Home Forums OS X Server and Client Discussion Open Directory kdc log error krb5kdc connection refused when trying to create home directories

Viewing 1 post (of 1 total)
  • Author
    Posts
  • January 30, 2006 at 5:33 am #365022
    smithsm
    Participant

    I am trying to use Open Directory on 10.4.4 server. I can’t create home directories for net users.
    I have verified all the dns stuff.
    No errors in named log
    hostname returns the correct fqdn and reverse lookups work
    LDAP , Kerberos, etc are all running.
    I can authenticate my directory administrator into the domain.
    the home directory paths look good.
    I tried createhomedirs -a but did not do anything
    I have the /etc/hostconfig HOSTNAME=server.prosapien.com
    I tried the “kick start” by disabling and reenabling the network mount of the network users directory in WGM

    It just won’t create home directories.
    Everytime I try, I get the following error in the kdc log

    Jan 29 21:06:22 server.prosapien.com krb5kdc[293](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 204.228.142.18: CHECK_PWS_ACCT: [email protected] for krbtgt/[email protected], Connection refused

    What is this saying. Does the [email protected] seem right?

    I listed the principles in kadmin and they looked fine

    I used sso_util info to see what I could find and I don’t have a secure record. I don’t know if this is related. (SEE BELOW)

    Anyone have any idea how to fix this?

    I have tried demoting and repromoting to Open Directory Master several times but no change.

    Is there something I can do to fix this so I don’t have to do a clean install. This was a clean install of 10.4.3 upgraded to 10.4.4.

    server:~ admin$ sudo sso_util info -g
    Default Realm Name: SERVER.PROSAPIEN.COM

    server:~ admin$ sudo sso_util info -l
    afp
    ftp
    imap
    pop
    HTTP
    http
    smtp
    ssh
    smb
    xmpp
    ipp
    vpn
    xgrid

    server:~ admin$ sudo sso_util info -r .
    This machine is part of a kerberized directory, realm name is:SERVER.PROSAPIEN.COM

    server:~ admin$ sudo sso_util info -sa -v 100
    FindOurConfigRecord: our MAC address is: 00:03:93:f4:c7:80
    ComputerRecordByMAC: searching….
    ComputerRecordByMAC: dsDoAttributeValueSearchWithData returns 0 rec = 0
    dsDoAttributeValueSearchWithData returns 0, record count = 0
    ComputerRecordByMAC: Cannot find the computer record, error = 2
    FindOurConfigRecord: No record found, error = 2
    DirNodeIsAD: need to figure out the path…
    DirNodeIsAD: node path to check is : /LDAPv3/127.0.0.1
    DisplayConfigRecord: unable to find the computer record

  • Author
    Posts
Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.