Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >
Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >
Looks like no one’s replied in a while. To start the conversation again, simply
ask a new question.
Help! How to change Kerberos Realm and short name?
I've moved my server from one subnet to another. Changed the hostname but now the short name doesn't match and the Kerberos realm is the same as the short name. This is causing connection and user account issues. Server is set up as Open Directory Master.
Short of reinstalling the server and doing a complete re-setup, is there an easier and quicker way to change these settings?
You can try changeip, man changeip for usage. If the server is an OD Master and its old FQDN was server.olddomain.com with an IP address of 172.16.16.254 and you have changed it to server.newdomain.com with the same IP address then an example of the command would be:
You'll be prompted for the system admin password first followed by the directory admin password.
Changing the subnet should not make a difference. If you change the hostname that will. Presumably you did this in the DNS Service? Prior to issuing the command issue:
sudo changeip -chechostname
If it tells you you need to run the repair utility then run the previous command. However the LDAP database may still retain information based on the old hostname. So try running the command more than once followed by a restart. If problems persist you may need to demote, sort out the DNS Service properly and re-promote. Export Users and and Groups (passwords not retained) as well as archiving the LDAP database (password retained) if you are forced down this route. Restoring an archived LDAP Database may still present problems as it may still retain information based on the old hostname.
The DNS Service and the Server's fully qualified domain name (FQDN) form the basis of the Kerberos Realm and LDAP Search Base which is the foundation of Open Directory. If something changes from one incarnation to another then problems may still persist that ultimately only a clean install will fix.
You can try changeip, man changeip for usage. If the server is an OD Master and its old FQDN was server.olddomain.com with an IP address of 172.16.16.254 and you have changed it to server.newdomain.com with the same IP address then an example of the command would be:
You'll be prompted for the system admin password first followed by the directory admin password.
Changing the subnet should not make a difference. If you change the hostname that will. Presumably you did this in the DNS Service? Prior to issuing the command issue:
sudo changeip -chechostname
If it tells you you need to run the repair utility then run the previous command. However the LDAP database may still retain information based on the old hostname. So try running the command more than once followed by a restart. If problems persist you may need to demote, sort out the DNS Service properly and re-promote. Export Users and and Groups (passwords not retained) as well as archiving the LDAP database (password retained) if you are forced down this route. Restoring an archived LDAP Database may still present problems as it may still retain information based on the old hostname.
The DNS Service and the Server's fully qualified domain name (FQDN) form the basis of the Kerberos Realm and LDAP Search Base which is the foundation of Open Directory. If something changes from one incarnation to another then problems may still persist that ultimately only a clean install will fix.
Server is running as standalone Open Directory Master. DNS service is running elsewhere on the network. When moving the server, I contacted our networking dept. to update the DNS with the new hostname. I changed to the new hostname where required and able to make the change in all of my running services (AFP, Firewall, iCal, Mail, Open Directory, SMB, Web. Once the server was installed at the new location, I checked to make sure it was fully qualified (forward and reverse). Everything checked out even though I was unable to change the short name or the Kerberos Realm in Open Directory.
Since then, I've done the checkhostname which verified that the names did not match so I ran changeip. Then did the checkhostname which verified that the two names did match afterwards. Restarted the server but neither the Kerberos Realm nor shortname changed. Ran both again and restarted with same results.
From your answer, it now sounds as if my next step is to export the users and groups, then redo the OD setup or do a clean install. In this case, I'm thinking I may have to do the clean install since it'll end up being about the same amount of work to reset all of the accounts and permissions and there won't be any lingering gremlins.
