AFP548

Disable KDC on Leopard OD Master? (AD/OD Magic Triangle)

dds
I have a "Magic Triangle" OD server running 10.5.1. It is an OD master and it is also bound to AD 2003 domain/realm too. I use AD for authentication and OD for Mac computer policy management (MCX) How do I disable the local OD KDC before I bind the OD server to AD? I understand the process on Tiger Server, but I have heard that Leopard server is different. To the best of my knowledge, this is the steps for Tiger: 1 Create OD Master 2 Disable KDC on newly created OD master A sso_util remove -k -a -p -r (Question: is the "-r " needed? If so whats the name of the realm?) B dscl -u /LDAPv3/127.0.0.1 -delete /Config/KerberosKDC (Question: I don't see this in my path - it doesnt exist - is this right?) C dscl -u /LDAPv3/127.0.0.1 -delete /Config/KerberosClient (Question: I don't see this in my path - it doesnt exist - is this right?) 3) Verify: A klist -kt (Question: What should I see or what should I not see here? See my example below) B cat /library/Preferences/edu.mit.kerberos (What should I expect to see or not see here?) C Check Server Admin OD settings - Kerberos is: Stopped" 4) Bind to Active Directory: 5) Verify again to be safe: A klist -kt (What should I see or what should I not see here?) B cat /library/Preferences/edu.mit.kerberos (What should I expect to see or not see here?) C Check Server Admin OD settings - "Kerberos is: Stopped" Here is what I see with the klist-kt command (to me it looks like I have 2 conflicting realms here!) Am I wrong? (note: dan.com is a test AD domain) graphite:~ root# klist -kt Keytab name: FILE:/etc/krb5.keytab KVNO Timestamp Principal ---- ----------------- -------------------------------------------------------- 2 11/29/07 17:23:40 afpserver/graphite.dan.com@DAN.COM 2 11/29/07 17:23:40 afpserver/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 afpserver/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 ftp/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 ftp/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 ftp/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 imap/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 imap/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 imap/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 pop/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 pop/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 pop/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 HTTP/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 HTTP/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 HTTP/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 http/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 http/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 http/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 nfs/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 nfs/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 nfs/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 smtp/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 smtp/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 smtp/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 host/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 host/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 host/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 cifs/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 cifs/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 cifs/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 XMPP/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 XMPP/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 XMPP/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 xmpp/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 xmpp/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 xmpp/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 ipp/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 ipp/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 ipp/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 vpn/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 vpn/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 vpn/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 xgrid/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 xgrid/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 xgrid/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 ldap/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 ldap/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 ldap/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 cifs/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 cifs/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 cifs/graphite.dan.com@DAN.COM 2 11/29/07 17:23:41 graphite$@DAN.COM 2 11/29/07 17:23:41 graphite$@DAN.COM 2 11/29/07 17:23:41 graphite$@DAN.COM
Exit mobile version