SpaceBass

Q: Migrated OD master, now kerberos not working

I recently migrated my OD master to a new box.

The old server was 10.9x the new one is a brand new mini running 10.11.5 (latest).

 

I made an archive of the OD master and shut the old machine down.

I set up the new machine, gave it the same hostname, but different IP.

I enabled Open Directory and restored from the archive. Worked fine.

 

All my users and groups are present and I can su - to different users. Even my linux boxes doing LDAP auth against that machine work.

 

However kerberos doesn't work at all. On the OD master, I can do 'kinit diradmin' and it works. I cannot kinit for any other user. It says:

kinit: krb5_get_init_creds: unable to reach any KDC in realm VAIL.NSNET.US, tried 2 KDCs

 

I tried manually changing the password of a user, in the server app, thinking that might create a new kerberos record. No dice.

 

/etc/kdr5.keytab is empty, for what it's worth...not sure if that's expected or not.

 

Any tips on troubleshooting?

Posted on Jun 12, 2016 10:55 AM

Close

Q: Migrated OD master, now kerberos not working

  • All replies
  • Helpful answers