I may have gotten it, thanks to this thread that I found once I started kpropd on the console, and saw some more useful information:
http://mailman.mit.edu/pipermail/krb5-bugs/2006-June/004749.html Just in case that helps anyone else out . . . Now I finally have Kerberos and OpenLDAP replication working (with SASL-GSSAPI for the LDAP part). Who needs Active Directory? :-) On 5/9/07 7:52 PM, "Sean Elble" <[EMAIL PROTECTED]> wrote: > Hi all, > > This is my first time posting on the list, mainly because the documentation > is terrific, and I really haven't had any problems with Kerberos - Until > now, of course. > > My issue is in setting up a slave KDC here at my home "lab". My master (and > only, to this point) KDC is running on a FC4 box, and is currently at > whatever the last version of Kerberos is that was available on that version > of Fedora (1.4.1). Yeah, I know I need to upgrade that box, but first thing > is first, and I need to get another box doing Kerberos and OpenLDAP before > this other box can be touched. > > So, I tried setting up this slave KDC on a fresh CentOS 5 box. I followed > the instructions listed on the install page, but when it comes to run kprop > on the master, I get this message: > > [EMAIL PROTECTED] ~]# kprop -d -f /var/kerberos/krb5kdc/slave_datatrans > athena.sessys.com > 8976 bytes sent. > kprop: Software caused connection abort while reading response from server > > And from the /var/log/messages log on athena.sessys.com: > > May 9 19:40:39 athena kpropd[22326]: Connection from intranet.sessys.com > May 9 19:40:39 athena kpropd[22326]: /usr/kerberos/sbin/kpropd: > /usr/kerberos/sbin/kdb5_util returned a bad exit status (1) > > It at least partially worked, as I get this for a ls in > /var/kerberos/krb5kdc: > > [EMAIL PROTECTED] log]# ls -lah /var/kerberos/krb5kdc/ > total 44K > drwxr-xr-x 2 root root 4.0K May 9 19:40 . > drwxr-xr-x 3 root root 4.0K May 9 19:22 .. > -rw------- 1 root root 8.8K May 9 19:40 from_master > -rw-r--r-- 1 root root 807 May 9 19:24 kdc.conf > -rw-r--r-- 1 root root 70 May 9 19:25 kpropd.acl > -rw------- 1 root root 8.0K May 9 19:40 principal~ > -rw------- 1 root root 8.0K May 9 19:40 principal~.kadm5 > -rw------- 1 root root 0 May 9 19:40 principal~.kadm5.lock > -rw------- 1 root root 0 May 9 19:40 principal~.ok > > Kpropd.acl should be configured correctly, as it has the host principals for > both the master and slave on both the master and the slave. The principals > are configured correctly, and their keytabs should be extracted correctly - > After all, it is getting fairly far in the process. > > As best as I can figure, this is an issue/incompatibility between the > different Kerberos versions, but if anyone wants to confirm or deny that, I > would very much appreciate it (as I will otherwise try to install a matching > version on the master KDC, after backing up my database, of course). Thanks, > in advance. -- +-------------------------------------------------+ | Sean Elble | | Virginia Tech, Class of 2008 | | Vice President, VTLUUG | | E-Mail: [EMAIL PROTECTED] | | Web: http://www.sessys.com/~elbles/ | | Cell: 860.946.9477 | +-------------------------------------------------+ ________________________________________________________________________ SES Computer Systems Anti-Virus and Anti-Spam E-Mail Filtering Powered By ClamAV & SpamAssassin ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
