[crashdummy]

[QUOTE][u]Quote by: crashdummy[/u][p]
It even shows up in the ODM log as sucessful.
[/p][/QUOTE]

I meant to say it shows up in the ODR log (Kerberos) as successful. i.e., ODR logs that it is” :handling authdata” and successful.

But as soon as the ODM is taken offline , authentication stops working.

[crashdummy]

Have you found an answer yet?
Same problem here. When the ODM goes down, the ODR won’t authenticate users.
Everything looks good in the logs.
I can get a ticket TGT from the ODR if I use the Kerberus app.
I can bind to the ODR (Only) and it will authenticate users as long as the ODM is running.
It even shows up in the ODM log as sucessful.
I’ve been searching through the LDAP to see if something is missing.

[crashdummy]

Glad to help 😀

[crashdummy]

I disabled the local KDC as per Bombich see

http://forums.bombich.com/viewtopic.php?t=11834&highlight=kerberos

I used the sso_util to remove it.

[crashdummy]

Well, If your still around, did you resolve this?

I’m having the same problem since applying the security patch
security Update 2008-002 v1.1 Server (leopard)

It bumped existing computers off OD, and when they rejoin, 2 new entries show up in computer accounts, one is the FQDN,( e.g., labtable6.physicslabs.uri.edu), the other is a Realm name (e.g. LKDC:SHA1.03344892C418CB16C250B59EAA7F93FEF79EF257.

Not only that, but in the list of principles in the Kerberos database, 2 entries for each machine are added to each service (e.g.,
afpserver/[email protected]
and
afpserver/LKDC:SHA1.03344892C418CB16C250B59EAA7F93FEF79EF257@CRASHDUMMY.PHYSICSLABS.URI.EDU.

The DNS is OK, I’m not sure what happened.

[Author]

Posts