Home Forums OS X Server and Client Discussion Questions and Answers Kerberos Question

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • January 25, 2006 at 12:38 am #364931
    leomunoz
    Participant

    i have a server that is named lcg-fs01 in the dns and the look up points to that. I did a klist -tk and got :
    3 11/16/05 21:18:48 ldap/[email protected]

    Why would i get lfc-fs1 at lcg-fs01? we had a server named lfc-fs1 but no longer in service. is there a way to change the first part of the name to lcg-fs01?

    January 25, 2006 at 1:21 pm #364949
    maccanada
    Participant

    What are the results of:
    scutil –get HostName
    and
    hostname

    ~Ian

    January 25, 2006 at 5:13 pm #364955
    leomunoz
    Participant

    Okay after reading the man page for this util. I get this info for the scutil –get
    LocalHostName –
    LCG-FS01
    HostName –
    HostName: not set

    ComputerName –
    LCG-FS01

    January 25, 2006 at 8:57 pm #364963
    maccanada
    Participant

    So use scutil –setHostName to set the right name and everything should be good.

    ~Ian

    January 27, 2006 at 10:28 pm #364996
    leomunoz
    Participant

    could it be the server is sending the wrong configurations for the client? if so is there a way to fix the server? dose it have to do with the krb5.keytab file? do i need to get that file to rewrite itself? Would i have to run kdcsetup or something that will rewrite the krb5.keytab file?

    —————–

    The edu.mit.kerberos file got written the first time with all thew
    wrong info and it looks like it didn’t get properly rewritten after
    you had corrected the name problem. You can either leave your edit in
    the file, or trash the whole file and do it over. I’d edit, personally.

    On 27-Jan-06, at 2:34 PM, leomunoz wrote:

    >
    > Okay set up that host name.
    > I still have one issue that was happening before. I set up a
    > clients computer to connect to the server in the ldap3. It dose
    > that okay. The I use the kerberos app to get the ticket and it
    > tells me that kerberos login failed cannot resolve network address
    > for kdc in requested realm. So I go to the edit realm and under the
    > servers it has the wrong server listed.
    > The 2 lines are as follows.
    > v5 kdc lfc-fs1.west.lennarcorp.com 88

    > v5 admin lfc-fs1.west.lennarcorp.com 749
    >
    > If I change the lfc-fs1 to lcg-fs01 the kerberos works fine. Would
    > you know why it would put in the lfc-fs1 server? I thought it was
    > the host name thing.

    January 28, 2006 at 12:03 am #364999
    maccanada
    Participant

    What’s in the edu.mit.kerberos file on your server? You’ll probably find the wrong name is in there.

    January 28, 2006 at 2:14 am #365002
    leomunoz
    Participant

    Your right it was wrong in this file. Now do I just change this file in pico or vi and restart? Thanks to all of you for your help so far, as I’m still new at all this server stuff.

    January 28, 2006 at 12:19 pm #365008
    maccanada
    Participant

    No problem. Yes, you can either change that file or, if it’s a test server and you don’t mind losing stuff, demote back to a standalone, then re-promote to OD master making sure the Kerberos info that gets automatically entered is correct.

  • Author
    Posts
Viewing 8 posts - 1 through 8 (of 8 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.