Home Forums OS X Server and Client Discussion Open Directory clients can not connect “Additional pre-authentaication required”?

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • September 17, 2009 at 3:04 pm #377180
    kray
    Participant

    I need some help decoding some log messages. I have on open directory master set up within a larger university environment. I am only running AFP, iCal, iChat, Opendirectory, Print, SMB and Web services. I’m relying on the U servers for DNS, etc….

    So far non of my LDAP authenticated users (/LDAPv3/127.0.0.1) can log in from client machines. The clients are bound to the server with directory admin utility on each client.

    I suspect that I suspect that I am missing some set up piece and am overlooking something. Here are the log messages I am getting:

    Kerberos Administration Log:
    Sep 17 09:47:52 truffula.fr.umn.edu kadmin.local[57362](info): No dictionary file specified, continuing without one.

    Kerberos Server Log:
    Sep 17 09:48:15 truffula.fr.umn.edu krb5kdc[106](info): AS_REQ (1 etypes {1}) 128.101.74.131: NEEDED_PREAUTH: [email protected] for krbtgt/[email protected], Additional pre-authentication required
    Sep 17 09:48:15 truffula.fr.umn.edu krb5kdc[106](info): AS_REQ (1 etypes {1}) 128.101.74.131: NEEDED_PREAUTH: [email protected] for krbtgt/[email protected], Additional pre-authentication required
    Sep 17 09:48:15 truffula.fr.umn.edu krb5kdc[106](debug): handling authdata
    Sep 17 09:48:15 truffula.fr.umn.edu krb5kdc[106](debug): handling authdata
    Sep 17 09:48:15 truffula.fr.umn.edu krb5kdc[106](debug): .. .. ok
    Sep 17 09:48:15 truffula.fr.umn.edu krb5kdc[106](debug): .. .. ok
    Sep 17 09:48:15 truffula.fr.umn.edu krb5kdc[106](info): AS_REQ (1 etypes {1}) 128.101.74.131: ISSUE: authtime 1253198895, etypes {rep=1 tkt=16 ses=1}, [email protected] for krbtgt/[email protected]
    Sep 17 09:48:15 truffula.fr.umn.edu krb5kdc[106](info): AS_REQ (1 etypes {1}) 128.101.74.131: ISSUE: authtime 1253198895, etypes {rep=1 tkt=16 ses=1}, [email protected] for krbtgt/[email protected]

    LDAP Log:
    Sep 17 09:48:15 truffula slapd[40]: <= bdb_substring_candidates: (authAuthority) index_param failed (18) Password Service Server Log: Sep 17 2009 09:48:15 RSAVALIDATE: success. Sep 17 2009 09:48:15 AUTH2: {0x47a8e6bb4af01a870000001a0000001a, sbarrott} DIGEST-MD5 authentication succeeded. Sep 17 2009 09:48:15 RSAVALIDATE: success. Sep 17 2009 09:48:15 AUTH2: {0x47a8e6bb4af01a870000001a0000001a, sbarrott} DHX authentication succeeded. Sep 17 2009 09:48:15 KERBEROS-LOGIN-CHECK: user {0x47a8e6bb4af01a870000001a0000001a, sbarrott} is in good standing. Sep 17 2009 09:48:15 KERBEROS-LOGIN-CHECK: user {0x47a8e6bb4af01a870000001a0000001a, sbarrott} authentication succeeded. Sep 17 2009 09:48:15 AUTH2: {0x47a8e6bb4af01a870000001a0000001a, sbarrott} DIGEST-MD5 authentication succeeded. ANy help would be much appreciated.

    September 29, 2009 at 12:16 am #377254
    arekdreyer
    Member

    The “no dictionary file specified” and pre-authentication notices are expected.
    It looks like sbarrott authenticated successfully against the password server, and the KDC ISSUEd a ticket.

    I’d suspect home folder automounts?

    What happens if you log in with “>console”
    http://www.macosxhints.com/article.php?story=20020318020806482

    October 1, 2009 at 6:20 pm #377272
    kray
    Participant

    I can’t seem to figure out the “log in with console” thing. The only thing I can find in preferences is under WGM Preferences -> Login, you have to add computer and then under options, there is a check box for “Enable console login”

    I tried setting up a client computer with it’s MAC address, then under “items” checked “Add network home share point”, under options enabled “console login” as Always. I also double checked in Server Admin and made sure that the network user’s home directory was set up as a share point. And yes the client is bound to the server through directory utility.

    I just don’t get why this seems so bloody complicated.

    October 8, 2009 at 4:28 pm #377314
    arekdreyer
    Member

    See pages 55-56 of “Mac OS X Directory Services v10.5” from Peachpit.

    If your login window shows username and password fields, type “>console” as the username and click Login.

    Then you have a black screen with a simple login prompt.

    If your login window shows a list of users rather than the username/password fields, you can try pressing any arrow key, followed by Option-Return.

    Or click “Other” to get to the username and password fields.

    October 8, 2009 at 8:55 pm #377319
    kray
    Participant

    Ok… got the unix style login on a “bound” client. I typed in the username and password for a network user on the server. I got the message: “no home direcory “Network/Servers/truffula.fr.umn.edu/disk1/home1/username

    I double checked WGM on the server and confirmed that the path to the home directory was in the “Full Path” box. Double double checking there is a home, with the standard folders in /Volumes/disk1/home1/username….

    You are right about a problem with the netowork home, but I am puzzled because it appears to be there.

  • Author
    Posts
Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.