4 Replies Latest reply: Nov 15, 2012 4:57 AM by John Lockwood
wjr02149 Level 1 Level 1 (0 points)

We have been experiencing login issues with one of our servers saying an error has occured during login.  I have read several different things on this, ranging from permissions to DNS but still no fix.  I have attached part of the log which essentially repeats itself:

 

S-1-5-21-2964739600-3033861355-3375766667-3244

                User 'maps' (/LDAPv3/127.0.0.1) - ID 1130 - UUID

1AD1B880-F3BC-4466-A842-448236155767 - SID

S-1-5-21-2964739600-3033861355-3375766667-3260

2012-11-13 18:53:33.184 EST - Module: SystemCache - Misconfiguration detected in hash 'Kerberos':

                User 'jgiordano' (/LDAPv3/127.0.0.1) - ID 1123 - UUID 09F5FCDC-0DE8-4C7E-8C5F-E5C6377E165E - SID

S-1-5-21-2964739600-3033861355-3375766667-3246

                User 'maps' (/LDAPv3/127.0.0.1) - ID 1130 - UUID

1AD1B880-F3BC-4466-A842-448236155767 - SID

S-1-5-21-2964739600-3033861355-3375766667-3260

2012-11-13 18:53:33.187 EST - Module: SystemCache - Misconfiguration detected in hash 'Kerberos':

                User 'jgiordano' (/LDAPv3/127.0.0.1) - ID 1123 - UUID 09F5FCDC-0DE8-4C7E-8C5F-E5C6377E165E - SID

S-1-5-21-2964739600-3033861355-3375766667-3246

                User 'maps' (/LDAPv3/127.0.0.1) - ID 1130 - UUID

1AD1B880-F3BC-4466-A842-448236155767 - SID

S-1-5-21-2964739600-3033861355-3375766667-3260

2012-11-13 18:53:34.441 EST - Module: SystemCache - Misconfiguration detected in hash 'Kerberos':

                User 'kparker' (/LDAPv3/127.0.0.1) - ID 1092 - UUID

E5E1EA17-0BD8-4356-A3B3-0C98C04B0E37 - SID

S-1-5-21-2964739600-3033861355-3375766667-3184

                User 'maps' (/LDAPv3/127.0.0.1) - ID 1130 - UUID

1AD1B880-F3BC-4466-A842-448236155767 - SID

S-1-5-21-2964739600-3033861355-3375766667-3260

2012-11-13 18:53:34.444 EST - Module: SystemCache - Misconfiguration detected in hash 'Kerberos':

                User 'kparker' (/LDAPv3/127.0.0.1) - ID 1092 - UUID

E5E1EA17-0BD8-4356-A3B3-0C98C04B0E37 - SID

S-1-5-21-2964739600-3033861355-3375766667-3184

                User 'maps' (/LDAPv3/127.0.0.1) - ID 1130 - UUID

1AD1B880-F3BC-4466-A842-448236155767 - SID

 

Any help would be appreciated


Mac Pro, OS X Server, Lion
  • 1. Re: Misconfiguration detected in Kerberos, already checked DNS
    wjr02149 Level 1 Level 1 (0 points)

    The above message btw was taken from the system log.  I also just got done looking into the "AltSecurityIdentities" which sadly did not solve my problem. 

  • 2. Re: Misconfiguration detected in Kerberos, already checked DNS
    John Lockwood Level 5 Level 5 (5,370 points)

    I know you say you have checked the DNS but that is where most errors occurs. Have you run the sudo changeip -checkhostname command on this server? You say 'one of our servers' so to confirm do the other servers work fine handling the same user accounts? (Even if for different services.)

     

    What sort of login are you referring to? A network user login and therefore also their accessing their network home diretory (which means a file server login as well), or just a file server login, or something else?

     

    You would not normally have user accounts logging in directly on the server as local users.

     

    Is this the Open Directory Master server or a connected server or an Open Directory Replica server?

  • 3. Re: Misconfiguration detected in Kerberos, already checked DNS
    wjr02149 Level 1 Level 1 (0 points)

    Yes I did check and the names match.  This is the only server used at this located, they log into it and have their home directories stored on it.  It is the open directory master.

  • 4. Re: Misconfiguration detected in Kerberos, already checked DNS
    John Lockwood Level 5 Level 5 (5,370 points)

    A possibility is to have the DNS correct (as it appears), and the server itself will be using 127.0.0.1 to resolve entries that is using itself. However clients obviously will not use 127.0.0.1 as the DNS server and normally find the DNS server by information provided by your DHCP server.

     

    So if the DHCP server is advertising the wrong DNS server for example it is advertising your Internet provider's DNS server then the clients will not be able to resolve things properly. If on a client you open Network in System Preferences it should show what the DHCP server has provided and this should be the IP address of your own server.

     

    Other than that it maybe a corruption of Open Directory. This means either reverting back to a version when it worked, or exporting all the user accounts (except diradmin), destroying Open Directory, building a new empty Open Directory and importing the user accounts.