Home Forums OS X Server and Client Discussion Open Directory GSSAPI errors in console.log when connected via VPN

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • March 3, 2007 at 6:57 am #368455
    VirtualWolf
    Participant

    I’ve got a Mac mini with VPN and Kerberos and whatnot running at home, and I VPN into it when I’m at work. I can get a Kerberos ticket fine, but I was getting a bunch of these messages coming up in console.log:

    [b]Mar 3 14:41:49 Transient DirectoryService[86]: GSSAPI Error: Miscellaneous failure (Server not found in Kerberos database)
    Mar 3 14:41:50 Transient DirectoryService[86]: DSLDAPv3PlugIn: Required Policies not Supported: No ClearText. LDAP Connection for Node sprite.core denied.
    Mar 3 14:41:50 Transient DirectoryService[86]: DSLDAPv3PlugIn: Policy Violation. Disabled future attempts to bind to [10.0.1.253] for 1 hour.[/b]

    I did some fiddling and enabled SSL on the server, and I don’t get those messages anymore, but instead these:

    [b]Mar 3 17:30:19 Transient DirectoryService[86]: GSSAPI Error: Miscellaneous failure (Server not found in Kerberos database)[/b]

    And occasionally this:

    [b]Mar 3 17:22:57 Transient DirectoryService[86]: Bind failure in Replica retrieval: During an attempt to bind to [10.0.1.253] LDAP server.
    Mar 3 17:22:57 Transient DirectoryService[86]: Bind failure in Replica retrieval: Disabled future attempts to bind to [10.0.1.253] LDAP server for next 120 seconds.[/b]

    Everything seems to work error-free when I’m at home connected to the local network, it just seems to be VPN that’s being a bit funny. I’ve also found that once I have a Kerberos ticket, AFP will work correctly via the VPN, but SSH still prompts me for a password rather than being SSO.

    Is it possible to get this going correctly over a VPN?

    Client and server are both running 10.4.8.

    On a somewhat related note, a while ago when I’d go to connect via AFP to my server and I /didn’t/ have a Kerberos ticket, it’d prompt me to put my Open Directory username and password in. Somewhere along the line that stopped working, and if I don’t already have a ticket now, it’ll just give me the standard AFP username/password window. I’ve tried setting AFP on the server to Kerberos only, but when I don’t have a ticket it just says that the server doesn’t support the authentication method I’m using. Any idea how I might have gotten this going originally? :D[quote]

    March 7, 2007 at 2:26 am #368488
    VirtualWolf
    Participant

    Anyone? 🙁

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.