How to disable KDC on Leopard Server (AD/OD Magic Triangle)?

Subject: How to disable KDC on Leopard Server (AD/OD Magic Triangle)?

From: Dan Stranathan <email@hidden>

Date: Thu, 29 Nov 2007 17:42:24 -0600

Delivered-to: email@hidden

I have a "Magic Triangle" OD server running 10.5.1. It is an OD master and it is also bound to AD 2003 domain/realm too. I use AD for authentication and OD for Mac computer policy management (MCX)

How do I disable the local OD KDC before I bind the OD server to AD? I understand the process on Tiger Server, but I have heard that Leopard server is different.

To the best of my knowledge, this is the steps for Tiger:

1 Create OD Master

2 Disable KDC on newly created OD master

A sso_util remove -k -a <diradmin> -p <password> -r <realm name> (Question: is the "-r <realm name>" needed? If so whats the name of the realm?)

B dscl -u <diradmin> /LDAPv3/127.0.0.1 -delete /Config/KerberosKDC (Question: I don't see this in my path - it doesnt exist - is this right?)

C dscl -u <diradmin> /LDAPv3/127.0.0.1 -delete /Config/KerberosClient (Question: I don't see this in my path - it doesnt exist - is this right?)

3) Verify:

A klist -kt (Question: What should I see or what should I not see here? See my example below)

B cat /library/Preferences/edu.mit.kerberos (What should I expect to see or not see here?)

C Check Server Admin OD settings - Kerberos is: Stopped"

4) Bind to Active Directory:

5) Verify again to be safe:

A klist -kt (What should I see or what should I not see here?)

B cat /library/Preferences/edu.mit.kerberos (What should I expect to see or not see here?)

C Check Server Admin OD settings - "Kerberos is: Stopped"

Here is what I see with the klist-kt command (to me it looks like I have 2 conflicting realms here!) Am I wrong?

graphite:~ root# klist -kt

Keytab name: FILE:/etc/krb5.keytab

KVNO Timestamp Principal

---- ----------------- --------------------------------------------------------

2 11/29/07 17:23:40 afpserver/email@hidden

2 11/29/07 17:23:41 afpserver/email@hidden

2 11/29/07 17:23:41 ftp/email@hidden

2 11/29/07 17:23:41 imap/email@hidden

2 11/29/07 17:23:41 pop/email@hidden

2 11/29/07 17:23:41 HTTP/email@hidden

2 11/29/07 17:23:41 http/email@hidden

2 11/29/07 17:23:41 nfs/email@hidden

2 11/29/07 17:23:41 smtp/email@hidden

2 11/29/07 17:23:41 host/email@hidden

2 11/29/07 17:23:41 cifs/email@hidden

2 11/29/07 17:23:41 XMPP/email@hidden

2 11/29/07 17:23:41 xmpp/email@hidden

2 11/29/07 17:23:41 ipp/email@hidden

2 11/29/07 17:23:41 vpn/email@hidden

2 11/29/07 17:23:41 xgrid/email@hidden

2 11/29/07 17:23:41 ldap/email@hidden

2 11/29/07 17:23:41 cifs/email@hidden

2 11/29/07 17:23:41 graphite$@DAN.COM

_______________________________________________ Do not post admin requests to the list. They will be ignored. Macos-x-server mailing list (email@hidden) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/macos-x-server/email@hidden This email sent to email@hidden