Comments on: Tiger to Leopard Server Migration, Part Four

By: Jim

Jim — Tue, 03 Nov 2009 20:28:31 +0000

When I get to the command:sso_util configure -r MYREALM.CA -a diradmin -p mypasswd all

I get this error:

Contacting the directory server
/Local/Default
/BSD/local
/LDAPv3/127.0.0.1
Creating the service list
Creating the service principals
kadmin: Cannot contact any KDC for requested realm while initializing kadmin interface
SendInteractiveCommand: failed to get pattern
The system log shows this:

Nov 3 14:06:22 aeaserver ReportCrash[88903]: Formulating crash report for process kdcsetup[88894]
Nov 3 14:06:23 aeaserver ReportCrash[88903]: Saved crashreport to /Library/Logs/CrashReporter/kdcsetup_2009-11-03-140622_aeaserver.crash using uid: 0 gid: 0, euid: 0 egid: 0

When I looked in the /var/krb5kdc directory, the principals I created are gone. What hapened?

By: Josh

Josh — Thu, 26 Feb 2009 23:49:08 +0000

Hi,

thank you for that nice howto. I have much trouble with Kerberos.
But I have one problem at step 3:
I get the failure message: Couldn’t find KerberosClient config record

Hope someone has some good idea..

By: Ryan

Ryan — Mon, 08 Dec 2008 13:13:46 +0000

Hi Brent,

Sounds like do or die. Better hope the open directory restore works after changing to standalone or you lose your ldap & password server configs.

By: Brent

Brent — Mon, 08 Dec 2008 02:11:03 +0000

One thing to try is using Server Admin to backup your Open Directory settings in the Archive tab of the Open Directory panel. Then go to the Settings panel, and click the Change button, and change to a stand alone server. Once the transition is complete, do the reverse: change back to an Open Directory Master, then use the Restore feature in the Archive tab to re-add your users & settings.

See the /Library/Logs/slapconfig.log file for the output of what went on beneath the GUI.

By: Toros

Toros — Sat, 06 Sep 2008 20:44:05 +0000

Brent i am having the same segmentation fault problem as the other two posters. Is there some sort of a fix.

By: Brent

Brent — Sat, 16 Aug 2008 14:39:58 +0000

Oh, and did you do:
chflags nouchg /Library/Preferences/edu.mit.Kerberos
as per step 2?

By: Brent

Brent — Sat, 16 Aug 2008 14:36:39 +0000

Ryan & Steven: can you connect to your directory service using ‘ldapsearch’ or other tools? Have you tried the kerberosautoconfig command from step 3? What do you see in the logs (/var/log/system.log, /var/log/slapd.log, /var/log/krb5kdc/kdc.log) when you’re getting segfaults and exit code 10?

Does the command:
serveradmin fullstatus dirserv
tell you anything useful about the state of Kerberos (kdc)?

By: Steven

Steven — Sat, 16 Aug 2008 12:39:41 +0000

Sorry, any help would be appreciated. It’s the only thing on my server than needs fixing.

By: Steven

Steven — Sat, 16 Aug 2008 12:38:55 +0000

I’m having exactly the same problem as Ryan – clean install of 10.5.4 and getting Segmentation faults as well as the exit code 10.

V, v frustrating.

By: Ryan

Ryan — Mon, 11 Aug 2008 15:38:39 +0000

Sorry, forgot to mention that the open directory master is a clean install of v10.5.4