LDAP and KDC disaster recovery

[Anonymous]

We had some kind of failure with our open directory master. I still have no idea what is was/is but the immediate goal is to get everything back. I was able to change the master to a replication server and the replication server to master and then it rebuilt the database on the orignial master. I then set the orignal master back to a master. The LDAP database is now OK and authentication partially works.

The remaining problem is the KDC. The rebuild did not include the KDC so some of our stuff that requires tickets will not work. When I try to start ‘kadmind’ it says is cannot read the master password file. Where is this file (the kdc.conf does not have a key_stash_file entry to tell me where it is hidden) so I can restore it from a backup. If that doesn’t work how can I get the LDAP server to rebuild the KDC?

Urgently need help. TIA.

[Anonymous]

After much gnashing of teeth and cleanup, I was finally able to recreate the KDC using the ‘First Look’ article. Now, how do I force a refresh of the KDC from the ldap server? TIA.

[Author]

Posts