1. Forum
  2. Usenet
  3. COMP.PROTOCOLS.KERBEROS

  • kadmind fails to start

    From =?utf-8?Q?Anno_N=C3=BChm?=@21:1/5 to All on Wed May 19 22:03:17 2021
    Hi,

    I am in the wake of setting up ad MIT Kerberos5 kdc on a Raspberry Pi 2.

    As being a noob in such matters, I spent quite a fair number of hours on The Net, reading various documents, blogs, posts, forum entries, which helped really a lot.

    Presently I am trying to get kadmind up and running, which unfortunately I am struggling with. In the corresponding log file it is reading something like

    May 19 18:12:00 MyKdc-01 kadmind[3412](info): No dictionary file specified, continuing without one.
    May 19 18:12:00 MyKdc-01 kadmind[3412](info): setting up network...
    May 19 18:12:00 MyKdc-01 kadmind[3412](info): setsockopt(9,IPV6_V6ONLY,1) worked
    May 19 18:12:00 MyKdc-01 kadmind[3412](info): setsockopt(11,IPV6_V6ONLY,1) worked
    May 19 18:12:00 MyKdc-01 kadmind[3412](Error): Address already in use - Cannot bind server socket on 0.0.0.0.749
    May 19 18:12:00 MyKdc-01 kadmind[3412](Error): Failed setting up a RPC socket (for 0.0.0.0.749)
    May 19 18:12:00 MyKdc-01 kadmind[3412](Error): Address already in use - Error setting up network

    My /etc/krb5.conf

    [libdefaults]
    default_realm = MYDOM.LOCAL

    kdc_timesync = 1
    ccache_type = 4
    forwardable = true
    proxiable = true

    fcc-mit-ticketflags = true

    [realms]
    MYDOM.LOCAL = {
    kdc = mykdc-01.mydom.local:88
    admin_server = mykdc-01.mydom.local:749
    default_domain = mydom.local
    }
    [domain_realm]
    .local = MYDOM.LOCAL

    and my /etc/krb5kdc/kdc.conf

    [kdcdefaults]
    kdc_listen = 88
    kdc_tcp_listen = 88

    [realms]
    MYDOM.LOCAL = {
    kadmind_port = 749
    max_life = 10h 0m 0s
    max_renewable_life = 7d 0h 0m 0s
    master_key_type = des3-hmac-sha1
    default_principal_flags = +preauth
    database_name = /var/lib/krb5kdc/principal
    admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
    acl_file = /etc/krb5kdc/kadm5.acl
    key_stash_file = /etc/krb5kdc/stash
    }

    [logging]
    kdc = FILE:/var/log/krb5/krb5kdc.log
    admin_server = FILE:/var/log/krb5/kadmin.log
    default = FILE:/var/log/krb5/krb5lib.log

    Any hint as how to tackle this one would be more than appreciated. :)
    -
    Anno

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Ken Hornstein@21:1/5 to =?utf-8?Q?Anno_N=C3=BChm?= on Wed May 19 16:48:46 2021
    Copy: kerberos@mit.edu

    May 19 18:12:00 MyKdc-01 kadmind[3412](info): No dictionary file specified, continuing without one.

    So you can safely ignore this one.

    May 19 18:12:00 MyKdc-01 kadmind[3412](info): setting up network...
    May 19 18:12:00 MyKdc-01 kadmind[3412](info): setsockopt(9,IPV6_V6ONLY,1) worked
    May 19 18:12:00 MyKdc-01 kadmind[3412](info): setsockopt(11,IPV6_V6ONLY,1) worked
    May 19 18:12:00 MyKdc-01 kadmind[3412](Error): Address already in use - Cannot bind server socket on 0.0.0.0.749

    This is the key error.

    Is it possible you already have another instance of kadmind running?

    If you run

    netstat -a -n -A inet -p | grep 749

    It should show you what process is currently using port 749 (I think you'll need to do that as root).

    --Ken

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Predrag Zecevic@21:1/5 to All on Thu May 20 09:55:51 2021
    Something uses that port:

    On 19.05.2021 22:03, Anno Nühm wrote:
    Address already in use - Cannot bind server socket on 0.0.0.0.749

    Check (when kadmin is down):
    :; nc -vz 0.0.0.0 749 # TCP
    :; nv -vzu 0.0.0.0 749 # UDP

    If you get success, then some process uses that port. You might check
    with lsof:
    :; lsof -i :749 # not sure if syntax is correct, please double check

    HTH,
    Regards.
    --
    Predrag Zečević
    Technical Support Analyst
    2e Systems GmbH

    tel: +49 - 6196 - 95058 - 15
    mob: +49 - 174 - 3109288
    fax: +49 - 6196 - 95058 - 94
    e-mail: predrag.zecevic@2e-systems.com

    headquarter: 2e Systems GmbH, Koenigsteiner Str. 107, 65812 Bad Soden am Taunus, Germany
    registration: Amtsgericht Koenigstein (Germany), HRB 7303
    managing director: Phil Douglas

    http://www.2e-systems.com/ - Making your business fly!

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)