[Ovirt-devel] Cannot contact any KDC for requested realm

[Joey Boggs]

Gilberto Mautner wrote:
> Hello,
>
> I'm trying to follow the appliance installation guide at 
> http://ovirt.org/build-instructions.html
>
> I was successful until installing the appliance, it's running OK.
>
> Now I'm not being able to make the physical host funcion as a managed 
> node.
>
> I ran the ovirt-install-node-stateful script and, after restarting 
> libvirtd, libvird-qpidd etc. I repeatedly get the same message in 
> /var/log/messages:
>
> May 13 16:19:54 physical libvirt-qpid: GSSAPI Error: Unspecified GSS 
> failure.  Minor code may provide more information (Cannot contact any 
> KDC for requested realm)
>
> It is true that, as the physical server was configured *before* 
> installing the appliance and everything else, the original domain name 
> configuration was different. Anyway, the ovirt-install-node-stateful 
> updated the necessary DNS configuration, but it seems that some 
> Kerberos-related stuff was left behind.
>
> As I'm not a Kerberos expert :-), any help will be greatly appreciated.
>
> Thanks
>
> Gilberto
>
> _______________________________________________
> Ovirt-devel mailing list
> Ovirt-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/ovirt-devel
Gilberto,

What are you using for your dns on the managed node?

You will need the following SRV records present to direct the node to 
the right servers: 

If using dnsmasq the config looks similiar to:

srv-host=_ovirt._tcp,management.ovirt.priv,80
srv-host=_ipa._tcp,management.ovirt.priv,80
srv-host=_ldap._tcp,management.ovirt.priv,389
srv-host=_collectd._tcp,management.ovirt.priv,25826
srv-host=_qpidd._tcp,management.ovirt.priv,5672
srv-host=_identify._tcp,management.ovirt.priv,12120


The _ipa._tcp entry will point your node to the location for the 
krb5.conf and necessary keytabs. A quick test on the node will let you 
know if it works correctly:  dig +short -t srv _ipa._tcp.ovirt.priv  
replace with your domain.

Joey