AFP548

kdc log error krb5kdc connection refused when trying to create home directories

smithsm
I am trying to use Open Directory on 10.4.4 server. I can't create home directories for net users.
I have verified all the dns stuff.
No errors in named log
hostname returns the correct fqdn and reverse lookups work
LDAP , Kerberos, etc are all running.
I can authenticate my directory administrator into the domain.
the home directory paths look good.
I tried createhomedirs -a but did not do anything
I have the /etc/hostconfig HOSTNAME=server.prosapien.com
I tried the "kick start" by disabling and reenabling the network mount of the network users directory in WGM

It just won't create home directories.
Everytime I try, I get the following error in the kdc log

Jan 29 21:06:22 server.prosapien.com krb5kdc[293](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 204.228.142.18: CHECK_PWS_ACCT: diradmin@SERVER.PROSAPIEN.COM for krbtgt/SERVER.PROSAPIEN.COM@SERVER.PROSAPIEN.COM, Connection refused

What is this saying. Does the server.prosapien.com@server.prosapien.com seem right?

I listed the principles in kadmin and they looked fine

I used sso_util info to see what I could find and I don't have a secure record. I don't know if this is related. (SEE BELOW)

Anyone have any idea how to fix this?

I have tried demoting and repromoting to Open Directory Master several times but no change.

Is there something I can do to fix this so I don't have to do a clean install. This was a clean install of 10.4.3 upgraded to 10.4.4.

server:~ admin$ sudo sso_util info -g
Default Realm Name: SERVER.PROSAPIEN.COM


server:~ admin$ sudo sso_util info -l
afp
ftp
imap
pop
HTTP
http
smtp
ssh
smb
xmpp
ipp
vpn
xgrid

server:~ admin$ sudo sso_util info -r .
This machine is part of a kerberized directory, realm name is:SERVER.PROSAPIEN.COM

server:~ admin$ sudo sso_util info -sa -v 100
FindOurConfigRecord: our MAC address is: 00:03:93:f4:c7:80
ComputerRecordByMAC: searching....
ComputerRecordByMAC: dsDoAttributeValueSearchWithData returns 0 rec = 0
dsDoAttributeValueSearchWithData returns 0, record count = 0
ComputerRecordByMAC: Cannot find the computer record, error = 2
FindOurConfigRecord: No record found, error = 2
DirNodeIsAD: need to figure out the path...
DirNodeIsAD: node path to check is : /LDAPv3/127.0.0.1
DisplayConfigRecord: unable to find the computer record

Exit mobile version