We have an open directory master 10.0.1.9 and a couple of replica servers 10.0.1.10 and 10.0.1.1. The address of one of the replicas has changed from 10.0.1.11 to 10.0.1.1 and is our new firewall.
On the master 10.0.1.9 in server admin/open directory the list of replicas shows 10.0.1.11, 10.0.1.10, 10.0.1.1 and our public IP address! On 10.0.1.1 server admin/open directory, the kdc is running but when a local user trys to connect they get a normal authenication dialog instead of the expected kerberos one or an error message if kerberos is set as the only authentication method for afp.
Otherwise everything works fine, remote users get port forwarded to and authenticated by kerberos on 10.0.1.10 our fileserver.
So, does anyone know how to remove the old 10.0.1.11 replica record? and how can I get my 10.0.1.1 replica to talk to the master/kdc using its local port. If I open all the ports on the firewall kerberos starts working again.