Remove OD Replica record/fix kerberos issue

[NoSpin]

We have an open directory master 10.0.1.9 and a couple of replica servers 10.0.1.10 and 10.0.1.1. The address of one of the replicas has changed from 10.0.1.11 to 10.0.1.1 and is our new firewall.

On the master 10.0.1.9 in server admin/open directory the list of replicas shows 10.0.1.11, 10.0.1.10, 10.0.1.1 and our public IP address! On 10.0.1.1 server admin/open directory, the kdc is running but when a local user trys to connect they get a normal authenication dialog instead of the expected kerberos one or an error message if kerberos is set as the only authentication method for afp.

Otherwise everything works fine, remote users get port forwarded to and authenticated by kerberos on 10.0.1.10 our fileserver.

So, does anyone know how to remove the old 10.0.1.11 replica record? and how can I get my 10.0.1.1 replica to talk to the master/kdc using its local port. If I open all the ports on the firewall kerberos starts working again.

[NoSpin]

HI there

Thanks for the tip. Its now connected to a Directory system instead being a replica, I had one of the krb ports turned off on the internal side. Kerberos is going fine now.

But looking at the Config record in WGM – I’ve removed the spurious records of old replicas, but when you look in Server Admin Open Directory replicas the list still shows the old addresses!!!

Any ideas?

[Anonymous]

I’m seeing the same thing here – my replica list shows 1 main and 3 replicas which is correct, but I still show 6 in server admin. I’ve noticed that the old entries are still in the passwordserver records in the config attribute – could that be it?

[NoSpin]

Hi there

I checked my config record, I’ve got no “extra” password server records for the old replicas.

steve

[Author]

Posts