Newsroom Update

Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Puddletown*Jim
Puddletown*Jim Author
User level: Level 1
0 points

misconfiguration detected in hash 'Kerberos'

I am having difficulty troubleshooting this error. I have attached a section of the /var/log/opendirectoryd.log file while in debug mode. This is a 10.7.3 Open Directory master with no replicas. I put logging into debug mode to try to get to the root of this problem but I am not finding an answer to this issue. I am getting this same error message with multiple users, but they can all log in and function just fine. We are doing Radius auth to OD from our Cisco ASA for VPN connectivity and that works fine as well.


Any help would be greatly appreciated. Thanks!



2012-03-12 11:30:09.119 PDT - Multiple names for non-user record 'wleler' - will be cache miss for others

2012-03-12 11:30:09.119 PDT - Module: SystemCache - Attaching Kerberos id 'wleler@OSXSERVER01.UTIL.PDX.

OFFICE' to record 'wleler'
2012-03-12 11:30:09.119 PDT - Setting item 'wleler' with expiration 406137
2012-03-12 11:30:09.119 PDT - Adding item 'wleler' with expiration 406137
2012-03-12 11:30:09.119 PDT - Module: SystemCache - RBtree add - GlobalGUID - adding entry wleler (0x43E09310) - node 0x45903830
2012-03-12 11:30:09.119 PDT - Module: SystemCache - RBtree add - GlobalUID - adding entry wleler (0x43E09310) - node 0x45903B30
2012-03-12 11:30:09.119 PDT - Module: SystemCache - RBtree add - UserName - adding entry wleler (0x43E09310) - node 0x45903C60
2012-03-12 11:30:09.119 PDT - Module: SystemCache - Misconfiguration detected in hash 'Kerberos':
User 'wleler' (/LDAPv3/127.0.0.1) - ID 1043 - UUID C66E0823-A91D-4C27-9A37-4BA25090F3AC - SID S-1-5-21-2682738804-2853610044-371931698-3086
User 'cvaraghur' (/LDAPv3/127.0.0.1) - ID 1055 - UUID 062DA3EC-8197-460A-94DA-8F94008B4B0F - SID S-1-5-21-2682738804-2853610044-371931698-3110
2012-03-12 11:30:09.119 PDT - Module: SystemCache - RBtree add - GlobalSID - adding entry wleler (0x43E09310) - node 0x45903DE0
2012-03-12 11:30:09.119 PDT - Module: SystemCache - Merged record 'wleler' (0x459033E0) into 0x43E09310 - new authority 'Name'
2012-03-12 11:30:09.120 PDT - Finalizing request 6369 object 0x7fb445d3b860
2012-03-12 11:30:09.120 PDT - Finalizing request 6366 object 0x7fb445902f30
2012-03-12 11:30:09.130 PDT - 1458.6370 - Client: AppleFileServer, UID: 0, EUID: 0, GID: 0, EGID: 0
2012-03-12 11:30:09.130 PDT - 1458.6370 - Adding to global request list - new count 1
2012-03-12 11:30:09.130 PDT - 1458.6370 - ODQueryCreateWithNode request, NodeID: 425F4A0A-25C3-4E46-8A8E-EC4C2DD3465B, RecordType(s): dsRecTypeStandard:AFPUserAliases, Attribute: dsAttrTypeStandard:RecordName, MatchType: EqualTo, Equality: CaseExact, Value(s): wleler, Requested Attributes: dsAttributesAll, Max Results: 1

Mac mini, Mac OS X (10.7.3), Mini server

Posted on Mar 12, 2012 2:32 PM

Reply
10 replies
User profile for user: Brettermeier
Brettermeier
User level: Level 1
25 points

Mar 13, 2012 8:03 AM in response to Puddletown*Jim

Hi,


your log tells me that the users wleler and cvaraghur have the same values in "AltSecurityIdentities" -> something like "kerberos:untitled_1@OSXSERVER01.UTIL.PDX".


Go to: Systemsettings -> User & Groups -> Login options (the little House Symbol).

Then Klick the edit button beside the networkaccount server entry. In the new opened window click the open directory service button. Choose the right tree (Users) - (/LDAPv3/127.0.0.1) and authenticate yourself with the diradmin user. Check every single users entry "AltSecurityIdentities" and change untitled_1 to the users short name.


Example, change: "kerberos:untitled_1@OSXSERVER01.UTIL.PDX". to "kerberos:wleler@OSXSERVER01.UTIL.PDX" for your user wleler and

"kerberos:cvaraghur@OSXSERVER01.UTIL.PDX" for user cvaraghur.


thats it 🙂




Reply
User profile for user: Puddletown*Jim
Puddletown*Jim Author
User level: Level 1
0 points

Mar 14, 2012 1:17 PM in response to Brettermeier

hah. Server.app is failing me with group memberships. The members of groups are not showing up in Server.app and I can't add users to groups with the Server.app. The groups are working fine, and WGM works just fine for managing the groups... but I think I might have a hard time remembering what functionality works (or doesn't work) where. :-/


Other than that, I am very happy with the OS X server. There is just a little 'weirdness' here that makes me a bit uncomfortable.

Reply
User profile for user: osgjl
osgjl
User level: Level 1
0 points

Oct 9, 2012 9:42 PM in response to Brettermeier

Thanks for this tidbit, great stuff. I think the users that had this issue (including me) were the ones created with WGM and not the Server App. They've forever been second class citizens on our OD, as they always have issues trying to use shortnames for access to services.


If it's gonna do a h-a job of creating the users in WGM, I'd rather not be able to do it there at all!

Reply

misconfiguration detected in hash 'Kerberos'

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up