So, I’ve been reading all the apple manuals and all the blogs about setting up open directory and kerberos, and I’m at my wits end. We have a brand new Xserve, running 10.4.6, and we’re trying to set up Open Directory so we can provide centralized storage and login and all these other trappings of a real network. It seems like Open Directory is running, with our Xserve as the master (there are no replicas), and now we want to implement single sign-on with kerberos. Unfortunately, Kerberos seems to be impossible to get working.
We have DNS running. We’re a small company and we just have a T1 without it’s own fancy domain name, so I set it up with a domain stylesight.internal (so the xserve is xserve.stylesight.internal). The xserve’s hostname is xserve.stylesight.internal according to the hostname cmd, and in Network Utility both the lookup and the reverse lookup are working. However, the Kerberos service comes up as stopped. The manual says now I should go to the Open Directory panel in Server Admin and choose Settings… General, and click on the Kerberize button. Funny thing is, you go there, and there’s no Kerberize button! I tried add kerberos record but that didn’t do anything – Kerberos is still stopped. Most of the documentation I can find is for 10.2, and it doesn’t seem to apply anymore. I have a /Library/Preferences/edu.mit.Kerberos file configured with all the appropriate settings.
It really just comes down to the Kerberize button – it’s not there! How do I get it to show up, or does it just not exist anymore? Has it moved? Thanks for any insight!
—
Steve
.
.
Comments are closed