[robinson]

I used Lingon http://sourceforge.net/projects/lingon/files/ for create the plist file. I cannot give you any advice because I don’t know much more about this by myself. Sorry.

[robinson]

In my case I did it with 2 files. First I have /etc/fetchmailrc with[code]poll mail.yourprovider.com proto pop3
user [email protected] password secret sslproto ” is user here[/code]
and then the /Library/LaunchDaemons/info.fetchmail.launchd.plist with [code]info.fetchmail.launchd.plist
sh-3.2# vim info.fetchmail.launchd.plist

Disabled

Label
info.fetchmail.launchd
ProgramArguments

fetchmail
-f
/etc/fetchmailrc
-d
300

RunAtLoad
UserName
admin
[/code]

It’s important that the UserName (in my case “admin”) is the owner of /etc/fetchmailrc

[robinson]

After a few tests I know something more. I tried with a Leopard client and get a Kerberos ticket.
Then I installed a fresh Tiger 10.4.3 (had no time to update to 10.4.11, hope doesn’t matter) to a new disk: no Kerberos ticket.
Is it a generally problem with this combination – Tiger client, Leopard server?

[robinson]

[QUOTE][u]Quote by: robinson[/u][p]From time to time ServerAdmin crashs when I quit it. Doesn’t matter if I disconnect first or not. It’s not a big problem but disturbs me.
Another issue is that I want to save the password into my keychain it asks for my password everytime I connect to the server.[/p][/QUOTE]

I think I got it now. If I wait a little bit longer after disconnect, I can quit the application flawlessly.

[robinson]

[QUOTE][u]Quote by: luke[/u][p]Need more information…

I’ll assume you mean the users in your OpenDirectory and not local users. Did anything else disappear from OD like groups, mounts, computers, MCX settings, or just users?

Are the home directories of all those users still there?[/p][/QUOTE]

Yes, I mean users, groups computers and so on in the OD. But at the time everything seems ok. After my last modification I did with WGM it keeps the information. Hope this will stay like this. I think it had problems to write to the LDAP and after the crash it returned to the older [saved] version of the DB.

Thanks for any other advice to prevent other damage.

Now I found another wired situation:

This is a part from the ApplePasswordServer.Server.log

Jan 17 2008 10:54:26 AUTH2: {0x478dce906b8b45670000000200000002, diradmin} DHX authentication succeeded.
Jan 17 2008 10:54:26 KERBEROS-LOGIN-CHECK: user {0x478dce906b8b45670000000200000002, diradmin} is in good standing.
Jan 17 2008 10:54:26 KERBEROS-LOGIN-CHECK: user {0x478dce906b8b45670000000200000002, diradmin} authentication succeeded.
Jan 17 2008 10:54:39 AUTH2: {0x478dce906b8b45670000000200000002, diradmin} DHX authentication succeeded.
Jan 17 2008 10:54:40 KERBEROS-LOGIN-CHECK: user {0x478dce906b8b45670000000200000002, diradmin} is in good standing.
Jan 17 2008 10:54:40 KERBEROS-LOGIN-CHECK: user {0x478dce906b8b45670000000200000002, diradmin} authentication succeeded.
Jan 17 2008 10:54:52 AUTH2: {0x478dce906b8b45670000000200000002, diradmin} DHX authentication succeeded.
Jan 17 2008 10:54:52 KERBEROS-LOGIN-CHECK: user {0x478dce906b8b45670000000200000002, diradmin} is in good standing.
Jan 17 2008 10:54:52 KERBEROS-LOGIN-CHECK: user {0x478dce906b8b45670000000200000002, diradmin} authentication succeeded.
Jan 17 2008 10:55:36 AUTH2: {0x478dce906b8b45670000000200000002, diradmin} DIGEST-MD5 authentication succeeded.
Jan 17 2008 10:55:36 AUTH2: {0x478dce906b8b45670000000200000002, diradmin} DIGEST-MD5 authentication succeeded.
Jan 17 2008 10:55:38 AUTH2: {0x478dce906b8b45670000000200000002, diradmin} DIGEST-MD5 authentication succeeded.
Jan 17 2008 10:55:41 AUTH2: {0x478dce906b8b45670000000200000002, diradmin} DHX authentication succeeded.
Jan 17 2008 10:55:41 KERBEROS-LOGIN-CHECK: user {0x478dce906b8b45670000000200000002, diradmin} is in good standing.
Jan 17 2008 10:55:41 KERBEROS-LOGIN-CHECK: user {0x478dce906b8b45670000000200000002, diradmin} authentication succeeded.
Jan 17 2008 10:55:43 GETDISABLEDUSERS
Jan 17 2008 10:55:43 GETDISABLEDUSERS
Jan 17 2008 10:55:58 AUTH2: {0x478dce906b8b45670000000200000002, diradmin} DHX authentication succeeded.
Jan 17 2008 10:55:58 KERBEROS-LOGIN-CHECK: user {0x478dce906b8b45670000000200000002, diradmin} is in good standing.
Jan 17 2008 10:55:58 KERBEROS-LOGIN-CHECK: user {0x478dce906b8b45670000000200000002, diradmin} authentication succeeded.

