I've been getting lots of GSSAPI errors in system.log when
clients connect via VPN. When clients are connected via VPN DNS on the
clients doesn't resolve correctly and stability is poor.
To avoid possible confusion with my odd (Greek) client and
server names, I replaced the client name with "MyVPNClient and
the server with "ServerFQDN"
From system.log:
Jun 26 08:14:39 myservername DirectoryService[60]: GSSAPI Error:
Miscellaneous failure (Server not found in Kerberos database)
From kdc.log:
Jun 26 08:14:42 ServerFQDN krb5kdc[276](info): TGS_REQ (7
etypes {18 17 16 23 1 3 2}) 10.0.0.4: UNKNOWN_SERVER: authtime
1182832508, MyVPNClient@FQDN for krbtgt/PPS.COM@FQDN, Server not found
in Kerberos database
I see this odd second VPN entry when I do a kadmin.local -q
listprincs:
vpn/serverfqdn@SERVERFQDN
vpn_28e90fc33eff@SERVERFQDN
I am suspicious of the second entry. Am I barking up the
right tree by wanting to delete it?
I have so far tried rebuilding the entire server from scratch,
demoting Open Directory to Standalone then re-promoting back to Open
Directory Master. I also tried the procedure in this tread: http://discussions.apple.com/thread.jspa?messageID=4240563�
Nothing is working! I am especially dumbfounded by the
rebuild not being successful. It appears I'm doing something odd with
my setup. I did at one point have everything including VPN working on
an older build that failed due to a drive failure. However, this
problem did appear prior to the drive failure. I made one or two
attempts to remedy the problem before the failure. My fall-back clone
also had the problem so apparently I hadn't noticed it right away
after the problem's appearance.
Thanks!
Gary Smith
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
This email sent to email@hidden
