I am installing Kerberos5-1.12.1 on ubuntu machine with these instructions.

Whenever i am trying to do :

kinit user1

I am facing an error:

kinit: Cannot contact any KDC for realm 'UBUNTU' while getting initial credentials

Below are my krb5.conf and kdc.conf files:


        default_realm = UBUNTU

# The following krb5.conf variables are only for MIT Kerberos.
        krb4_config = /etc/krb.conf
        krb4_realms = /etc/krb.realms
        kdc_timesync = 1
        ccache_type = 4
        forwardable = true
        proxiable = true

# The following encryption type specification will be used by MIT Kerberos
# if uncommented.  In general, the defaults in the MIT Kerberos code are
# correct and overriding these specifications only serves to disable new
# encryption types as they are added, creating interoperability problems.
# Thie only time when you might need to uncomment these lines and change
# the enctypes is if you have local software that will break on ticket
# caches containing ticket encryption types it doesn't know about (such as
# old versions of Sun Java).

#       default_tgs_enctypes = des3-hmac-sha1
#       default_tkt_enctypes = des3-hmac-sha1
#       permitted_enctypes = des3-hmac-sha1

# The following libdefaults parameters are only for Heimdal Kerberos.
        v4_instance_resolve = false
        v4_name_convert = {
                host = {
                        rcmd = host
                        ftp = ftp
                plain = {
                        something = something-else
        fcc-mit-ticketflags = true
        UBUNTU = {
                kdc =
                admin_server =
        ATHENA.MIT.EDU = {
                kdc = kerberos.mit.edu:88
                kdc = kerberos-1.mit.edu:88
                kdc = kerberos-2.mit.edu:88
                admin_server = kerberos.mit.edu
                default_domain = mit.edu
        MEDIA-LAB.MIT.EDU = {
                kdc = kerberos.media.mit.edu
                admin_server = kerberos.media.mit.edu
        ZONE.MIT.EDU = {
                kdc = casio.mit.edu
                kdc = seiko.mit.edu
                admin_server = casio.mit.edu
       MOOF.MIT.EDU = {
                kdc = three-headed-dogcow.mit.edu:88
                kdc = three-headed-dogcow-1.mit.edu:88
                admin_server = three-headed-dogcow.mit.edu
        CSAIL.MIT.EDU = {
                kdc = kerberos-1.csail.mit.edu
                kdc = kerberos-2.csail.mit.edu
                admin_server = kerberos.csail.mit.edu
                default_domain = csail.mit.edu
                krb524_server = krb524.csail.mit.edu
        IHTFP.ORG = {
                kdc = kerberos.ihtfp.org
                admin_server = kerberos.ihtfp.org
        GNU.ORG = {
                kdc = kerberos.gnu.org
                kdc = kerberos-2.gnu.org
                kdc = kerberos-3.gnu.org
                admin_server = kerberos.gnu.org
        1TS.ORG = {
                kdc = kerberos.1ts.org
                admin_server = kerberos.1ts.org
        GRATUITOUS.ORG = {
                kdc = kerberos.gratuitous.org
                admin_server = kerberos.gratuitous.org
        DOOMCOM.ORG = {
                kdc = kerberos.doomcom.org
                admin_server = kerberos.doomcom.org
        ANDREW.CMU.EDU = {
                kdc = vice28.fs.andrew.cmu.edu
                kdc = vice2.fs.andrew.cmu.edu
                kdc = vice11.fs.andrew.cmu.edu
                kdc = vice12.fs.andrew.cmu.edu
                admin_server = vice28.fs.andrew.cmu.edu
                default_domain = andrew.cmu.edu
        CS.CMU.EDU = {
                kdc = kerberos.cs.cmu.edu
                kdc = kerberos-2.srv.cs.cmu.edu
                admin_server = kerberos.cs.cmu.edu
        DEMENTIA.ORG = {
                kdc = kerberos.dementia.org
                kdc = kerberos2.dementia.org
                admin_server = kerberos.dementia.org
        stanford.edu = {
                kdc = krb5auth1.stanford.edu
                kdc = krb5auth2.stanford.edu
                kdc = krb5auth3.stanford.edu
                master_kdc = krb5auth1.stanford.edu
                admin_server = krb5-admin.stanford.edu
                default_domain = stanford.edu
        .mit.edu = ATHENA.MIT.EDU
        mit.edu = ATHENA.MIT.EDU
        .media.mit.edu = MEDIA-LAB.MIT.EDU
        media.mit.edu = MEDIA-LAB.MIT.EDU
        .csail.mit.edu = CSAIL.MIT.EDU
        csail.mit.edu = CSAIL.MIT.EDU
        .whoi.edu = ATHENA.MIT.EDU
        whoi.edu = ATHENA.MIT.EDU
        .stanford.edu = stanford.edu
        .slac.stanford.edu = SLAC.STANFORD.EDU
        .ubuntu = UBUNTU
         ubuntu = UBUNTU

