Error negotiating GSS context: configuration file could not be opened: open : no such file or directory

hashicorp / terraform-provider-dns

Utility provider that supports DNS updates (RFC 2136) and can optionally be configured with secret key based transaction authentication (RFC 2845).

https://registry.terraform.io/providers/hashicorp/dns/latest

Mozilla Public License 2.0

112 stars 71 forks source link

Error negotiating GSS context: configuration file could not be opened: open : no such file or directory #128

Open getSurreal opened 3 years ago

getSurreal commented 3 years ago

Is there a required system library to get GSSAPI working from linux (ubuntu). I'm able to create a DNS record on Microsoft DNS from a windows box, but not from linux.

Error updating DNS record: Error negotiating GSS context: configuration file could not be opened: open : no such file or directory

I've attempted installing several GSS and Kerberos packages, but with no change.

terraform 0.13.5

getSurreal commented 3 years ago

After installing krb5-config I've gotten past the "no such file or directory" error. But now there are some additional KDC errors. Is the system required to be a member of the domain in order to make updates to the AD DNS?

alexpekurovsky commented 3 years ago

@getSurreal you need to export KRB5_CONFIG pointing to your kerberos config Your config file should be similar to:

[libdefaults]
  default_realm = MYCOMPANY.COM

[realms]
MYCOMPANY.COM = {
  kdc = dc1.mycompany.com
  kdc = dc2.mycompany.com
}

ioagel commented 3 years ago

@alexpekurovsky Thanks, this fixes the problem!!

OS: Mac OS X already joined to AD domain.

kmoe commented 3 years ago

@getSurreal Does https://github.com/hashicorp/terraform-provider-dns/issues/128#issuecomment-812988490 solve your issue?

mcmcghee commented 3 years ago

Just ran into this and it would be great if the KRB5_CONFIG was auto-generated by the provider somehow. If anything it should be documented somewhere. (If it already is I apologize, I must have missed it.)

mcbrineellis commented 2 years ago

@getSurreal you need to export KRB5_CONFIG pointing to your kerberos config Your config file should be similar to:
[libdefaults]
  default_realm = MYCOMPANY.COM

[realms]
MYCOMPANY.COM = {
  kdc = dc1.mycompany.com
  kdc = dc2.mycompany.com
}

After adding this and adding an export everything works. No need to install any other packages. Using Gitlab and the Terraform docker image in CI/CD.

Thanks for the assist!

This issue can probably be closed.

pavel-khritonenko commented 2 years ago

I would not close that, because that provider requires some additional configuration outside the terraform process, without ability to do it inside provider configuration. It would be great if provider generate that file and export as @mcmcghee mentioned.

jmyers82 commented 1 year ago

I am running into this same issue, running from my windows machine, do I need to install a krb5 package or something? I have the krb5.conf file and the system env variable (KRB5_CONFIG) set to its path.
Also, is it possible to get the proper krb5.conf file from the dns server or does this have to be built by hand? @getSurreal what was the setup on a windows box to make this work?