(I posted this here before, but was asked to move it to an own topic, because of the different underlying conditions.)
We have a similar problem. Sorry if this is the wrong place for our problem, but maybe the problems are related. Our domain consists of four UCS systems:
All of them are showing
Die folgenden KDCs waren nicht erreichbar: tcp ucs-*.foo.bar:88
So ucs-master show
ucs-slave.foo.bar:88 and so on.
host -t srv _kerberos._tcp.$(ucr get domainname) shows all of them on all systems.
kinit --password-file=/etc/machine.secret $(hostname)\$@$(ucr get kerberos/realm) seems to work on all systems, at least
klist shows issued tickets afterwards.
echo -ne "server $(ucr get ldap/master)\nprereq yxdomain $(hostname -f)\nsend\n" | nsupdate -d -g -t15 also looks like it works correctly.
When I run
tcpdump -i eth0 tcp port 88 and run system diagnostics again, it shows connections to all systems except the one where I’m running it, for which it reports KDC unreachable. When I run
tcpdump -i lo tcp port 88 it shows connections to localhost. Any idea?
Edit: I just solved my problem by adding
ucs-slave ucs-slave.foo.bar to the /etc/hosts using:
ucr set hosts/static/127.0.0.1="localhost ucs-slave ucs-slave.foo.bar"
/etc/hosts before the change:
127.0.0.1 localhost 192.168.1.2 ucs-slave.foo.bar ucs-slave 127.0.1.1 ucs-slave.foo.bar ucs-slave ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters
I don’t fully understand why it works now, though.