Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error negotiating GSS context: configuration file could not be opened: open : no such file or directory #128

Open
getSurreal opened this issue Mar 5, 2021 · 8 comments
Open

Error negotiating GSS context: configuration file could not be opened: open : no such file or directory #128

getSurreal opened this issue Mar 5, 2021 · 8 comments

Comments

@getSurreal
Copy link

Is there a required system library to get GSSAPI working from linux (ubuntu). I'm able to create a DNS record on Microsoft DNS from a windows box, but not from linux.

Error updating DNS record: Error negotiating GSS context: configuration file could not be opened: open : no such file or directory

I've attempted installing several GSS and Kerberos packages, but with no change.

terraform 0.13.5
@getSurreal
Copy link
Author

After installing krb5-config I've gotten past the "no such file or directory" error. But now there are some additional KDC errors. Is the system required to be a member of the domain in order to make updates to the AD DNS?

@alexpekurovsky
Copy link

@getSurreal you need to export KRB5_CONFIG pointing to your kerberos config
Your config file should be similar to:

[libdefaults]
  default_realm = MYCOMPANY.COM

[realms]
MYCOMPANY.COM = {
  kdc = dc1.mycompany.com
  kdc = dc2.mycompany.com
}

@kmoe kmoe added the waiting-response Issues or pull requests waiting for an external response label Apr 8, 2021
@ioagel
Copy link

ioagel commented May 21, 2021
edited
Loading

@alexpekurovsky Thanks, this fixes the problem!!

OS: Mac OS X already joined to AD domain.

@ghost ghost removed the waiting-response Issues or pull requests waiting for an external response label May 21, 2021
@kmoe
Copy link
Member

kmoe commented Jul 19, 2021

@getSurreal Does #128 (comment) solve your issue?

@kmoe kmoe added the waiting-response Issues or pull requests waiting for an external response label Jul 19, 2021
@mcmcghee
Copy link

Just ran into this and it would be great if the KRB5_CONFIG was auto-generated by the provider somehow. If anything it should be documented somewhere. (If it already is I apologize, I must have missed it.)

@github-actions github-actions bot removed the waiting-response Issues or pull requests waiting for an external response label Oct 27, 2021
@mcbrineellis
Copy link

mcbrineellis commented Aug 9, 2022
edited
Loading

@getSurreal you need to export KRB5_CONFIG pointing to your kerberos config Your config file should be similar to:

[libdefaults]
  default_realm = MYCOMPANY.COM

[realms]
MYCOMPANY.COM = {
  kdc = dc1.mycompany.com
  kdc = dc2.mycompany.com
}

After adding this and adding an export everything works. No need to install any other packages.
Using Gitlab and the Terraform docker image in CI/CD.

Thanks for the assist!

This issue can probably be closed.

@pavel-khritonenko
Copy link

I would not close that, because that provider requires some additional configuration outside the terraform process, without ability to do it inside provider configuration. It would be great if provider generate that file and export as @mcmcghee mentioned.

@jmyers82
Copy link

jmyers82 commented Feb 6, 2023
edited
Loading

I am running into this same issue, running from my windows machine, do I need to install a krb5 package or something? I have the krb5.conf file and the system env variable (KRB5_CONFIG) set to its path.
Also, is it possible to get the proper krb5.conf file from the dns server or does this have to be built by hand?
@getSurreal what was the setup on a windows box to make this work?

This was referenced Feb 8, 2023
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@getSurreal @ioagel @pavel-khritonenko @kmoe @mcmcghee @alexpekurovsky @mcbrineellis @jmyers82