Q: Migrated OD master, now kerberos not working
I recently migrated my OD master to a new box.
The old server was 10.9x the new one is a brand new mini running 10.11.5 (latest).
I made an archive of the OD master and shut the old machine down.
I set up the new machine, gave it the same hostname, but different IP.
I enabled Open Directory and restored from the archive. Worked fine.
All my users and groups are present and I can su - to different users. Even my linux boxes doing LDAP auth against that machine work.
However kerberos doesn't work at all. On the OD master, I can do 'kinit diradmin' and it works. I cannot kinit for any other user. It says:
kinit: krb5_get_init_creds: unable to reach any KDC in realm VAIL.NSNET.US, tried 2 KDCs
I tried manually changing the password of a user, in the server app, thinking that might create a new kerberos record. No dice.
/etc/kdr5.keytab is empty, for what it's worth...not sure if that's expected or not.
Any tips on troubleshooting?
Posted on Jun 12, 2016 10:55 AM