Kerberos Issue - Client cannot Login to Yosemite Server
Hi all,
I've successfully moved across from a Snow Leopard Server to Yosemite Server the manual way. I've managed to get all the users, email etc across. I had a few issues with SMB but I've not got them sorted. The only issue I have left is some of the users cannot login on a client machine (both running either Snow Leopard or Yosemite). The errors in console just mention about "com.apple.launchd.peruser. (com.apple.Kerberos.renew.plist) Exited with exit code: 1" and then stops the user logging in. I can connect to mail services, their AFP home directory and everything else fine. Console also shows that it mounts the home directory fine (I can also see this on the server where it list a connection from the client under the user's name.
Things I've tried:
- Checked hostname - All good with "success"
- Backed up and destroyed the LDAP server and then restored from backup
- Created a new user (not one that was pulled across from SLS) which also shows the same behaviour.
- Removing any old kerberos files on the client's and user's home directory.
- Checked the kerberos information for the User in Directory Utility. They all point to the correct server address.
On a Mavericks Client I get a slightly different error.
NetAuthSysAgent: NAHSelectionAcquireCredential The operation couldn’t be completed. (com.apple.NetworkAuthenticationHelper error -1765328228 - acquire_kerberos failed user@10.2.10: -1765328228 - unable to reach any KDC in realm 10.2.10, tried 0 KDCs)
This is strange that it tries the server IP address (which is actually 10.10.2.10). However I can't find anywhere that is mentions about 10.2.10 on the server config.
Any help would be great as I've been running the old SLS just to authenticate logins and then mount the home folder on the new server.
I used workgroup manager to export the users and didn't export Open Directory from SLS to Yosemite.
Thanks!