacksons.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5478
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 86cbf796d7cbc63a0100000062e55a0f72b827269f727601 (good)
;; QUESTION SECTION:
;_kerberos._udp.lab.familyofjacksons.com. IN SRV
;; ANSWER SECTION:
_kerberos._udp.lab.familyofjacksons.com. 86400 IN SRV 0 100 88 freeipa.lab.familyofjacksons.com.
;; ADDITIONAL SECTION:
freeipa.lab.familyofjacksons.com. 1200 IN A 192.168.1.224
;; Query time: 0 msec
;; SERVER: 192.168.1.224#53(192.168.1.224) (UDP)
;; WHEN: Sat Jul 30 16:19:27 UTC 2022
;; MSG SIZE rcvd: 164
I have ensured that the firewall isn't blocking the required ports (it was previously which was causing a connection termination immediately, now fixed), that the required ports are being listened on by the server, and have even gone as far as to temporally turn off the firewall on the server. This hasn't fixed the problem.
.
I have also downloaded the servers TLS cert and ensured that they are installed, and generated the keytab and installed it on the client.