Support Questions

Find answers, ask questions, and share your expertise

Kinit :Cannot find KDC for realm "EXAMPLE.COM"


First time i use EXAMPLE.COM as default KDC princple;

Install and Test Kerberos Client in

Enable Kerberos Wizard is ok

when i change it to MY.COM,it goes wrong at "

Test Kerberos Client", the fllowing is error details

stderr: /var/lib/ambari-agent/data/errors-2221.txt

Traceback (most recent call last):
  File "/var/lib/ambari-agent/cache/common-services/KERBEROS/1.10.3-10/package/scripts/", line 81, in <module>
  File "/usr/lib/python2.6/site-packages/resource_management/libraries/script/", line 280, in execute
  File "/var/lib/ambari-agent/cache/common-services/KERBEROS/1.10.3-10/package/scripts/", line 64, in service_check
  File "/usr/lib/python2.6/site-packages/resource_management/core/", line 155, in __init__
  File "/usr/lib/python2.6/site-packages/resource_management/core/", line 160, in run
    self.run_action(resource, action)
  File "/usr/lib/python2.6/site-packages/resource_management/core/", line 124, in run_action
  File "/usr/lib/python2.6/site-packages/resource_management/core/providers/", line 273, in action_run
    tries=self.resource.tries, try_sleep=self.resource.try_sleep)
  File "/usr/lib/python2.6/site-packages/resource_management/core/", line 70, in inner
    result = function(command, **kwargs)
  File "/usr/lib/python2.6/site-packages/resource_management/core/", line 92, in checked_call
    tries=tries, try_sleep=try_sleep)
  File "/usr/lib/python2.6/site-packages/resource_management/core/", line 140, in _call_wrapper
    result = _call(command, **kwargs_copy)
  File "/usr/lib/python2.6/site-packages/resource_management/core/", line 293, in _call
    raise ExecutionFailed(err_msg, code, out, err)
resource_management.core.exceptions.ExecutionFailed: Execution of '/usr/bin/kinit -c /var/lib/ambari-agent/tmp/kerberos_service_check_cc_7189cb12a737530410cb3eaec88c4e01 -kt /etc/security/keytabs/kerberos.service_check.032117.keytab hadoop-032117@EXAMPLE.COM' returned 1. kinit: Cannot find KDC for realm "EXAMPLE.COM" while getting initial credentials

stdout: /var/lib/ambari-agent/data/output-2221.txt

Performing kinit using hadoop-032117@EXAMPLE.COM
2017-03-21 14:56:15,166 - Execute['/usr/bin/kinit -c /var/lib/ambari-agent/tmp/kerberos_service_check_cc_7189cb12a737530410cb3eaec88c4e01 -kt /etc/security/keytabs/kerberos.service_check.032117.keytab hadoop-032117@EXAMPLE.COM'] {'user': 'ambari-qa'}
2017-03-21 14:56:15,231 - File['/var/lib/ambari-agent/tmp/kerberos_service_check_cc_7189cb12a737530410cb3eaec88c4e01'] {'action': ['delete']}

Command failed after 1 tries


Super Mentor

@Elvis Zhang

Please check your "krb5.conf" file if it is pointing the correct KDC host & Realm? The default on you can find in "/etc/krb5.conf" on the hosts.

Also as you mentioned that you changed the realm name , so after that did you regenerate the keytabs?

Ambari UI --> Admin (Tab) --> Kerberos --> "Regenerate Keytabs"

Else the existing keytabs might be having old references. Still if it does not work then "Disable and then Enable" Kerberos should take care of this. But i guess regenerating keytabs should be ok.


Kerberos didn't sucess, there no "Regenerate Keytabs". i don't know how to regenrate hte keytabs?

Super Mentor

@Elvis Zhang

If it is fresh cluster then "Disable Kerberos" and "Enable Kerberos" should be of. Do you see those buttons present ? If those are also not present then it means that the kerberos installation is not yes completed to finalize stage. In that case you can close the current kerberos wizard (if it is already opened and then try enabling kerberos freshly)


yes i checked "/etc/krb5.conf", again ,nothing wrong ,from error text ,it means "*.keytabs" file used old "EXAMPLE.COM", I don't know how to update or rebuild the keytabs?


when i delete file


another error occured like this:

stderr: /var/lib/ambari-agent/data/errors-2362.txt

Traceback (most recent call last):
  File "/var/lib/ambari-agent/cache/common-services/KERBEROS/1.10.3-10/package/scripts/", line 81, in <module>
  File "/usr/lib/python2.6/site-packages/resource_management/libraries/script/", line 280, in execute
  File "/var/lib/ambari-agent/cache/common-services/KERBEROS/1.10.3-10/package/scripts/", line 72, in service_check
    raise Fail(err_msg)
resource_management.core.exceptions.Fail: Failed to execute kinit test due to principal or keytab not found or available

stdout: /var/lib/ambari-agent/data/output-2362.txt

Command failed after 1 tries