Cannot resolve network address for KDC in requested realm!

Tue Nov 22 02:46:26 EST 2005

thanks for ur reply, i still have the same problem

here is the commands i use on the client side:
**********************************************************************************************************
kinit host/machine.mydomain.org  (i used klist to list tickets and i found one for the host/machine.mydomain.org)
./sample-client -s host -n mydomain.org -m GSSAPI
lt-sample-client: SASL Other: GSSAPI Error: Miscellaneous failure (Cannot resolve network address for KDC in requested realm)
error was SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure (Cannot resolve network address for KDC in requested realm)
lt-sample-client: Starting SASL negotiation: generic failure
**********************************************************************************************************

here is the conf file on the client machine:
**********************************************************************************************************
# Begin /etc/heimdal/krb5.conf
[libdefaults]
    default_realm = MYDOMAIN.ORG
[realms]
    MYDOMAIN.ORG= {
        kdc = mydomain.org
        admin_server = mydomain.org
        kpasswd_server = mydomain.org
    }
[domain_realm]
    .mydomain.org= MYDOMAIN.ORG
[logging]
    kdc = FILE:/var/log/kdc.log
    admin_server = FILE:/var/log/kadmin.log
    default = FILE:/var/log/krb.log
# End /etc/heimdal/krb5.conf
************************************************************************************************************

here is the output of the "nmap localhost" of the KDC server:
************************************************************************************************************
PORT     STATE SERVICE
22/tcp   open  ssh
25/tcp   open  smtp
80/tcp   open  http
88/tcp   open  kerberos-sec
111/tcp  open  rpcbind
389/tcp  open  ldap
543/tcp  open  klogin
631/tcp  open  ipp
636/tcp  open  ldapssl
749/tcp  open  kerberos-adm
750/tcp  open  kerberos
907/tcp  open  unknown
919/tcp  open  unknown
2049/tcp open  nfs
***********************************************************************************************************
really i don't know what is wrong! kinit successfully acquired the ticket,  KDC service is running! and the krb5.conf exsits!
i hope u can help...
thanks alot for ur time
Amir Saad
Software Engineer

________________________________

From: M.Kondrin [mailto:mkondrin at hppi.troitsk.ru]
Sent: Tue 11/22/2005 8:59 AM
To: Amir Saad
Cc: cyrus-sasl at lists.andrew.cmu.edu
Subject: Re: Cannot resolve network address for KDC in requested realm!

Amir Saad wrote:

>i use Heidmal Kerberos 5 , Cyrus-SASL 2.1.19 , Fedora 4
>i'm trying to run the sample-client but i got the following response:
>********************************************************************************************************************************************
>Waiting for mechanism list from server...
>S: QU5PTllNT1VTIExPR0lOIFBMQUlOIERJR0VTVC1NRDUgT1RQIEdTU0FQSSBDUkFNLU1ENQ==
>recieved 52 byte message
>Forcing use of mechanism GSSAPI
>Choosing best mechanism from: GSSAPI
>lt-sample-client: SASL Other: GSSAPI Error: Miscellaneous failure (Cannot resolv
>e network address for KDC in requested realm)
>error was SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure (Cannot
> resolve network address for KDC in requested realm)
>lt-sample-client: Starting SASL negotiation: generic failure
>****************************************************************************************
>where is the error ? , i hope u can help
>thanks
>Amir Saad
>Software  Engineer
>
>
> 
>
You have to get the ticket for the service you try to contact (the name
of service is defined by -s switch in client/server commandline). The
ticket must exist in the kerberos cache on client host otherwise the
client try to contact KDC to get this ticket. In your case the client
can not do this.  Either Kerberos realm is not configured on client host
or KDC ports are blocked by some sort of firewall.
Hope this helps.
M.Kondrin