sun.com   |  docs.sun.com
How To Buy  |  My Sun  |  Worldwide Sites
         
 
Sun Microsystems Logo
 Products and Services
 		 Support and Training
 
 
System Administration Guide: Security Services >> 16.  SEAM Error Messages and Troubleshooting >> SEAM Error Messages >> Common SEAM Error Messages (N-Z) 

Previous Previous     Contents     Index     Next Next

 

Ticket is ineligible for postdating

Cause: The principal does not allow its tickets to be postdated.

Solution: Modify the principal with kadmin to allow postdating.

 

Ticket not yet valid

Cause: The postdated ticket is not valid yet.

Solution: Create new tickets with the correct date, or wait until the current tickets are valid.

 

Truncated input file detected

Cause: The database dump file that was being used in the operation is not a complete dump file.

Solution: Create the dump file again, or use a different database dump file.

 

Wrong principal in request

Cause: There was an invalid principal name in the ticket. This error might indicate a DNS or FQDN problem.

Solution: Make sure that the principal of the service matches the principal in the ticket.

SEAM Troubleshooting

This section provides troubleshooting information for the SEAM software.

Problems Mounting a Kerberized NFS File System

  • If mounting a Kerberized NFS file system fails, make sure that the /var/tmp/rc_nfs file exists on the NFS server. If the file system is not owned by root, remove it and try the mount again.

  • If you have a problem accessing a Kerberized NFS file system, make sure that there is an entry for gssd in the inetd.conf file on your system and the NFS server.

  • If you see either the invalid argument or bad directory error message when you are trying to access a Kerberized NFS file system, the problem might be that you are not using a fully-qualified DNS name when you are trying to mount the NFS file system. The host that is being mounted is not the same as the host name part of the service principal in the server's keytab file.

    This problem might also occur if your server has multiple Ethernet interfaces, and you have set up DNS to use a "name per interface" scheme instead of a "multiple address records per host" scheme. For SEAM, you should set up multiple address records per host as follows [Ken Hornstein, "Kerberos FAQ," [http://www.nrl.navy.mil/CCS/people./kenh/kerberos-faq.html], accessed 11 December 1998.]:

    my.host.name.   A       1.2.3.4
                A       1.2.4.4
                A       1.2.5.4

my-en0.host.name.       A       1.2.3.4
my-en1.host.name.       A       1.2.4.4
my-en2.host.name.       A       1.2.5.4

4.3.2.1         PTR     my.host.name.
4.4.2.1         PTR     my.host.name.
4.5.2.1         PTR     my.host.name.

In this example, the setup allows one reference to the different interfaces and allows a single service principal instead of three service principals in the server's keytab file.

Problems Authenticating as root

If authentication fails when you try to become superuser on your system and you have already added the root principal to your host's keytab file, there are two potential problems to check. First, make sure that the root principal in the keytab file has a fully-qualified name as its instance. If it does, check the /etc/resolv.conf file to make sure that the system is correctly set up as a DNS client.

Previous Previous     Contents     Index     Next Next
 
Copyright 1994-2003 Sun Microsystems