AFP548

Login Problems – Help – I’ve got the shakes.

D-ma
I have a brand new Xserve but I can't log in? Yesterday I installed 10.4.8 Server on our new Xserve (intel quad xeon). I haven't done anything fancy, the only thing out of the ordinary is that I've setup DHCP and DNS as in the article: https://www.afp548.com/article.php?story=20060529143335323&query=combining%2BDHCP%2Band%2BDNS DNS and DHCP appear to be working. both forward and reverse lookups work. and workstations are getting IP fine. AFP and Open Directory are running and look happy. But when I go to log in on a workstation all l get is a shaking login screen. I have bound the workstation to the server. I thought that it may to to do with the binding and when I go to remove the server binding it says 'can't connect to the server' so I have to forceably remove it, and rebinding doen't work. I have tried several different workstations - all 10.4 machines. and several different users, and for some reason one workstation works fine and all the rest don't?? I haven't done anything different to this workstation lookupd, slapd, Password Server and Kerberos all report as running in Server Admin I have tried changing Authentication under AFP to Standard but it made no difference. I am lost for what to do next - I'm not even sure which log file to post. Here are some of the Open Directory logs: kdc Log Dec 29 18:39:15 kermit.dac.ac.nz krb5kdc[235](info): TGS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.3.238: ISSUE: authtime 1167370755, etypes {rep=16 tkt=16 ses=16}, aaron@KERMIT.DAC.AC.NZ for ldap/kermit.dac.ac.nz@KERMIT.DAC.AC.NZ Dec 29 18:39:21 kermit.dac.ac.nz krb5kdc[235](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.3.238: NEEDED_PREAUTH: aaron@KERMIT.DAC.AC.NZ for krbtgt/KERMIT.DAC.AC.NZ@KERMIT.DAC.AC.NZ, Additional pre-authentication required Dec 29 18:39:21 kermit.dac.ac.nz krb5kdc[235](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.3.238: ISSUE: authtime 1167370761, etypes {rep=16 tkt=16 ses=16}, aaron@KERMIT.DAC.AC.NZ for krbtgt/KERMIT.DAC.AC.NZ@KERMIT.DAC.AC.NZ Dec 29 18:39:21 kermit.dac.ac.nz krb5kdc[235](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.3.238: NEEDED_PREAUTH: test@KERMIT.DAC.AC.NZ for krbtgt/KERMIT.DAC.AC.NZ@KERMIT.DAC.AC.NZ, Additional pre-authentication required Dec 29 18:39:21 kermit.dac.ac.nz krb5kdc[235](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.3.238: CHECK_PWS_ACCT: test@KERMIT.DAC.AC.NZ for krbtgt/KERMIT.DAC.AC.NZ@KERMIT.DAC.AC.NZ, Cannot allocate memory Dec 29 18:39:21 kermit.dac.ac.nz krb5kdc[235](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.3.220: NEEDED_PREAUTH: magenta-02-08@KERMIT.DAC.AC.NZ for krbtgt/KERMIT.DAC.AC.NZ@KERMIT.DAC.AC.NZ, Additional pre-authentication required Dec 29 18:39:21 kermit.dac.ac.nz krb5kdc[235](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.3.220: CHECK_PWS_ACCT: magenta-02-08@KERMIT.DAC.AC.NZ for krbtgt/KERMIT.DAC.AC.NZ@KERMIT.DAC.AC.NZ, Cannot allocate memory Dec 29 18:39:23 kermit.dac.ac.nz krb5kdc[235](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.3.238: NEEDED_PREAUTH: test@KERMIT.DAC.AC.NZ for krbtgt/KERMIT.DAC.AC.NZ@KERMIT.DAC.AC.NZ, Additional