Problems loading Kerberos

b4tn

b4tn

Registered
We may be setting up an OSX Server at work so I have brought a machine home to test and learn on. I have OSX Server 10.4 installed on the server. I have a few PC's and one Power book and I am trying to get the active directory working. I have been trying to get Kerberos working for a couple days with no luck and need some ideas. I have enabled the DNS server, the servers DNS is its own IP address, I was successful with lookups and reverse lookups. As far as I can tell DNS is working perfect. Yet in the terminal the hostname is not the qualified DNS name. Also the kerborize button has disappeared from the active directory settings panel. What am I missing?
 
So you'll be using the Kerberos provided from Microsoft's Active Directory and you want to join the Apple to it? Or are you trying to host an Open Directory domain and it appears the KDC isn't starting?

I'm happy to help, once I know which one it is your doing! :)

Michael
 
I am trying to set the OSX server as the open directory master. Once kerberos is started I will work on having both windows and OSX clients joining.

After setting it to master, setting the diradmin password, the qualified domain auto fills in and is correct based on the DNS server settings.

Once i save changes kerberos is stopped and the kerborize button is gone. I tried DNS lookup and reverse lookup and it all resolves as it should.

In network prefs I set the DNS to the servers IP and rebooted and still no kerberos. Funny thing is that in the terminal I type host name it is shoes computernam.realm but not the qualified DNS.

I have followed all the steps in the documentation as well as the troubleshooting steps. I am at a loss.

Thanks for the help
 
Just an update. I trashed a bunch of preferences and that seemed to fix the DNS issue. Terminal is now showing the fully qualified domain name after typing hostname, the kerborize button is back, and nslookups still work. But Kerberos is still stopped. When I click it it asks for a admin account. I have tried both the diradmin and my local admin account but the box just comes back with blank fields and kerberos is still stopped. Isnt this supposed to be easy lol
 
Yech. The Join Kerberos button shouldn't A. Come back or B. be visible on an OD Master that's not connected to a third party DS in the background.

Check the slapconfig and kdc logs on in Server Admin.

Also, you'll want to manually set the hostname of the server:

sudo scutil --set HostName host.domain.com

This way you'll have a consistent read across configuration files. And you did check to be sure it can resolve itself in both the forward and reverse DNS zones, correct?

Michael
 
Go3iverson said:
Yech. The Join Kerberos button shouldn't A. Come back or B. be visible on an OD Master that's not connected to a third party DS in the background.

Check the slapconfig and kdc logs on in Server Admin.

Also, you'll want to manually set the hostname of the server:

sudo scutil --set HostName host.domain.com

This way you'll have a consistent read across configuration files. And you did check to be sure it can resolve itself in both the forward and reverse DNS zones, correct?

Michael
Click to expand...

Thanks, setting the hostname manually seemed to do the trick!
 
You must log in or register to reply here.
Back
Top