|
Replies
:
6
-
Pages
:
1
-
Last Post
:
Mar 29, 2008 5:00 PM
by: carburo
|
|
|
Posts:
9
Registered:
Mar 31, 2006
|
|
|
|
Kerberos not working
Posted:
Feb 22, 2008 9:39 AM
|
|
|
When I set up Mac OSX 10.5 server on our G5 tower, open directory and kerberos did some strange things. I checked the Kerberos Administration Log the other day and every 3-5 seconds there is a new entry saying:
Feb 22 10:33:06 server.domain_name.com kadmind 19636 (Error): No such file or directory while initializing. Aborting.
The number in the square brackets is constantly increasing so it doesn't seem to be a referenceable error number.
Despite these constant errors, the overview tab on the OpenDirectory service in Server Admin tells me Kerberos is running.
In order to keep things working for my users I had to abandon LDAP and set up all the users as local.
I also just went back and looked at the config log and it says that when I did my setup, it said:
kdcsetup failed with status 11
Any thoughts or suggestions?
G5 Tower
Mac OS X (10.5.2)
Server Edition
|
|
Posts:
4,307
From:
UK
Registered:
Oct 31, 2005
|
|
|
|
Re: Kerberos not working
Posted:
Feb 22, 2008 3:20 PM
in response to: chlang
|
|
|
Hi
There is usually a reference that says something like 'the dictionary can't be found continuing without one'. This does not necessarily mean anything is wrong as the LDAP server can use more than the one.
Did you abandon LDAP and move to local because Kerberos is running or for another reason? As for the other reference without any more details its going to be difficult to help you.
open directory and kerberos did some strange things
Generally 'strange things' happen if internal DNS services are not configured correctly or are based around .local or a domain name with a strange combination of letters and numbers. Although not a definitive test issuing changeip on the server via the command line usually gives an indication to where a problem may lie that may be affecting LDAP services.
sudo changeip -checkhostname
Hope this helps, Tony
|
|
Posts:
9
Registered:
Mar 31, 2006
|
|
|
|
Re: Kerberos not working
Posted:
Mar 4, 2008 7:49 AM
in response to: Antonio Rocco
|
|
|
This is what I get when I rune the sudo changeip command you mentioned
Primary address = 192.168.0.100
Current HostName = server.ecomarkenv.com
The DNS hostname is not available, please repair DNS and re-run this tool.
How do I repair the DNS? It's not the most helpful of error messages.
The strange things that I was referring to was just the fact that LDAP and Kerberos were not working properly because kerberos keeps trying to restart every 5 seconds or so. I saw no mention of a "dictionary can't be found" line in the logs. I abandonned LDAP because the users couldn't login because kerberos was not running despite reporting that it was. Again see the restarting every 5 seconds thing.
G5 Tower
Server Edition
|
|
Posts:
149
From:
Estonia
Registered:
Dec 28, 2007
|
|
|
|
Re: Kerberos not working
Posted:
Mar 4, 2008 8:01 AM
in response to: chlang
|
|
|
You need to setup the zone for your subnet on ther DNS server you are using currently. It needs to cover the 192.168.0.x network you are currently using. Just make sure you don't name the DNS zone anything that ends with .local. No company.local or other similar names. .private could be a good choice I guess.
XServe
Mac OS X (10.4.11)
|
|
Posts:
4,307
From:
UK
Registered:
Oct 31, 2005
|
|
|
|
Re: Kerberos not working
Posted:
Mar 4, 2008 8:02 AM
in response to: chlang
|
|
|
Hi
So what is stopping you from running the changeip repair utility? Clearly something is wrong with your DNS somewhere hence the problems you keep seeing with Kerberos and LDAP services. There are plenty of posts in this forum regarding this. The utility itself tells you how to use it, failing that man changeip.
Tony
|
|
Posts:
11
From:
Italy
Registered:
Dec 22, 2007
|
|
|
|
Re: Kerberos not working
Posted:
Mar 29, 2008 4:01 PM
in response to: chlang
|
|
|
I have the same strange behaviour
the command 'sudo changeip -checkhostname' reply to me:
--
Primary address = 213.xxx.xxx.xxx
Current HostName = server.xxxxxxx.com
The DNS hostname is not available, please repair DNS and re-run this tool.
--
the DNS is set for every single out address like 213.... attached to an A address, every address reply to the external querys
I don't have set DNS for local lan, this is only a gateway and firewall server I don't need services for internal network, if excluding afp
Question: must be set anyway the DNS for this machine on the LAN with .private?
the 'hostname' command reply to me 'server.local' like is set in Sharing Prefs, isn't correct?
thanks
Some G4, Some 68040, Some Intel
Mac OS X (10.4.11)
|
|
Posts:
11
From:
Italy
Registered:
Dec 22, 2007
|
|
|
|
Re: Kerberos not working
Posted:
Mar 29, 2008 5:00 PM
in response to: carburo
|
|
|
Ok, solved, I haven't set the DNS address of the server in the DNS field of Network Configuration
Now fly up and work as a big beast!
Some G4, Some 68040, Some Intel
Mac OS X (10.5.2)
|
|
|
