Unable to setup Kerberos on Ubuntu 14.04 - krb5kdc: No such file or directory - while initializing database for realm myrealm
Solution 1
You need to create a database first:
kdb5_util create -s -r MYREALM
Where MYREALM
matches the realm name in your /var/kerberos/krb5kdc/kdc.conf
file.
Solution 2
I would do a full apt-get remove --purge and try following this tutorial. http://techpubs.spinlocksolutions.com/dklar/kerberos.html
Related videos on Youtube
victorhooi
Updated on September 18, 2022Comments
-
victorhooi almost 2 years
I'm attempting to follow the guide on the Ubuntu wiki for installing and setting up Kerberos. I am running Ubuntu 14.04 (LTS) 64-bit. I have setup avahi-daemon in order to provide .local DNS names. I have then run:
sudo apt-get install krb5-kdc krb5-admin-server
The dialog asks me for a realm, as well as the hostname of the server, both of which I enter. However, it then seems to hit an error:
krb5kdc: cannot initialize realm myrealm - see log file for details ...fail!
The only problem - there is no logfile. It seems the default
/etc/krb5.conf
doesn't actually have logging enabled. Anyhow, I add the following to it:[logging] default = FILE:/var/log/krb5.log
and then try running:
sudo dpkg-reconfigure krb5-kdc
It still errors out, but this time, in
/var/log/krb5.log
, I see:krb5kdc: No such file or directory - while initializing database for realm myrealm
However, it doesn't actually tell me what file or directory is missing.
This is my
krb5.conf
[libdefaults] default_realm = myrealm # The following krb5.conf variables are only for MIT Kerberos. krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true # The following encryption type specification will be used by MIT Kerberos # if uncommented. In general, the defaults in the MIT Kerberos code are # correct and overriding these specifications only serves to disable new # encryption types as they are added, creating interoperability problems. # # Thie only time when you might need to uncomment these lines and change # the enctypes is if you have local software that will break on ticket # caches containing ticket encryption types it doesn't know about (such as # old versions of Sun Java). # default_tgs_enctypes = des3-hmac-sha1 # default_tkt_enctypes = des3-hmac-sha1 # permitted_enctypes = des3-hmac-sha1 # The following libdefaults parameters are only for Heimdal Kerberos. v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } } fcc-mit-ticketflags = true [logging] default = FILE:/var/log/krb5.log [realms] myrealm = { kdc = kerberos-myname-syd.local admin_server = kerberos-myname-syd.local } ATHENA.MIT.EDU = { kdc = kerberos.mit.edu:88 kdc = kerberos-1.mit.edu:88 kdc = kerberos-2.mit.edu:88 admin_server = kerberos.mit.edu default_domain = mit.edu <cut> [domain_realm] .mit.edu = ATHENA.MIT.EDU mit.edu = ATHENA.MIT.EDU .media.mit.edu = MEDIA-LAB.MIT.EDU media.mit.edu = MEDIA-LAB.MIT.EDU .csail.mit.edu = CSAIL.MIT.EDU csail.mit.edu = CSAIL.MIT.EDU .whoi.edu = ATHENA.MIT.EDU whoi.edu = ATHENA.MIT.EDU .stanford.edu = stanford.edu .slac.stanford.edu = SLAC.STANFORD.EDU .toronto.edu = UTORONTO.CA .utoronto.ca = UTORONTO.CA [login] krb4_convert = true krb4_get_tickets = false ~ ~
This is my
/etc/krb5/kdc.conf
file:[kdcdefaults] kdc_ports = 750,88 [realms] myrealm = { database_name = /var/lib/krb5kdc/principal admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab acl_file = /etc/krb5kdc/kadm5.acl key_stash_file = /etc/krb5kdc/stash kdc_ports = 750,88 max_life = 10h 0m 0s max_renewable_life = 7d 0h 0m 0s master_key_type = des3-hmac-sha1 supported_enctypes = aes256-cts:normal arcfour-hmac:normal des3-hmac-sha1:normal des-cbc-crc:normal des:normal des:v4 des:norealm des:onlyrealm des:afs3 default_principal_flags = +preauth }
Any thoughts on what's going on?
-
tovmeod over 9 yearsrun the command with sudo, else it will say Permission denied
-
matt wilkie over 5 yearsI'm pretty sure
myrealm
should be upper case, matchingkrb5.conf
, e.g.ATHENA.MIT.EDU