Kerberos working except for one user.

[mamunoz]

I have a server that is working great Kerberos etc all work like a champ except for this one user. I have verified the issue on multiple machines and can get other user tickets on this machine so I know it is working. Essentially typing in his credentials gets. “Client not found in Kerberos Database.” I would just delete the user and get it working, only problem is that this user is an admin and more importantly a diradmin. So long story short is there a way to force this user into the database? Thanks for any help you guys can provide!

[gw1500se]

You don’t say what version of OS X server you are using but I know this is a problem on 10.4 because we encounter it a couple of times each week. I would hope it is fixed in 10.5 and 10.6 but maybe not if you are using one of those. The Apple password and Kerberos databases are out of sync. Anyway, the way we fix it on Tiger is simple but you’ll likely find it strange:

In Workgroup manager highlight the errant user and click the “Advanced” tab. Change the “User Password Type” to crypt password. Enter the password in the resulting dialog box and then save. Next, click off that user to any other (don’t ask me why, I just know it won’t work otherwise) then click back to the errant user. Now switch the “User Password Type” back to open directory then again enter the password in the dialog and save. That will sync the Apple password and Kerberos databases.

If that doesn’t fix it then you must have discovered something new and I’m afraid I won’t be much help.

[Author]

Posts