Gilberto Mautner
2009-May-13 19:26 UTC
[Ovirt-devel] Cannot contact any KDC for requested realm
Hello, I'm trying to follow the appliance installation guide at http://ovirt.org/build-instructions.html I was successful until installing the appliance, it's running OK. Now I'm not being able to make the physical host funcion as a managed node. I ran the ovirt-install-node-stateful script and, after restarting libvirtd, libvird-qpidd etc. I repeatedly get the same message in /var/ log/messages: May 13 16:19:54 physical libvirt-qpid: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Cannot contact any KDC for requested realm) It is true that, as the physical server was configured *before* installing the appliance and everything else, the original domain name configuration was different. Anyway, the ovirt-install-node-stateful updated the necessary DNS configuration, but it seems that some Kerberos-related stuff was left behind. As I'm not a Kerberos expert :-), any help will be greatly appreciated. Thanks Gilberto
Gilberto Mautner wrote:> Hello, > > I'm trying to follow the appliance installation guide at > http://ovirt.org/build-instructions.html > > I was successful until installing the appliance, it's running OK. > > Now I'm not being able to make the physical host funcion as a managed > node. > > I ran the ovirt-install-node-stateful script and, after restarting > libvirtd, libvird-qpidd etc. I repeatedly get the same message in > /var/log/messages: > > May 13 16:19:54 physical libvirt-qpid: GSSAPI Error: Unspecified GSS > failure. Minor code may provide more information (Cannot contact any > KDC for requested realm) > > It is true that, as the physical server was configured *before* > installing the appliance and everything else, the original domain name > configuration was different. Anyway, the ovirt-install-node-stateful > updated the necessary DNS configuration, but it seems that some > Kerberos-related stuff was left behind. > > As I'm not a Kerberos expert :-), any help will be greatly appreciated. > > Thanks > > Gilberto > > _______________________________________________ > Ovirt-devel mailing list > Ovirt-devel at redhat.com > https://www.redhat.com/mailman/listinfo/ovirt-develGilberto, What are you using for your dns on the managed node? You will need the following SRV records present to direct the node to the right servers: If using dnsmasq the config looks similiar to: srv-host=_ovirt._tcp,management.ovirt.priv,80 srv-host=_ipa._tcp,management.ovirt.priv,80 srv-host=_ldap._tcp,management.ovirt.priv,389 srv-host=_collectd._tcp,management.ovirt.priv,25826 srv-host=_qpidd._tcp,management.ovirt.priv,5672 srv-host=_identify._tcp,management.ovirt.priv,12120 The _ipa._tcp entry will point your node to the location for the krb5.conf and necessary keytabs. A quick test on the node will let you know if it works correctly: dig +short -t srv _ipa._tcp.ovirt.priv replace with your domain. Joey