pre-authentication required Dec 29 18:39:23 kermit.dac.ac.nz krb5kdc[235](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.3.238: CHECK_PWS_ACCT: test@KERMIT.DAC.AC.NZ for krbtgt/KERMIT.DAC.AC.NZ@KERMIT.DAC.AC.NZ, Cannot allocate memory Dec 29 18:39:33 kermit.dac.ac.nz krb5kdc[235](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.3.221: NEEDED_PREAUTH: magenta-02-07@KERMIT.DAC.AC.NZ for krbtgt/KERMIT.DAC.AC.NZ@KERMIT.DAC.AC.NZ, Additional pre-authentication required Dec 29 18:39:33 kermit.dac.ac.nz krb5kdc[235](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.3.221: CHECK_PWS_ACCT: magenta-02-07@KERMIT.DAC.AC.NZ for krbtgt/KERMIT.DAC.AC.NZ@KERMIT.DAC.AC.NZ, Cannot allocate memory LDAP Log Dec 29 18:32:08 kermit slapd[77]: SASL [conn=861] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n Dec 29 18:32:08 kermit slapd[77]: Entry (uid=untitled_1,cn=users,dc=kermit,dc=dac,dc=ac,dc=nz): object class 'posixAccount' requires attribute 'homeDirectory'\n Dec 29 18:32:08 kermit slapd[77]: entry failed schema check: object class 'posixAccount' requires attribute 'homeDirectory'\n Dec 29 18:32:40 kermit slapd[77]: SASL [conn=863] Failure: no user in database\n Dec 29 18:34:21 kermit slapd[77]: SASL [conn=866] Failure: no user in database\n Dec 29 18:34:33 kermit slapd[77]: SASL [conn=868] Failure: no user in database\n Dec 29 18:34:44 kermit slapd[77]: SASL [conn=871] Failure: no user in database\n Dec 29 18:34:44 kermit slapd[77]: SASL [conn=871] Failure: no user in database\n Dec 29 18:35:10 kermit slapd[77]: SASL [conn=873] Failure: no user in database\n Dec 29 18:36:51 kermit slapd[77]: SASL [conn=884] Failure: no user in database\n Dec 29 18:37:03 kermit slapd[77]: SASL [conn=886] Failure: no user in database\n Dec 29 18:37:40 kermit slapd[77]: SASL [conn=888] Failure: no user in database\n Dec 29 18:39:15 kermit slapd[77]: SASL [conn=915] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n Dec 29 18:39:21 kermit slapd[77]: SASL [conn=927] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n Dec 29 18:39:21 kermit slapd[77]: SASL [conn=929] Failure: no user in database\n Dec 29 18:39:23 kermit slapd[77]: SASL [conn=932] Failure: no user in database\n Dec 29 18:39:33 kermit slapd[77]: SASL [conn=934] Failure: no user in database\n Dec 29 18:40:10 kermit slapd[77]: SASL [conn=936] Failure: no user in database\n Dec 29 18:40:41 kermit slapd[77]: SASL [conn=938] Failure: no user in database\n Dec 29 18:40:58 kermit slapd[77]: SASL [conn=940] Failure: no user in database\n Dec 29 18:40:58 kermit slapd[77]: SASL [conn=940] Failure: no user in database\n Dec 29 18:41:51 kermit slapd[77]: SASL [conn=942] Failure: no user in database\n Password Service Server Log Dec 29 2006 18:43:12 KERBEROS-LOGIN-CHECK: policy violation (-7) for user {0x4594556f5f0dfb4f0000000a0000000a, test} Dec 29 2006 18:43:12 QUIT: {no user} disconnected. Dec 29 2006 18:43:12 KERBEROS-LOGIN-CHECK: user {0x4594556f5f0dfb4f0000000a0000000a, test} authentication failed. Dec 29 2006 18:43:12 QUIT: {no user} disconnected. Dec 29 2006 18:43:12 RSAVALIDATE: success. Dec 29 2006 18:43:12 USER: {0x4594556f5f0dfb4f0000000a0000000a, test} is the