Kerberos Error

open Terminal and issue this command

kinit -V

the -V will put the get Kerberose ticket command in verbose mode, and post the results

Hi

If you run kinit -V and you get this error message:

kinit: Unable to create principal for current user: Configuration file does not specify default realm
kinit: Error getting initial tickets: Operation not permitted

Then there is either no KDC present on the network, or there is a problem with the edu.mit.Kerberos file in /Library/Preferences or a problem creating this file. You can inspect tickets as well as the realm by launching the Kerberos application in /System/Library/CoreServices. Tickets Menu > Get Tickets > Realms. If you can select a Realm or see one there then use an account that is defined in your OD directory node to get a ticket. If you see nothing listed then there is no KDC providing tickets.

Launch Server Admin > AFP > Settings > Access and select Standard or Any Method if it has been set to Kerberos. This will force clients to use PasswordServer rather than looking for service tickets from a KDC that is either not there or not configured correctly.

Just an observation but as an ACTC you should know at least some of this, even if you can’t remember everything, Kerberos is such an important part of OSX Server that it is something worth making a note of. There is at least one question regarding this in the Server Essentials Exam.

Tony

did you try and move the edu.mit.Kerberos file in /Library/Preferences?

so when you issue the kinit command you don't get something like this?

zsh-% kinit -V
Please enter the password for uname@DOMAIN.COM:

you just jump to the error?

try to add uname@DOMAIN.COM to the end of the command.

also try this...
zsh-% ipconfig getpacket en1

en1 being your active ethernet port look for the line

ldap_url (string):

see if you have that and that you have the correct info.

Hi

For your information: My attitude is fine and no I don’t think you are all idiots. I agree no one knows everything and yes you do forget things . . . but if you run the amount of servers that you say you run then you must have some idea of what Kerberos is. You must at least be aware of the edu.mit.Kerberos file as you would be dealing with this every day as users renew their service tickets. It would be as if you forgot how to log on.

When I posted a reply your other post had not displayed so I did not have a chance to read it.

What I have a problem with is when you post a question you either respond in one of two ways:

You already knew the answer but wanted confirmation.

So why post if you already knew? Have the courage of your own training and experience and deal with the issue yourself. Post if you genuinely want help or genuinely don’t know. Don’t demean advice given in good faith or make it seem worthless with an attitude that (to me) seems to say ‘yeah I thought it was that, just checking if you guys knew anyway.’

The other way you respond is to take the opposite stance to what everyone else is advising even when your position is erroneous. When it is pointed out to you that your position is not quite right you rarely have the good grace to give credit to helpful or correct advice.

I do hope you sort out your problem. <edited by host - see [url=http://discussions.apple.com/help.jspa#terms]Terms of Use, section 4.2.2[/url]>
.

Tony

the workstation that is having issues.


Sorry it took me so long in answering.. f'ing meetings.