Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
kadmind fails to start
258 views
Skip to first unread message
Anno Nühm
May 19, 2021, 4:03:54 PM5/19/21
to kerb...@mit.edu
Hi,
I am in the wake of setting up ad MIT Kerberos5 kdc on a Raspberry Pi 2.
As being a noob in such matters, I spent quite a fair number of hours on The Net, reading various documents, blogs, posts, forum entries, which helped really a lot.
Presently I am trying to get kadmind up and running, which unfortunately I am struggling with. In the corresponding log file it is reading something like
May 19 18:12:00 MyKdc-01 kadmind[3412](info): No dictionary file specified, continuing without one.
May 19 18:12:00 MyKdc-01 kadmind[3412](info): setting up network...
May 19 18:12:00 MyKdc-01 kadmind[3412](info): setsockopt(9,IPV6_V6ONLY,1) worked
May 19 18:12:00 MyKdc-01 kadmind[3412](info): setsockopt(11,IPV6_V6ONLY,1) worked
May 19 18:12:00 MyKdc-01 kadmind[3412](Error): Address already in use - Cannot bind server socket on 0.0.0.0.749
May 19 18:12:00 MyKdc-01 kadmind[3412](Error): Failed setting up a RPC socket (for 0.0.0.0.749)
May 19 18:12:00 MyKdc-01 kadmind[3412](Error): Address already in use - Error setting up network
My /etc/krb5.conf
[libdefaults]
default_realm = MYDOM.LOCAL
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
fcc-mit-ticketflags = true
[realms]
MYDOM.LOCAL = {
kdc = mykdc-01.mydom.local:88
admin_server = mykdc-01.mydom.local:749
default_domain = mydom.local
}
[domain_realm]
.local = MYDOM.LOCAL
and my /etc/krb5kdc/kdc.conf
[kdcdefaults]
kdc_listen = 88
kdc_tcp_listen = 88
[realms]
MYDOM.LOCAL = {
kadmind_port = 749
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
master_key_type = des3-hmac-sha1
default_principal_flags = +preauth
database_name = /var/lib/krb5kdc/principal
admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
acl_file = /etc/krb5kdc/kadm5.acl
key_stash_file = /etc/krb5kdc/stash
}
[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmin.log
default = FILE:/var/log/krb5/krb5lib.log
Any hint as how to tackle this one would be more than appreciated. :)
-
Anno
I am in the wake of setting up ad MIT Kerberos5 kdc on a Raspberry Pi 2.
As being a noob in such matters, I spent quite a fair number of hours on The Net, reading various documents, blogs, posts, forum entries, which helped really a lot.
Presently I am trying to get kadmind up and running, which unfortunately I am struggling with. In the corresponding log file it is reading something like
May 19 18:12:00 MyKdc-01 kadmind[3412](info): No dictionary file specified, continuing without one.
May 19 18:12:00 MyKdc-01 kadmind[3412](info): setting up network...
May 19 18:12:00 MyKdc-01 kadmind[3412](info): setsockopt(9,IPV6_V6ONLY,1) worked
May 19 18:12:00 MyKdc-01 kadmind[3412](info): setsockopt(11,IPV6_V6ONLY,1) worked
May 19 18:12:00 MyKdc-01 kadmind[3412](Error): Address already in use - Cannot bind server socket on 0.0.0.0.749
May 19 18:12:00 MyKdc-01 kadmind[3412](Error): Failed setting up a RPC socket (for 0.0.0.0.749)
May 19 18:12:00 MyKdc-01 kadmind[3412](Error): Address already in use - Error setting up network
My /etc/krb5.conf
[libdefaults]
default_realm = MYDOM.LOCAL
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
fcc-mit-ticketflags = true
[realms]
MYDOM.LOCAL = {
kdc = mykdc-01.mydom.local:88
admin_server = mykdc-01.mydom.local:749
default_domain = mydom.local
}
[domain_realm]
.local = MYDOM.LOCAL
and my /etc/krb5kdc/kdc.conf
[kdcdefaults]
kdc_listen = 88
kdc_tcp_listen = 88
[realms]
MYDOM.LOCAL = {
kadmind_port = 749
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
master_key_type = des3-hmac-sha1
default_principal_flags = +preauth
database_name = /var/lib/krb5kdc/principal
admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
acl_file = /etc/krb5kdc/kadm5.acl
key_stash_file = /etc/krb5kdc/stash
}
[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmin.log
default = FILE:/var/log/krb5/krb5lib.log
Any hint as how to tackle this one would be more than appreciated. :)
-
Anno
Ken Hornstein
May 19, 2021, 4:49:41 PM5/19/21
to Anno Nühm, kerb...@mit.edu
> May 19 18:12:00 MyKdc-01 kadmind[3412](info): No dictionary file specified, continuing without one.
So you can safely ignore this one.
> May 19 18:12:00 MyKdc-01 kadmind[3412](info): setting up network...
> May 19 18:12:00 MyKdc-01 kadmind[3412](info): setsockopt(9,IPV6_V6ONLY,1) worked
> May 19 18:12:00 MyKdc-01 kadmind[3412](info): setsockopt(11,IPV6_V6ONLY,1) worked
> May 19 18:12:00 MyKdc-01 kadmind[3412](Error): Address already in use - Cannot bind server socket on 0.0.0.0.749
Is it possible you already have another instance of kadmind running?
If you run
netstat -a -n -A inet -p | grep 749
It should show you what process is currently using port 749 (I think you'll
need to do that as root).
--Ken
Predrag Zecevic
May 20, 2021, 3:56:05 AM5/20/21
to kerb...@mit.edu
Something uses that port:
On 19.05.2021 22:03, Anno Nühm wrote:
> Address already in use - Cannot bind server socket on 0.0.0.0.749
Check (when kadmin is down):
:; nc -vz 0.0.0.0 749 # TCP
:; nv -vzu 0.0.0.0 749 # UDP
If you get success, then some process uses that port. You might check
with lsof:
:; lsof -i :749 # not sure if syntax is correct, please double check
HTH,
Regards.
--
Predrag Zečević
Technical Support Analyst
2e Systems GmbH
tel: +49 - 6196 - 95058 - 15
mob: +49 - 174 - 3109288
fax: +49 - 6196 - 95058 - 94
e-mail: predrag...@2e-systems.com
headquarter: 2e Systems GmbH, Koenigsteiner Str. 107, 65812 Bad Soden am
Taunus, Germany
registration: Amtsgericht Koenigstein (Germany), HRB 7303
managing director: Phil Douglas
http://www.2e-systems.com/ - Making your business fly!
On 19.05.2021 22:03, Anno Nühm wrote:
> Address already in use - Cannot bind server socket on 0.0.0.0.749
:; nc -vz 0.0.0.0 749 # TCP
:; nv -vzu 0.0.0.0 749 # UDP
If you get success, then some process uses that port. You might check
with lsof:
:; lsof -i :749 # not sure if syntax is correct, please double check
HTH,
Regards.
--
Predrag Zečević
Technical Support Analyst
2e Systems GmbH
tel: +49 - 6196 - 95058 - 15
mob: +49 - 174 - 3109288
fax: +49 - 6196 - 95058 - 94
e-mail: predrag...@2e-systems.com
headquarter: 2e Systems GmbH, Koenigsteiner Str. 107, 65812 Bad Soden am
Taunus, Germany
registration: Amtsgericht Koenigstein (Germany), HRB 7303
managing director: Phil Douglas
http://www.2e-systems.com/ - Making your business fly!
0 new messages