Forum Replies Created

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • March 9, 2009 at 10:58 pm in reply to: Kerberos and Open Directory Setup #375660
    Caislean
    Participant

    It has been a while since I solved this, but if I remember correctly…

    I used sudo to erase /library/preferences/edu.mit.kerberos and to erase all related temporary of /library/preferences/edu.mit.kerberos.*

    The problem for me, which no one ever seemed to mention and I only discovered by chance, is that in /var/db/dslocal/nodes/Default/config/Kerberos there were multiple kerberos plist files. One for for each time the server had had a different IP address or name. For examples: OLDNAME.FORSERVER.COM.plist, ANOTHERNAME.FORSERVER.COM.plist and so. If these exist, you’ll end up with conflicts and you’ll get the “unable to replace config” error among other things.

    What worked for me:

    1.) I move to OpenDirectory to stand alone mode.
    2.) Backed up all files that matched /var/db/dslocal/nodes/Default/config/Kerberos/*.plist
    3.) Deleted all of the files that matched /var/db/dslocal/nodes/Default/config/Kerberos/*.plst
    4.) Restarted the server
    5.) Promoted OD to master, and viola it worked.

    July 15, 2008 at 1:22 am in reply to: Kerberos and Open Directory Setup #373393
    Caislean
    Participant

    DNS is now perfect. No excess messages. No errors….

    Under Open Directory, Kerberos is shown as stopped. DNS is still in perfect working order.

    ====
    kerberosautoconfig -r SERVER.DOMAIN.COM -m server.domain.com results in…
    [code]Unable to replace config /Library/Preferences/edu.mit.Kerberos with temp file /Library/Preferences/edu.mit.Kerberos.B0(bunch of junk here) error 1.[/code]

    ====
    And kdcesetup -f /LDAPv3/127.0.0.1 -w -a diradmin -p (password) SERVER.DOMAIN.COM
    results in…
    [code]
    “Segementation fault”
    [/code]
    ===
    slapconfig -kerberize -f diradmin SERVER.DOMAIN.COM results in…

    [code]
    diradmin’s Password:
    Removed directory at path /var/db/krb5kdc.
    command: /sbin/kerberosautoconfig -r SERVER.DOMAIN.COM -m server.domain.com -u -v 1
    kerberosautoconfig command output:
    Unable to replace config /Library/Preferences/edu.mit.Kerberos with temp file /Library/Preferences/edu.mit.Kerberos.nh6N3w6H3i0yc3bDdN1Rw error 1
    command: /usr/sbin/kdcsetup -f /LDAPv3/127.0.0.1 -w -a diradmin -p **** -v 1 SERVER.DOMAIN.COM
    kdcsetup command output:
    Contacting the Directory Server
    Authenticating to the Directory Server
    Creating Kerberos directory
    Creating KDC Config File
    kdcsetup command failed with status 10
    kdcsetup command failed with exit code 10: stdout=(null), error-message=Contacting the Directory Server
    Authenticating to the Directory Server
    Creating Kerberos directory
    Creating KDC Config File
    [/code]
    After running slapconfig -kerberize, Kerberos is still stopped. Even after a reboot it doesn’t start.

    ====
    “sso_util configure -r SERVER.DOMAIN.COM -a diradmin -p (password) all” results in…

    [code]
    Contacting the directory server
    /Local/Defaul
    /BSD/local
    /LDAPv3/127.0.0.1
    Creating the service list
    Creating the server principals
    kadmin: Cannot contact any KDC for request realm while initializing kadmin interface
    SendInteractiveCommand: failed to get pattern
    [/code]
    ====

    At the moment web services work (wiki & blogs). Though I can create and manage users and groups without any problem at the moment, I obviously can’t use the Directory app for locations and resources.

    July 12, 2008 at 5:03 am in reply to: Kerberos and Open Directory Setup #373366
    Caislean
    Participant

    Using changeip -checkhostname the Primary address is correct, the current hostname is correct, but then it gives me…

    “The DNS hostname is not available, please repair DNS and re-run this tool.”

    I find this odd, because the DNS settings imported correctly, and I double checked to make sure their entries are correct (fqdns, ips, etc…). Also, if the DNS hostname is not available, shouldn’t the host command give me some sort of error? (I can look up the server forwards and backwards without any problem).

    As much as I love Apple, it seems like every third post about their servers has the following solution: format and reinstall once you have a DNS problem.

    I checked the console log. First off, the following line shows an incredible (the line appears every three seconds for 4 hours)…
    [code]: krb5kdc: cannot initialize realm LKDC:all-that-ridiculously-long-jumble-here – see log file for details[/code]

    Second, a long slew of warnings about every file on the webserver.
    [code]: Invalid kMDItemPath for (file name here)[/code]

    Third,
    [code]host ip_address[/code]
    works properly.

    And
    [code]host server_name[/code]
    is returning.
    [code]server_name has address ip_address
    Host server_name not found: 3(NXDOMAIN)
    [/code]

    (sorry for all the edits, but I’m trying to make sure I post all the important information though).
    I removed all zones from the DNS settings except for reverse lookup. DHCP is disabled. I figure the more simple I keep the initial setup, the easier it will be to figure out what the !@#$!@#$ is going on.

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)
Copyright © 2025 AFP548. All Rights Reserved.