OD Binding & Joining Kerberos Realm

[jnierodzik]

Im testing Leopard server in the lab and am having problems joining my file server to the kerberos realm hosted by the ODM. In my best efforts I have gotten the “Join Kerberos” button to vanish and in my worst it’s not; in either case though Server Admin shows the role as connected and keberos as stopped with the indicator circle being gray. On the ODM however LDAP Server, Password Server, and Kerberos all list as running and the indicator is green. In my tests the servers were installed as Advanced and patched up to 10.5.4 with the combo updater before any promoting of roles or attempting binding. The logs don’t appear to show me anything unusual and I’m about 99.9% positive that my dns has been fully functional.

So… Obviously something is wrong. I’m going to wipe the slate here and reinstall server on the two machines and patch them up again. And therein I turn to you all. Can someone provide me with a walk along of how I should be doing this? I’ve checked the usual boards and lists, I’ve read the docs, and I never had this problem with Tiger so somewhere my brain is shorting.

Anyone care to help? Thanks!

[burke2134]

Were you ever able to come up with a solution to this one? I have the exact same problem (though I never have successfully gotten the “Join Kerberos” button to vanish). I spent several hours on the phone with Apple Enterprise support yesterday but they were unable to come up with a solution. They did escalate the issue but it’s unlikely I’ll hear back until after the Labor Day weekend.

Many thanks…

[wstrucke]

I’m also having a similar problem. all of my servers are joined to the open directory without a problem but I can not get a single one of them to join the kerberos realm. when i click join kerberos realm, enter the delegated credentials, the box thinks for a minute, disappears, but the server is not actually joined.

i never had a problem doing this in tiger so this is rather frustrating.

anyone have any ideas?

[wstrucke]

thanks

so I suspect my problem is a missing keytab entry for the server… though i’m not positive.

the server’s computer name and local host name are both “example-server”

i have the server bound to the directory and it has bound itself as “example-server$”

yet when I run sso_util configure … the server tries to kerberize itself as “example-server.fqdn@realm”

so I suspect the problem is that the server is binding itself as “example-server$” when it should be “example-server.fqdn”. Does that make sense? The whole $ thing in the computer records has had be baffled to begin with… I don’t see why there would be two records for a single machine, so which one should it be?

[mosx86]

[QUOTE][u]Quote by: wstrucke[/u][p]I’m also having a similar problem. all of my servers are joined to the open directory without a problem but I can not get a single one of them to join the kerberos realm. when i click join kerberos realm, enter the delegated credentials, the box thinks for a minute, disappears, but the server is not actually joined.

i never had a problem doing this in tiger so this is rather frustrating.

anyone have any ideas?[/p][/QUOTE]

I too am having the same exact problem, however while the server does not think its joined the kerberos realm, if you dump the KDC on the ODM all the principals have been created. As far as I can tell services are kerberized, but the server simply doesn’t think it is.

[Author]

Posts