But I cannot authenticate as diradmin in WGM. May I correct this by CLI?

And this I saw in the system.log

GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Generic error (see e-text))

[robinson]

[QUOTE][u]Quote by: flowctrl[/u][p]…
I noticed this today though:
[code]
# sudo sso_util info -g
Default Realm Name: MYHOST.MYREALM.CA

# sudo sso_util info -r /LDAPv3/127.0.0.1/
The Local realm name is:(null)
[/code]

From the sso_util man page, it looks like the ‘configure’ command may be what I need, but I want to be careful not to over-write all of the existing credentials in the KDC. What would be the best way to get the Kerberos Realm into the directory?

When new clients join the directory, they do get the correct REALM, and the services are auto-configured for them, so there is a directory entry for the client configuration data, but apparently Open Directory doesn’t know it’s realm, or am I misunderstanding this “Local realm” thing?

Thanks!

[/p][/QUOTE]

I have exactly the same situation. But when I make a ldapsearch, I get an error:

[code]sh-3.2# ldapsearch “(objectclass=*)”
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No credentials cache found)
sh-3.2#
[/code]

How to correct this?

[robinson]

[QUOTE][u]Quote by: MacTroll[/u][p]First, ensure that you’re getting a ticket.

klist or the Kerberos.app will show you this.[/p][/QUOTE]

Now I see. I thought if a user logs in he gets a kerberos ticket, isn’t it? Then how to ensure that my users get their tickets on log in?

Now I checked slapconfig.log and found

2007-12-07 01:04:15 +0100 – sso_util command output:
Contacting the directory server
Creating the service list
Creating the service principals
WARNING: no policy specified for cifs/[email protected]; defaulting to no policy
WARNING: no policy specified for ldap/[email protected]; defaulting to no policy
WARNING: no policy specified for xgrid/[email protected]; defaulting to no policy
WARNING: no policy specified for vpn/[email protected]; defaulting to no policy
WARNING: no policy specified for ipp/[email protected]; defaulting to no policy
WARNING: no policy specified for xmpp/[email protected]; defaulting to no policy
WARNING: no policy specified for XMPP/[email protected]; defaulting to no policy
WARNING: no policy specified for host/[email protected]; defaulting to no policy
WARNING: no policy specified for smtp/[email protected]; defaulting to no policy
WARNING: no policy specified for nfs/[email protected]; defaulting to no policy
WARNING: no policy specified for http/[email protected]; defaulting to no policy
WARNING: no policy specified for HTTP/[email protected]; defaulting to no policy
WARNING: no policy specified for pop/[email protected]; defaulting to no policy
WARNING: no policy specified for imap/[email protected]; defaulting to no policy
WARNING: no policy specified for ftp/[email protected]; defaulting to no policy
WARNING: no policy specified for afpserver/[email protected]; defaulting to no policy
Creating the keytab file
Configuring services
WriteSetupFile: setup file path = /temp.X5rV/setup

2007-12-07 01:04:15 +0100 – command: /sbin/kerberosautoconfig -f /LDAPv3/127.0.0.1 -u -v 1
2007-12-07 01:04:15 +0100 – command: /usr/sbin/mkpassdb -kerberize
2007-12-07 01:04:15 +0100 – mkpassdb command output:
WARNING: no policy specified for [email protected]; defaulting to no policy
WARNING: no policy specified for [email protected]; defaulting to no policy
WARNING: no policy specified for [email protected]; defaulting to no policy
add_principal: Principal or policy already exists while creating “[email protected]”.
WARNING: no policy specified for [email protected]; defaulting to no policy
WARNING: no policy specified for [email protected]; defaulting to no policy
add_principal: Principal or policy already exists while creating “[email protected]”.
WARNING: no policy specified for [email protected]; defaulting to no policy
add_principal: Principal or policy already exists while creating “[email protected]”.
WARNING: no policy specified for [email protected]; defaulting to no policy
add_principal: Principal or policy already exists while creating “[email protected]”.
WARNING: no policy specified for [email protected]; defaulting to no policy
add_principal: Principal or policy already exists while creating “[email protected]”.

How to correct this?

[robinson]

[QUOTE][u]Quote by: MacTroll[/u][p]ldapmodify then

😀 [/p][/QUOTE]

Yes of course. But I’m to stupid to understand the man pages. That’s why I’m looking for some advice here. 😉

[robinson]

[QUOTE][u]Quote by: MacTroll[/u][p]ldapmodify

Or use the GUI from http://www.j2anywhere.com, AddressbookXLDAP.[/p][/QUOTE]

Yes, I know that tool, but I’d like to do it with a script from FileMaker. That’s why I’m looking for a solution with cli.

[Author]

Posts