Newsroom Update

Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: wjr02149
wjr02149 Author
User level: Level 1
4 points

Misconfiguration detected in Kerberos, already checked DNS

We have been experiencing login issues with one of our servers saying an error has occured during login. I have read several different things on this, ranging from permissions to DNS but still no fix. I have attached part of the log which essentially repeats itself:


S-1-5-21-2964739600-3033861355-3375766667-3244

User 'maps' (/LDAPv3/127.0.0.1) - ID 1130 - UUID

1AD1B880-F3BC-4466-A842-448236155767 - SID

S-1-5-21-2964739600-3033861355-3375766667-3260

2012-11-13 18:53:33.184 EST - Module: SystemCache - Misconfiguration detected in hash 'Kerberos':

User 'jgiordano' (/LDAPv3/127.0.0.1) - ID 1123 - UUID 09F5FCDC-0DE8-4C7E-8C5F-E5C6377E165E - SID

S-1-5-21-2964739600-3033861355-3375766667-3246

User 'maps' (/LDAPv3/127.0.0.1) - ID 1130 - UUID

1AD1B880-F3BC-4466-A842-448236155767 - SID

S-1-5-21-2964739600-3033861355-3375766667-3260

2012-11-13 18:53:33.187 EST - Module: SystemCache - Misconfiguration detected in hash 'Kerberos':

User 'jgiordano' (/LDAPv3/127.0.0.1) - ID 1123 - UUID 09F5FCDC-0DE8-4C7E-8C5F-E5C6377E165E - SID

S-1-5-21-2964739600-3033861355-3375766667-3246

User 'maps' (/LDAPv3/127.0.0.1) - ID 1130 - UUID

1AD1B880-F3BC-4466-A842-448236155767 - SID

S-1-5-21-2964739600-3033861355-3375766667-3260

2012-11-13 18:53:34.441 EST - Module: SystemCache - Misconfiguration detected in hash 'Kerberos':

User 'kparker' (/LDAPv3/127.0.0.1) - ID 1092 - UUID

E5E1EA17-0BD8-4356-A3B3-0C98C04B0E37 - SID

S-1-5-21-2964739600-3033861355-3375766667-3184

User 'maps' (/LDAPv3/127.0.0.1) - ID 1130 - UUID

1AD1B880-F3BC-4466-A842-448236155767 - SID

S-1-5-21-2964739600-3033861355-3375766667-3260

2012-11-13 18:53:34.444 EST - Module: SystemCache - Misconfiguration detected in hash 'Kerberos':

User 'kparker' (/LDAPv3/127.0.0.1) - ID 1092 - UUID

E5E1EA17-0BD8-4356-A3B3-0C98C04B0E37 - SID

S-1-5-21-2964739600-3033861355-3375766667-3184

User 'maps' (/LDAPv3/127.0.0.1) - ID 1130 - UUID

1AD1B880-F3BC-4466-A842-448236155767 - SID


Any help would be appreciated

Mac Pro, OS X Server, Lion

Posted on Nov 13, 2012 4:41 PM

Reply
4 replies
User profile for user: John Lockwood
John Lockwood
User level: Level 6
13,685 points

Nov 14, 2012 1:41 AM in response to wjr02149

I know you say you have checked the DNS but that is where most errors occurs. Have you run the sudo changeip -checkhostname command on this server? You say 'one of our servers' so to confirm do the other servers work fine handling the same user accounts? (Even if for different services.)


What sort of login are you referring to? A network user login and therefore also their accessing their network home diretory (which means a file server login as well), or just a file server login, or something else?


You would not normally have user accounts logging in directly on the server as local users.


Is this the Open Directory Master server or a connected server or an Open Directory Replica server?

Reply
User profile for user: John Lockwood
John Lockwood
User level: Level 6
13,685 points

Nov 15, 2012 4:57 AM in response to wjr02149

A possibility is to have the DNS correct (as it appears), and the server itself will be using 127.0.0.1 to resolve entries that is using itself. However clients obviously will not use 127.0.0.1 as the DNS server and normally find the DNS server by information provided by your DHCP server.


So if the DHCP server is advertising the wrong DNS server for example it is advertising your Internet provider's DNS server then the clients will not be able to resolve things properly. If on a client you open Network in System Preferences it should show what the DHCP server has provided and this should be the IP address of your own server.


Other than that it maybe a corruption of Open Directory. This means either reverting back to a version when it worked, or exporting all the user accounts (except diradmin), destroying Open Directory, building a new empty Open Directory and importing the user accounts.

Reply

Misconfiguration detected in Kerberos, already checked DNS

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up