Hi,

I am in the wake of setting up ad MIT Kerberos5 kdc on a Raspberry Pi 2.

As being a noob in such matters, I spent quite a fair number of hours on The Net, reading various documents, blogs, posts, forum entries, which helped really a lot.

Presently I am trying to get kadmind up and running, which unfortunately I am struggling with. In the corresponding log file it is reading something like

May 19 18:12:00 MyKdc-01 kadmind[3412](info): No dictionary file specified, continuing without one.
May 19 18:12:00 MyKdc-01 kadmind[3412](info): setting up network...
May 19 18:12:00 MyKdc-01 kadmind[3412](info): setsockopt(9,IPV6_V6ONLY,1) worked
May 19 18:12:00 MyKdc-01 kadmind[3412](info): setsockopt(11,IPV6_V6ONLY,1) worked
May 19 18:12:00 MyKdc-01 kadmind[3412](Error): Address already in use - Cannot bind server socket on 0.0.0.0.749
May 19 18:12:00 MyKdc-01 kadmind[3412](Error): Failed setting up a RPC socket (for 0.0.0.0.749)
May 19 18:12:00 MyKdc-01 kadmind[3412](Error): Address already in use - Error setting up network

My /etc/krb5.conf

[libdefaults]
default_realm = MYDOM.LOCAL

kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true

fcc-mit-ticketflags = true

[realms]
MYDOM.LOCAL = {
kdc = mykdc-01.mydom.local:88
admin_server = mykdc-01.mydom.local:749
default_domain = mydom.local
}
[domain_realm]
.local = MYDOM.LOCAL

and my /etc/krb5kdc/kdc.conf

[kdcdefaults]
kdc_listen = 88
kdc_tcp_listen = 88

[realms]
MYDOM.LOCAL = {
kadmind_port = 749
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
master_key_type = des3-hmac-sha1
default_principal_flags = +preauth
database_name = /var/lib/krb5kdc/principal
admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
acl_file = /etc/krb5kdc/kadm5.acl
key_stash_file = /etc/krb5kdc/stash
}

[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmin.log
default = FILE:/var/log/krb5/krb5lib.log

Any hint as how to tackle this one would be more than appreciated. :)
-
Anno

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Copy: kerberos@mit.edu

May 19 18:12:00 MyKdc-01 kadmind[3412](info): No dictionary file specified, continuing without one.

So you can safely ignore this one.

May 19 18:12:00 MyKdc-01 kadmind[3412](info): setting up network...
May 19 18:12:00 MyKdc-01 kadmind[3412](info): setsockopt(9,IPV6_V6ONLY,1) worked
May 19 18:12:00 MyKdc-01 kadmind[3412](info): setsockopt(11,IPV6_V6ONLY,1) worked
May 19 18:12:00 MyKdc-01 kadmind[3412](Error): Address already in use - Cannot bind server socket on 0.0.0.0.749

This is the key error.

Is it possible you already have another instance of kadmind running?

If you run

netstat -a -n -A inet -p | grep 749

It should show you what process is currently using port 749 (I think you'll need to do that as root).

--Ken

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Something uses that port:

On 19.05.2021 22:03, Anno Nühm wrote:

Address already in use - Cannot bind server socket on 0.0.0.0.749

Check (when kadmin is down):
:; nc -vz 0.0.0.0 749 # TCP
:; nv -vzu 0.0.0.0 749 # UDP

If you get success, then some process uses that port. You might check
with lsof:
:; lsof -i :749 # not sure if syntax is correct, please double check

HTH,
Regards.
--
Predrag Zečević
Technical Support Analyst
2e Systems GmbH

tel: +49 - 6196 - 95058 - 15
mob: +49 - 174 - 3109288
fax: +49 - 6196 - 95058 - 94
e-mail: predrag.zecevic@2e-systems.com

headquarter: 2e Systems GmbH, Koenigsteiner Str. 107, 65812 Bad Soden am Taunus, Germany
registration: Amtsgericht Koenigstein (Germany), HRB 7303
managing director: Phil Douglas

http://www.2e-systems.com/ - Making your business fly!

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)