>Thanks Greg. I should have remembered that. It exposed the fact >that the kiprop/ principal for the host was missing. I created the >principal and added it to /etc/krb5.keytab. This moved the error, but >I am still getting failures to replicate. Here is the debug log:
Did you, in fact, create that principal? I ask because the error you are getting is: >[27738] 1658108981.225629: Received error from KDC: -1765328377/Server not >found in Kerberos database Which suggests you did not (although it wasn't from the primary KDC, which suggests that maybe whatever KDC you used didn't have it replicated yet). The KDC logs should explain what went wrong. As a side note: I ran into an issue on CentOS 7 where systemd would start up kpropd before DNS resolution was working, so on reboot kpropd wouldn't work because it couldn't canonicalize it's local hostname. My solution was to write a special systemd service which would act as a provider for nss-lookup.target (because nothing on CentOS 7 actually provides that functionality). I'm not saying that's your issue, but something worth noting. --Ken ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
