I'd probably demote the replica. Then make sure the reverse DNS is
working on the replica that didn't add itself correctly and then try
adding it again. 10.4 seems even more finicky about this than 10.3.
One thing you can do is manually set /etc/hostconfig to the FQDN and
even add an entry in /etc hosts before promoting to OD replica. That
way when it reports its DNS name back to the OD master when its
making itself a replica, you know all is good. Hopefully it will
make it into the edu.mit.Kerberos file alright. If not, you may try
what you are suggesting, hand editing the record in LDAP.
Aaron
On Aug 29, 2005, at 12:54 PM, The web guy wrote:
Thanks Aaron - strange as it may seem, the Library/Preferences/
edu.mit.Kerberos points to one of the replicas as the only kdc.
This is true on the master, as well as the replicas. It is also
true in the kerberosclient record in /LDAP/config. The only replica
where Kerberos is running is the replica that the file points too...
I don't manage these servers full time, but I'm very perplexed how
this got that way without an amazing amount of promoting and
demoting, which did not happen, as far as I can tell...
Anyway, suggestions on how I bring this back into plum without
nuking the master?
My thought is:
1) Demote all replicas
2) Hand edit the kerbclient info in LDAP to point to the master.
Restart server and verify things are OK.
3) Kerberize the server in Server Admin
4) Run mkpassdb -kerberize to kerberize user accounts
3) Re-add replicas
Is this plausible?
thanks!
Kirk
On Aug 25, 2005, at 5:15 PM, Aaron Rosenblum wrote:
What does your /Library/Preferences/edu.mit.Kerberos file look
like on that replica? On the master?
Aaron
On Aug 25, 2005, at 10:36 AM, The web guy wrote:
I am having some amount of issue getting kerberos to run on my
replicas. Master is 10.4 server (updated from 10.3), been brought
down to stand-alone and re-promoted. On a new 10.4 server (not
upgraded), I try to go from stand-alone to replica and get the
stuff below in the slapdconf.log - the error seems to come from the
/usr/sbin/kdb5_util dump - K/email@hidden
Improper format of Kerberos configuration file while initializing
Kerberos code
As there have been other issues with upgrading 10.3 to 10.4, I'm
wondering if there is some version difference or something
between what an upgraded 10.3 server puts out, and a 10.4 new
server expects. Any thoughts on how to dump kerb and have it be
importable so I might be able to hand-crank this beast?
thanks!
Kirk
nothing found to load
2005-08-24 23:26:30 -0700 - 2 Stopping master LDAP server
2005-08-24 23:26:30 -0700 - command: ssh email@hidden /usr/sbin/
slapconfig -stopldapserver
2005-08-24 23:26:34 -0700 - 3 Updating master configuration
2005-08-24 23:26:34 -0700 - command: ssh email@hidden /usr/sbin/
slapconfig -addreplica 10.1.0.37
2005-08-24 23:26:36 -0700 - command: ssh email@hidden /usr/bin/
db_recover -h /var/db/openldap/openldap-data
2005-08-24 23:26:38 -0700 - command: ssh email@hidden /usr/sbin/
slapcat -l /var/db/openldap/openldap-data/backup.ldif
2005-08-24 23:26:42 -0700 - 4 Restarting master LDAP server
2005-08-24 23:26:42 -0700 - command: ssh email@hidden /usr/sbin/
slapconfig -startldapserver
2005-08-24 23:26:45 -0700 - 5 Updating local replica configuration
2005-08-24 23:26:45 -0700 - Copied file from /etc/openldap/
slapd.conf to /etc/openldap/slapd.conf.backup.
2005-08-24 23:26:45 -0700 - 6 Copying master database to new replica
2005-08-24 23:26:45 -0700 - Removed directory at path /var/db/
openldap/openldap-data.
