Troubleshooting Kerberos Related Products
Troubleshooting Using the pamkrbval Tool
Table | Error Messages that Appear During keytab Validation | |||
|
|
| ||
Error/Warning Messages | Reason for Message | Troubleshooting | ||
|
|
| ||
[WARNING] : Key incorrect | There is a key mismatch | Get the new keytab entry with | ||
[WARNING] : The keytab | between the client and | the correct key from the | ||
the server. | Kerberos server. | |||
entry for the host service | ||||
|
| |||
principal |
|
|
| |
host/example.com@EXAMPLE.C |
|
| ||
OM is invalid |
|
|
| |
[FAIL] : The keytab |
|
| ||
validation Failed |
|
| ||
|
|
| ||
/pamkrbval: Cannot contact | The KDC is not | Check that the KDC daemons | ||
any KDC for requested | accessible. | are running. | ||
realm while getting TGT |
|
| ||
[FAIL]: The keytab |
|
| ||
validation failed |
|
| ||
|
|
| ||
[LOG] : The keytab entry | The keytab entry for the | • You must create the | ||
for |
| host service principal is | keytab entry on the | |
host/cherry.example.com is | not available. | Kerberos server and | ||
not found in keytab file |
| extract this keytab entry | ||
/etc/krb5.keytab |
|
| on your system. | |
[FAIL]: The keytab |
| • Regenerate the keytab file | ||
validation failed |
| |||
|
|
| in the CIFS environment | |
|
|
| and check that the service | |
|
|
| key for host/fqdn is | |
|
|
| present in the file. | |
|
|
| Execute the following | |
|
|
| command to regenerate | |
|
|
| the keytab file: | |
|
|
| net ads keytab create | |
|
|
| administrator | |
|
|
|
| |
Chapter 4 | 101 |