From owner-freebsd-questions@FreeBSD.ORG Mon Dec 15 09:27:13 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A0C66DD4 for ; Mon, 15 Dec 2014 09:27:13 +0000 (UTC) Received: from mail.unitedinsong.com.au (mail.unitedinsong.com.au [150.101.178.33]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5815BED1 for ; Mon, 15 Dec 2014 09:27:13 +0000 (UTC) Received: from [192.168.0.114] (laptop1.herveybayaustralia.com.au [192.168.0.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.unitedinsong.com.au (Postfix) with ESMTPSA id CE65627363 for ; Mon, 15 Dec 2014 19:21:08 +1000 (EST) Message-ID: <548EA803.3060208@herveybayaustralia.com.au> Date: Mon, 15 Dec 2014 19:21:07 +1000 From: Da Rock User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: krb5 issues Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Dec 2014 09:27:13 -0000 I'm playing around with kerberos and to cut a long story short I'm trying to get the mit krb working - has to be I'm afraid. I've built it from ports with ldap backend support, but after a lot of playing around I still can't get it to work and I'm tearing my hair out. Unfortunately krb5kdc is not very talkative or coherent either. I've already come across some areas where it says one thing yet means another, but I've now been over all this near 10 times now and even some imaginative speculation isn't resolving anything. What I have is this in my rc.conf (out of the handbook): kerberos5_server_enable="YES" kadmind5_server_enable="YES" kerberos5_server="/usr/local/sbin/krb5kdc" kadmind5_server="/usr/local/sbin/kadmind" kerberos5_server_flags="" And krb5.conf: [libdefaults] default_realm = [realms] = { kdc = admin_server = } [domain_realm] . = And kdc.conf: [kdcdefaults] kdc_ports = 88 [realms] = { kadmind_port = 749 max_life = 12h 0m 0s max_renewable_life = 7d 0h 0m 0s master_key_type = supported_enctypes = database_module = } [logging] default = CONSOLE default = FILE: kdc = CONSOLE kdc = FILE: admin_server = FILE: [dbdefaults] [dbmodules] = { db_library = kldap db_module_dir = /usr/local/lib/krb5/plugins/kdb/ disable_last_success = true ldap_kerberos_container_dn = ldap_kdc_dn = "" ldap_kadmind_dn = "" ldap_service_password_file = ldap_servers = ldapi:// ldap_conns_per_server = 5 The error I get on the console when I run either krb5kdc directly or the rc script is: krb5kdc: cannot initialize realm - see log file for details The log files simply refuse to give anything, and stubbornly remain empty. kldap exists and ldd seems to show that the library is included in the system as well. Anyone have anything or seen similar at some point? TIA