« Happy Pi Day! | Home | The Task Analysis Revisited »

March 17, 2008

Kerberos Issues with Open Directory 10.5? Here is a Sure-Fire Fix

I thought I would post this, as we had a similar situation within our class with this issue. At times, when you try to start Kerberos in Mac OS X 10.5 Server, the domain gives you trouble. The first thing you should do is check the host name with changeip, and determine the issue with your DNS. Then, you can fix your Kerberos issues with the following steps as found here on Apple's documents page:

1. Fix Your DNS: This is necessary, otherwise steps below will not work.

2. Fix your /etc/hosts file: Best done in Terminal. Run sudo bash and authenticate to get to root, and then run vi /etc/hosts. Once in there, add your server's IP Address and fully qualified domain name, like this: 10.1.0.1 mainserver.pretendco.com

3. Set your Host Name: This can be done as root with the following command: scutil --set HostName mainserver.pretendco.com. Replace the Mainserver entry with your own domain name in this step, and all subsequent steps you see.

4. Initialize Kerberos: This requires three steps (and being logged in as root):
slapconfig -kerberize diradmin MAINSERVER.PRETENDCO.COM (diradmin would be the directory admin login name)
sso_util configure -r MAINSERVER.PRETENDCO.COM -f /LDAPv3/127.0.0.1 -a diradmin -p diradmin_password -v 1 all (replace diradmin and diradmin_password with your directory admin and password)
sso_util configure -r MAINSERVER.PRETENDCO.COM -f /LDAPv3/127.0.0.1 -a diradmin -p diradmin_password -v 1 ldap

Once you finish these steps, reboot the machine, and check your Server Admin utility. You should see that you have all your services running on your Open Directory Master.

Even with this trouble, Kerberos seems really simple to set up with a Mac server. I've never tried it on a Linux server, but from the expressions on some friend's faces when I suggest it, it doesn't seem to be very simple. I'm not sure how it's implemented in Active Directory either, though I do know it's just as frustrating when it doesn't work.

2 Comments

I do not know if it's just me or if everybody else experiencing issues with your website. It appears as if some of the written text on your content are running off the screen. Can somebody else please comment and let me know if this is happening to them as well? This may be a issue with my web browser because I've had this happen previously. Cheers

Hmm.. I'm not seeing anything wrong when I look, course I'm using Safari for my browser. I'm not sure which browser the problems MIT be on. Which one do you use? I'll see if I can't test for that browser.

OpenID accepted here Learn more about OpenID

About this Entry

This page contains a single entry by Jeremy Robb published on March 17, 2008 1:34 PM.

Happy Pi Day! was the previous entry in this blog.

The Task Analysis Revisited is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.