terraform-provider-dns icon indicating copy to clipboard operation
terraform-provider-dns copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Error negotiating GSS context: configuration file could not be opened: open : no such file or directory

Open getSurreal opened this issue 3 years ago • 8 comments

Is there a required system library to get GSSAPI working from linux (ubuntu). I'm able to create a DNS record on Microsoft DNS from a windows box, but not from linux.

Error updating DNS record: Error negotiating GSS context: configuration file could not be opened: open : no such file or directory

I've attempted installing several GSS and Kerberos packages, but with no change.

terraform 0.13.5

getSurreal avatar Mar 05 '21 21:03 getSurreal

After installing krb5-config I've gotten past the "no such file or directory" error. But now there are some additional KDC errors. Is the system required to be a member of the domain in order to make updates to the AD DNS?

getSurreal avatar Mar 05 '21 22:03 getSurreal

@getSurreal you need to export KRB5_CONFIG pointing to your kerberos config Your config file should be similar to:

[libdefaults]
  default_realm = MYCOMPANY.COM

[realms]
MYCOMPANY.COM = {
  kdc = dc1.mycompany.com
  kdc = dc2.mycompany.com
}

alexpekurovsky avatar Apr 04 '21 07:04 alexpekurovsky

@alexpekurovsky Thanks, this fixes the problem!!

OS: Mac OS X already joined to AD domain.

ioagel avatar May 21 '21 09:05 ioagel

@getSurreal Does https://github.com/hashicorp/terraform-provider-dns/issues/128#issuecomment-812988490 solve your issue?

kmoe avatar Jul 19 '21 17:07 kmoe

Just ran into this and it would be great if the KRB5_CONFIG was auto-generated by the provider somehow. If anything it should be documented somewhere. (If it already is I apologize, I must have missed it.)

mcmcghee avatar Jul 27 '21 15:07 mcmcghee

@getSurreal you need to export KRB5_CONFIG pointing to your kerberos config Your config file should be similar to:

[libdefaults]
  default_realm = MYCOMPANY.COM

[realms]
MYCOMPANY.COM = {
  kdc = dc1.mycompany.com
  kdc = dc2.mycompany.com
}

After adding this and adding an export everything works. No need to install any other packages. Using Gitlab and the Terraform docker image in CI/CD.

Thanks for the assist!

This issue can probably be closed.

mcbrineellis avatar Aug 09 '22 07:08 mcbrineellis

I would not close that, because that provider requires some additional configuration outside the terraform process, without ability to do it inside provider configuration. It would be great if provider generate that file and export as @mcmcghee mentioned.

pavel-khritonenko avatar Sep 22 '22 08:09 pavel-khritonenko

I am running into this same issue, running from my windows machine, do I need to install a krb5 package or something? I have the krb5.conf file and the system env variable (KRB5_CONFIG) set to its path.
Also, is it possible to get the proper krb5.conf file from the dns server or does this have to be built by hand? @getSurreal what was the setup on a windows box to make this work?

jmyers82 avatar Feb 06 '23 18:02 jmyers82