Hi!
I'm trying to setup a new server with 10.4 Server, but I simply can't get Kerberos to work. I have now tried everything I can think of so now I ask here, to see if you can help.
This is a fresh install, so the first thing I do is to make sure that the DNS - which is running on the same server - is ok. I make one zone and to start with that's all, no CNAMES, no MX etc. I then restart and check that the machines hostname is indeed what i want it to be, and check DNS and reverse DNS with dig in the terminal and lookupd through Network Utility. Everything looks ok.
Then I promote the server to an Open Directory Master and get the dialog where I create the Kerberos realm. Everything still looks ok. After that it looks like Kerberos is running - at least thats what Server Admin is telling me, but it doesn't work. When I check the logs I can see several errors. I have changed the real hostname to myserver.domain.tld in this post:
Direcotry Services Error log:
2005-05-22 06:13:15 PDT - Attempt #1 to initialize plug-in LDAPv3 failed.
Will retry initialization at most 100 times every 1 second.
2005-05-22 06:13:15 PDT - Network transition in LDAPv3 plugin returned error -14279
kadmin.log:
May 22 16:09:30 myserver.domain.tld kadmin.local[316](info): No dictionary file specified, continuing without one.
LDAP Log:
May 22 16:09:16 myserver slapd[276]: @(#) $OpenLDAP: slapd 2.2.19 $
May 22 16:09:16 myserver slapd[276]: bdb_back_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003)
May 22 16:09:16 myserver slapd[276]: bdb_db_init: Initializing BDB database
May 22 16:09:17 myserver slapd[276]: slapd starting
May 22 16:09:41 myserver slapd[276]: <= bdb_substring_candidates: (apple-mcxflags) index_param failed (18)
slapconfig Log:
2005-05-22 16:09:28 +0200 - kerberosautoconfig command failed with status 255
2005-05-22 16:09:28 +0200 - command: /usr/sbin/mkpassdb -kerberize
2005-05-22 16:09:28 +0200 - mkpassdb command output:
kadmin.local: unable to get default realm
kadmin.local: unable to get default realm
2005-05-22 16:09:28 +0200 - command: /usr/sbin/vpnaddkeyagentuser -q /LDAPv3/127.0.0.1
2005-05-22 16:09:30 +0200 - slapconfig -setldapconfig
2005-05-22 16:09:30 +0200 - command: /usr/sbin/mkpassdb -setreplicationinterval 86400 SyncAnytime
Does this make any sense to you? LDAP is working since I can log into networked homes but Kerberos is not working since I have to enter passwords when using ssh after already being logged in. I simply can't figure out where I'm doing something wrong.
I'm wondering if it has something to do with the fact, that it's impossible to define the hostname doing the setup of the server. It seems like even though the server later got the right hostname through DNS it still defaults to myserver.local in Server Admin and Workgroup Manager, and not server.domain.tld.