Disable KDC on Leopard OD Master? (AD/OD Magic Triangle)

[dds]

I have a “Magic Triangle” OD server running 10.5.1. It is an OD master and it is also bound to AD 2003 domain/realm too. I use AD for authentication and OD for Mac computer policy management (MCX)

How do I disable the local OD KDC before I bind the OD server to AD? I understand the process on Tiger Server, but I have heard that Leopard server is different.

To the best of my knowledge, this is the steps for Tiger:

1 Create OD Master
2 Disable KDC on newly created OD master
A sso_util remove -k -a -p -r (Question: is the “-r ” needed? If so whats the name of the realm?)
B dscl -u /LDAPv3/127.0.0.1 -delete /Config/KerberosKDC (Question: I don’t see this in my path – it doesnt exist – is this right?)
C dscl -u /LDAPv3/127.0.0.1 -delete /Config/KerberosClient (Question: I don’t see this in my path – it doesnt exist – is this right?)

3) Verify:
A klist -kt (Question: What should I see or what should I not see here? See my example below)
B cat /library/Preferences/edu.mit.kerberos (What should I expect to see or not see here?)
C Check Server Admin OD settings – Kerberos is: Stopped”

4) Bind to Active Directory:

5) Verify again to be safe:
A klist -kt (What should I see or what should I not see here?)
B cat /library/Preferences/edu.mit.kerberos (What should I expect to see or not see here?)
C Check Server Admin OD settings – “Kerberos is: Stopped”

Here is what I see with the klist-kt command (to me it looks like I have 2 conflicting realms here!) Am I wrong?

(note: dan.com is a test AD domain)

graphite:~ root# klist -kt
Keytab name: FILE:/etc/krb5.keytab
KVNO Timestamp Principal
—- —————– ——————————————————–
2 11/29/07 17:23:40 afpserver/[email protected]
2 11/29/07 17:23:40 afpserver/[email protected]
2 11/29/07 17:23:41 afpserver/[email protected]
2 11/29/07 17:23:41 ftp/[email protected]
2 11/29/07 17:23:41 ftp/[email protected]
2 11/29/07 17:23:41 ftp/[email protected]
2 11/29/07 17:23:41 imap/[email protected]
2 11/29/07 17:23:41 imap/[email protected]
2 11/29/07 17:23:41 imap/[email protected]
2 11/29/07 17:23:41 pop/[email protected]
2 11/29/07 17:23:41 pop/[email protected]
2 11/29/07 17:23:41 pop/[email protected]
2 11/29/07 17:23:41 HTTP/[email protected]
2 11/29/07 17:23:41 HTTP/[email protected]
2 11/29/07 17:23:41 HTTP/[email protected]
2 11/29/07 17:23:41 http/[email protected]
2 11/29/07 17:23:41 http/[email protected]
2 11/29/07 17:23:41 http/[email protected]
2 11/29/07 17:23:41 nfs/[email protected]
2 11/29/07 17:23:41 nfs/[email protected]
2 11/29/07 17:23:41 nfs/[email protected]
2 11/29/07 17:23:41 smtp/[email protected]
2 11/29/07 17:23:41 smtp/[email protected]
2 11/29/07 17:23:41 smtp/[email protected]
2 11/29/07 17:23:41 host/[email protected]
2 11/29/07 17:23:41 host/[email protected]
2 11/29/07 17:23:41 host/[email protected]
2 11/29/07 17:23:41 cifs/[email protected]
2 11/29/07 17:23:41 cifs/[email protected]
2 11/29/07 17:23:41 cifs/[email protected]
2 11/29/07 17:23:41 XMPP/[email protected]
2 11/29/07 17:23:41 XMPP/[email protected]
2 11/29/07 17:23:41 XMPP/[email protected]
2 11/29/07 17:23:41 xmpp/[email protected]
2 11/29/07 17:23:41 xmpp/[email protected]
2 11/29/07 17:23:41 xmpp/[email protected]
2 11/29/07 17:23:41 ipp/[email protected]
2 11/29/07 17:23:41 ipp/[email protected]
2 11/29/07 17:23:41 ipp/[email protected]
2 11/29/07 17:23:41 vpn/[email protected]
2 11/29/07 17:23:41 vpn/[email protected]
2 11/29/07 17:23:41 vpn/[email protected]
2 11/29/07 17:23:41 xgrid/[email protected]
2 11/29/07 17:23:41 xgrid/[email protected]
2 11/29/07 17:23:41 xgrid/[email protected]
2 11/29/07 17:23:41 ldap/[email protected]
2 11/29/07 17:23:41 ldap/[email protected]
2 11/29/07 17:23:41 ldap/[email protected]
2 11/29/07 17:23:41 cifs/[email protected]
2 11/29/07 17:23:41 cifs/[email protected]
2 11/29/07 17:23:41 cifs/[email protected]
2 11/29/07 17:23:41 [email protected]
2 11/29/07 17:23:41 [email protected]
2 11/29/07 17:23:41 [email protected]

[Author]

Posts