        krb5_convert = true
        krb5_get_tickets = false
        kdc = FILE:/var/log/kerberos/krb5kdc.log
       admin_server = FILE:/var/log/kerberos/kadmin.log
        default = FILE:/var/log/kerberos/krb5lib.log


    kdc_ports = 88

    UBUNTU = {
             kadmind_port = 749
             max_life = 12h 0m 0s
             max_renewable_life = 7d 0h 0m 0s
             master_key_type = des3-hmac-sha1
             supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal des-cbc-crc:v4

         kdc = FILE:/usr/local/var/krb5kdc/kdc.log
         admin_server = FILE:/usr/local/var/krb5kdc/kadmin.log

Is there anything wrong with my configuration files?? If not could anyone please tell me why i am getting this error??

Thanks in Advance...

a coder
  • 719
  • 4
  • 20
  • 37
  • 59
  • 1
  • 1
  • 2
  • 2
    Obvious question: can you reach the relevant ports of the KDC server from your client machine? [88/tcp and 749/tcp](http://web.mit.edu/kerberos/krb5-1.5/krb5-1.5.4/doc/krb5-install/Ports-for-the-KDC-and-Admin-Services.html) – dawud Jul 16 '14 at 08:07

7 Answers7

        .UBUNTU = UBUNTU
         UBUNTU = UBUNTU

keep a register

Alex Real
  • 54
  • 3

Although this is a 2 years old question, I am putting an answer for it, for I had similar problem.

LX-141(root)# root/greg>net ads join -S W12R2-C17.jamie_ad1.net -U Administrator%pwd
kerberos_kinit_password Administrator@JAMIE_AD1.NET failed: Cannot contact any KDC for requested realm
Failed to join domain: failed to connect to AD: Cannot contact any KDC for requested realm

In my case, the result was to re-start the "Kerberos Key Distribution Center" service on the Windows machine, which either was stopped manually by someone or it crashed.

That can be exactly the same issue on the Linux side - unresponsive KDC server.

I hope it will help someone in future.

  • 7,355
  • 16
  • 54
  • 72
  • 131
  • 1
  • 5

If you installed krb5-{admin-server,kdc} properly (apt-get install), then your kdc.conf should be at /etc/krb5kdc/kdc.conf

Also, use better enctypes. It's not the 90's anymore.

  • 12,698
  • 6
  • 43
  • 75

solution: Restart the Named services then working properly because that problem not communicate so restart the named services.

  • 1,159
  • 34
  • 15
  • 19

i know it been long this issue posted but i would like to add my solution

make sure you added a host name in etc/hosts same as the kdc name

hope this will help someone thanks.

  • 1

In /etc/samba/smb.conf check that set:
client use spnego = yes

  • 107
  • 2

change like this

    UBUNTU = {
            kdc = UBUNTU
            admin_server = UBUNTU
  • 1