current user. Dec 29 2006 18:43:12 AUTH2: {0x4594556f5f0dfb4f0000000a0000000a, test} password change required. Dec 29 2006 18:43:12 QUIT: {0x4594556f5f0dfb4f0000000a0000000a, test} disconnected. Dec 29 2006 18:43:14 AUTH2: {0x4594556f5f0dfb4f0000000a0000000a, test} password change required. Dec 29 2006 18:43:14 KERBEROS-LOGIN-CHECK: policy violation (-7) for user {0x4594556f5f0dfb4f0000000a0000000a, test} Dec 29 2006 18:43:14 QUIT: {no user} disconnected. Dec 29 2006 18:43:14 KERBEROS-LOGIN-CHECK: user {0x4594556f5f0dfb4f0000000a0000000a, test} authentication failed. Dec 29 2006 18:43:14 QUIT: {no user} disconnected. Dec 29 2006 18:43:14 RSAVALIDATE: success. Dec 29 2006 18:43:14 USER: {0x4594556f5f0dfb4f0000000a0000000a, test} is the current user. Dec 29 2006 18:43:14 AUTH2: {0x4594556f5f0dfb4f0000000a0000000a, test} password change required. Dec 29 2006 18:43:14 QUIT: {0x4594556f5f0dfb4f0000000a0000000a, test} disconnected. Dec 29 2006 18:43:14 AUTH2: {0x4594556f5f0dfb4f0000000a0000000a, test} password change required. Dec 29 2006 18:43:14 KERBEROS-LOGIN-CHECK: policy violation (-7) for user {0x4594556f5f0dfb4f0000000a0000000a, test} Dec 29 2006 18:43:14 QUIT: {no user} disconnected. Dec 29 2006 18:43:14 KERBEROS-LOGIN-CHECK: user {0x4594556f5f0dfb4f0000000a0000000a, test} authentication failed. Dec 29 2006 18:43:14 QUIT: {no user} disconnected. Dec 29 2006 18:43:14 RSAVALIDATE: success. Dec 29 2006 18:43:14 USER: {0x4594556f5f0dfb4f0000000a0000000a, test} is the current user. Dec 29 2006 18:43:14 AUTH2: {0x4594556f5f0dfb4f0000000a0000000a, test} password change required. Dec 29 2006 18:43:14 QUIT: {0x4594556f5f0dfb4f0000000a0000000a, test} disconnected. Password Service Replication Log Dec 29 2006 09:45:43 DoSync: This password server does not have replicas. Dec 29 2006 10:01:17 DoSyncKerberosDeferrals: This password server does not have replicas. Dec 29 2006 10:01:17 DoSync: This password server does not have replicas. Dec 29 2006 11:13:00 DoSyncKerberosDeferrals: This password server does not have replicas. Dec 29 2006 11:13:00 DoSync: This password server does not have replicas. Dec 29 2006 12:30:06 DoSyncKerberosDeferrals: This password server does not have replicas. Dec 29 2006 12:30:06 DoSync: This password server does not have replicas. Dec 29 2006 12:50:06 DoSync: This password server does not have replicas. Dec 29 2006 13:02:56 DoSync: This password server does not have replicas. Dec 29 2006 18:31:52 DoSync: This password server does not have replicas. slapconfig Log 2006-12-28 15:13:43 +1300 - command: /usr/sbin/sso_util configure -x -r KERMIT.DAC.AC.NZ -f /LDAPv3/127.0.0.1 -a dan -p **** -v 1 ldap 2006-12-28 15:13:43 +1300 - sso_util command output: Contacting the directory server Creating the service list Creating the service principals WARNING: no policy specified for ldap/kermit.dac.ac.nz@KERMIT.DAC.AC.NZ; defaulting to no policy Creating the keytab file kadmin.local: No entry for principal ldap/kermit.dac.ac.nz@KERMIT.DAC.AC.NZ exists in keytab WRFILE:/etc/krb5.keytab Configuring services WriteSetupFile: setup file path = /temp.Nc57/setup Any help would be very much appreciated. Thanks.
Exit mobile version