2005-08-24 23:26:45 -0700 - command: scp email@hidden:/var/db/
openldap/openldap-data/backup.ldif /var/db/openldap/openldap-data/
2005-08-24 23:26:47 -0700 - command: scp email@hidden:/etc/
openldap/schema /etc/openldap/
2005-08-24 23:26:50 -0700 - command: /usr/sbin/slapadd -c -l /var/
db/openldap/openldap-data/backup.ldif
2005-08-24 23:26:52 -0700 - 7 Starting new replica
2005-08-24 23:26:53 -0700 - Starting LDAP server (slapd)
2005-08-24 23:26:54 -0700 - 8 Starting replicator on master server
2005-08-24 23:26:54 -0700 - command: ssh email@hidden /usr/sbin/
slapconfig -startreplicator
2005-08-24 23:27:07 -0700 - Configuring Kerberos server, realm is
STUDENT.TTSD.K12.OR.US
2005-08-24 23:27:07 -0700 - command: scp email@hidden:/var/db/
krb5kdc/.k5.STUDENT.TTSD.K12.OR.US /var/db/krb5kdc/
2005-08-24 23:27:10 -0700 - command: scp email@hidden:/var/db/
krb5kdc/kadm5.acl /var/db/krb5kdc/
2005-08-24 23:27:12 -0700 - command: scp email@hidden:/var/db/
krb5kdc/kadm5.keytab /var/db/krb5kdc/
2005-08-24 23:27:14 -0700 - command: scp email@hidden:/var/db/
krb5kdc/kdc.conf /var/db/krb5kdc/
2005-08-24 23:27:16 -0700 - command: ssh email@hidden /usr/sbin/
kdb5_util dump - K/email@hidden
2005-08-24 23:27:18 -0700 - command: /usr/sbin/kdb5_util load /
var/db/krb5kdc/initial.dump
2005-08-24 23:27:18 -0700 - kdb5_util command output:
Improper format of Kerberos configuration file while initializing
Kerberos code
2005-08-24 23:27:18 -0700 - kdb5_util command failed with status 1
2005-08-24 23:27:18 -0700 - 9 Enabling password server replication
2005-08-24 23:27:18 -0700 - command: /usr/sbin/NeST -setupreplica
10.1.0.39 diradmin ****
2005-08-24 23:27:41 -0700 - 10 Enabling local Kerberos server
2005-08-24 23:27:41 -0700 - command: /usr/sbin/kdcsetup -c /
LDAPv3/127.0.0.1 -w -a diradmin -p **** -v 1 STUDENT.TTSD.K12.OR.US
2005-08-24 23:28:01 -0700 - kdcsetup command output:
Contacting the Directory Server
Authenticating to the Directory Server
Creating Kerberos directory
Creating KDC Config File
<CFArray 0x3049b0 [0xa0728150]>{type = immutable, count = 1,
values = (
0 : <CFDictionary 0x304960 [0xa0728150]>{type = mutable,
count = 0, capacity = 4, pairs = (
)}
)}
Adding KDC to launchd
The KDC is not running error = 3
Failed to configure error = 3
2005-08-24 23:28:01 -0700 - kdcsetup command failed with status 3
2005-08-24 23:28:01 -0700 - command: /usr/sbin/sso_util configure
-r STUDENT.TTSD.K12.OR.US -f /LDAPv3/127.0.0.1 -a diradmin -p **** -
v 1 all
2005-08-24 23:28:01 -0700 - sso_util command output:
Contacting the directory server
Creating the service list
Creating the service principals
kadmin: Improper format of Kerberos configuration file while
initializing krb5 library
kadmin: Improper format of Kerberos configuration file while
initializing krb5 library
kadmin: Improper format of Kerberos configuration file while
initializing krb5 library
kadmin: Improper format of Kerberos configuration file while
initializing krb5 library
kadmin: Improper format of Kerberos configuration file while
initializing krb5 library
kadmin: Improper format of Kerberos configuration file while
initializing krb5 library
kadmin: Improper format of Kerberos configuration file while
initializing krb5 library
kadmin: Improper format of Kerberos configuration file while
initializing krb5 library
kadmin: Improper format of Kerberos configuration file while
initializing krb5 library
kadmin: Improper format of Kerberos configuration file while
initializing krb5 library
kadmin: Improper format of Kerberos configuration file while
initializing krb5 library
2005-08-24 23:28:01 -0700 - sso_util command failed with status 2
2005-08-24 23:28:01 -0700 - command: /usr/sbin/sso_util configure
-r STUDENT.TTSD.K12.OR.US -f /LDAPv3/127.0.0.1 -a diradmin -p **** -
v 1 ldap
2005-08-24 23:28:01 -0700 - sso_util command output:
Contacting the directory server
Creating the service list
Creating the service principals
kadmin: Improper format of Kerberos configuration file while
initializing krb5 library
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40mac.com
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40mac.com
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
