# Unable to set a functional mit krb5 server



## alamahant (Mar 6, 2020)

Hi Guys,
I am trying to configure my freeBSD for as a network authentication provider.
Thus I successfully configured Bind Dns and openldap..
Everything works nicely.
However I have bumped onto kerberos.
Now I installed the krb5 package,initialized the db with


```
kdb5_util create -s -r <MY.REALM>
```
I created root/admin,root,host and nfs principals,decativated the kinit and kadmin binaries in /usr/bin so as to use the krb5 binaries in /usr/local/bin however kadmin and kinit complain that:

```
Authenticating as principal root/admin@DHARMA.MAYA with password.
kadmin: Client 'root/admin@DHARMA.MAYA' not found in Kerberos database while initializing kadmin interface
```
However the principals ARE created in the db...
Here is my krb5.conf:

```
[libdefaults]
       default_realm = DHARMA.MAYA
       kdc_timesync = 1
       ccache_type = 4
       forwardable = true
       proxiable = true
       dns_lookup_realm = false
       ticket_lifetime = 24h
       renew_lifetime = 7d
       forwardable = true
       rdns = false
       pkinit_anchors = /usr/local/share/certs/ca-root-nss.crt
#       default_ccache_name = KEYRING:persistent:%{uid}

       fcc-mit-ticketflags = true

[realms]
        DHARMA.MAYA = {
                kdc = free.dharma.maya
                admin_server = free.dharma.maya
        }
[domain_realm]
        .dharma.maya = DHARMA.MAYA
        dharma.maya = DHARMA.MAYA
```

and my kdc.conf:

```
[kdcdefaults]
    kdc_listen = 88
    kdc_tcp_listen = 88

[realms]
    DHARMA.MAYA = {
        database_name = /usr/local/var/krb5kdc/principal
        acl_file = /usr/local/var/krb5kdc/kadm5.acl
         key_stash_file = /usr/local/var/krb5kdc/.k5.DHARMA.MAYA
        kdc_listen = 88
        kdc_tcp_listen = 88
        max_life = 10h 0m 0s
        max_renewable_life = 7d 0h 0m 0s
    }
```
my /usr/local/var/krb5kdc  directrory:

```
[root@free /usr/local/var/krb5kdc]# ls 
.k5.DHARMA.MAYA      kdc.conf             principal.kadm5      principal.ok
kadm5.acl            principal            principal.kadm5.lock
```

and my created principals:

```
[root@free /usr/local/var/krb5kdc]# kadmin.local listprincs
K/M@DHARMA.MAYA
dharma@DHARMA.MAYA
host/free.dharma.maya@DHARMA.MAYA
kadmin/admin@DHARMA.MAYA
kadmin/changepw@DHARMA.MAYA
kadmin/free.dharma.maya@DHARMA.MAYA
kiprop/free.dharma.maya@DHARMA.MAYA
krbtgt/DHARMA.MAYA@DHARMA.MAYA
nfs/free.dharma.maya@DHARMA.MAYA
root/admin@DHARMA.MAYA
root@DHARMA.MAYA
```
Dns is working perfectly and my hostname "free.dharma.maya" IS resolvable.
HOWEVER both /usr/local/bin/kadmin and /usr/local/bin/kinit COMPLAIN that they cant find the principals...
Any help would be greatly appreciated.
Thanks for your kind attention


----------

