Kerberos errors in 10.4.11

[spunkmeyer88]

Server was working fine until recent updates, but started receiving these errors occasionally when students would login:

Apr 20 14:23:23 servername DirectoryService[123]: GSSAPI Error: Miscellaneous failure (Server not found in Kerberos database)
Apr 20 14:23:47 servername ipurge[26414]: DBERROR: reading /var/imap/db/skipstamp, assuming the worst: No such file or directory
Apr 20 14:28:05 servername /usr/sbin/PasswordService: client response doesn’t match what we generated

The last line repeats a number of times. The other two messages only pop up periodically.

The server is set to be ODM.

G5 2×2.0 tower

Tried changing a test group of users over to crypto for login type with no apparent effect.

Considering going through these steps to troubleshoot it:

1.) Move to OpenDirectory to stand alone mode.
2.) Back up all files that matched /var/db/dslocal/nodes/Default/config/Kerberos/*.plist
3.) Delete all of the files that matched /var/db/dslocal/nodes/Default/config/Kerberos/*.plst
4.) Restart the server
5.) Promote OD to master

Any other suggestions?

[TimBloom]

I’m having very similar issues. I don’t know weather it started with 10.4.11 or not. I think it originated when we changed the hostname to a proper FQDN using the changeip function. Multiple people setup and maintained this server before I was put in charge of it (of course no information was left to me other than a list of passwords). Kerberos is quite foreign to me, but I’m constantly getting errors of:

GSSAPI Error: Miscellaneous failure (Server not found in Kerberos database)

Looking at the machine records in WGM shows them all with the previous hostname listed.

I’ve seen the OP’s steps listed multiple times and have debated doing it. The services work, but many things like WGM and sometimes login are extremely slow, and the errors pop up in the log generally when those events occur.

I just have a few questions about the results:
Is this recommended?
Will I lose anything in doing this (passwords, bindings, etc..)?
What precautions beside “Backup everything!” will I need to take to ensure the restore and resurrection goes smoothly?
Will I be needing to re-bind the client computers to the domain?

It’s only around 25 client computers.

This is the firm’s only server and hosts everything for them (mail, directory, websites, firewall, dns, file services, etc..) and they all work directly from it, so if I do this I need to do it right the first time, with minimal downtime. Any other suggestions? Or did the original poster find a workaround?

Sorry for all the questions, I’d understand the system better if it had been in my hands the entire time, but everyday I’m finding something rigged up in a strange way or broken but somehow still operating. 😐

[Author]

Posts