I am trying to reinstall kerberos, but without success. On my last
attempt it told me my password was wrong when trying to initialise
Kadmin. I am trying to avoid reinstalling the whole server, but am
not having any success reinstalling kerberos only. Can anyone
point to a good article that shows how to completely blow away the
previous install and start again. Most of the articles I have
found point to 10.3 and earlier not 10.4.
Do you mean reconfigure? You should be able to use sso_util. If you
can back the users up, or afford to loose them, demote from master
to standalone and then re-promote.
Josh
Hi John
I am not sure what is the best description, but I certainly want to
get Kerberos working and guess that reinitialising would be easier. I
have spend almost literally days trying to understand this, but can't
bring all the concepts together so as to find a solution. It would be
very difficult to loose the user and groups database and rebuild, and
I can't really take the server off line for long. It is operational 24/7
Below are the sort of errors i am getting. The Open Director Master
says Kerberos of running, the replicas won't start. I have never been
able to get anything to authenticate using Kerberos. It is as if the
users in the LDAP directory don't get.
From the logs below SERVER.QUEENSBERRY.CO.NZ is the open directory
master and the realm name. server.photojunction.com is one of the
replicas in a different IP zone.
Any help appreciated.
Cheers
Stephen
>> From KDC log on Replica
Jan 21 21:42:33 server.photojunction.com krb5kdc[263](info): set up 2
sockets
Jan 21 21:42:33 server.photojunction.com krb5kdc[263](info):
commencing operation
Jan 27 18:13:29 server.photojunction.com krb5kdc[263](info): AS_REQ
(7 etypes {18 17 16 23 1 3 2}) 192.168.1.7: ISSUE: authtime
1138338809, etypes {rep=16 tkt=16 ses=16},
email@hidden for krbtgt/
email@hidden
Jan 27 18:31:31 server.photojunction.com krb5kdc[263](info): AS_REQ
(7 etypes {18 17 16 23 1 3 2}) 192.168.1.7: ISSUE: authtime
1138339891, etypes {rep=16 tkt=16 ses=16},
email@hidden for krbtgt/
email@hidden
Jan 27 18:31:33 server.photojunction.com krb5kdc[263](info): TGS_REQ
(7 etypes {18 17 16 23 1 3 2}) 192.168.1.7: ISSUE: authtime
1138339891, etypes {rep=16 tkt=16 ses=16},
email@hidden for ldap/
email@hidden
Jan 27 18:42:20 server.photojunction.com krb5kdc[263](info): AS_REQ
(7 etypes {18 17 16 23 1 3 2}) 192.168.1.7: DECRYPT_SERVER_KEY:
email@hidden for krbtgt/
email@hidden, Decrypt integrity
check failed
krb5kdc: Interrupted system call - while selecting for network input(1)
Jan 28 21:50:00 server.photojunction.com krb5kdc[263](info): shutting
down
krb5kdc: Decrypt integrity check failed - while verifying master key
for realm SERVER.QUEENSBERRY.CO.NZ
krb5kdc: Decrypt integrity check failed - while verifying master key
for realm SERVER.QUEENSBERRY.CO.NZ
krb5kdc: Decrypt integrity check failed - while verifying master key
for realm SERVER.QUEENSBERRY.CO.NZ
>> From Slapconfig Log - Main Server
kadmin: Incorrect password while initializing kadmin interface
>> From Kadmin log - Main server
Jan 29 10:25:52 server.queensberry.co.nz kadmin.local[3148](info): No
dictionary file specified, continuing without one.
>> From KDC log - Main server
an 29 10:41:51 server.queensberry.co.nz krb5kdc[209](info): TGS_REQ
(7 etypes {18 17 16 23 1 3 2}) 192.168.100.7: UNKNOWN_SERVER:
authtime 1138484510, email@hidden for ldap/
email@hidden, Server not found
in Kerberos database
>> From Consol Main Server - Sorry not sure which log
Jan 29 16:29:05 server DirectoryService[45]: GSSAPI Error:
Miscellaneous failure (Server not found in Kerberos database)
>> I am not sure if it is related, and don't know what it means but
I have also started getting this error
2005-11-09 20:29:34 NZDT - ServerControl::NotifyDirNodeAdded
SCDynamicStoreCreate not yet available from System Configuration
