Comments on: Kerberos Issues With Podcast Producer / XGrid on Leopard Server http://www.netmojo.ca/2008/03/19/kerberos-issues-with-podcast-producer-xgrid-on-leopard-server/ Apple Certified Mac Consulting Mon, 09 Jan 2012 22:29:32 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: earl http://www.netmojo.ca/2008/03/19/kerberos-issues-with-podcast-producer-xgrid-on-leopard-server/comment-page-1/#comment-3110 earl Mon, 06 Jun 2011 20:43:35 +0000 http://www.netmojo.ca/blog/2008/03/19/kerberos-issues-with-podcast-producer-xgrid-on-leopard/#comment-3110 Brent: My PcP initally worked. I could submit jobs, they would get processed etc, Kerberos works for both e-mail and Podcast Capture login. Now it quit working. The PcP gui interface indicates it can't find it. The xcontroller activity logs indicate the agent has been contacted with a job to process. The actual xcontroller logs indicate it has shutdown. Something has clearly changed. Also the three pcastadmin@MYREALM.CA pcastuser@MYREALM.CA pcastxgrid@MYREALM.CA were never in my OD users list. I didn't try to create them though. The errors that you indicate above I don't see. It doesn't mean though that they are there and as soon as I get beyond where I am now they won't pop up. I believe worse case it to reinstall the software and start from scratch. It will work Brent:

My PcP initally worked. I could submit jobs, they would get processed etc, Kerberos works for both e-mail and Podcast Capture login.

Now it quit working. The PcP gui interface indicates it can’t find it. The xcontroller activity logs indicate the agent has been contacted with a job to process. The actual xcontroller logs indicate it has shutdown. Something has clearly changed. Also the three

pcastadmin@MYREALM.CA
pcastuser@MYREALM.CA
pcastxgrid@MYREALM.CA

were never in my OD users list. I didn’t try to create them though. The errors that you indicate above I don’t see. It doesn’t mean though that they are there and as soon as I get beyond where I am now they won’t pop up. I believe worse case it to reinstall the software and start from scratch. It will work

]]> By: Brent http://www.netmojo.ca/2008/03/19/kerberos-issues-with-podcast-producer-xgrid-on-leopard-server/comment-page-1/#comment-915 Brent Fri, 08 Aug 2008 18:34:03 +0000 http://www.netmojo.ca/blog/2008/03/19/kerberos-issues-with-podcast-producer-xgrid-on-leopard/#comment-915 kadmin.local must be executed on the master Kerberos server, as root. This makes me wonder if it's possible to run an Xgrid controller on an OD replica server. I've tried getting it to work, but so far, no luck. Another topic that I have yet to fully investigate is the issue of Kerberos slave (replica) servers in OSX Server. This article: http://www.afp548.com/article.php?story=20060724104018616 ... says that each OD replica becomes a Kerberos master server, and changes get replicated back to the other Kerberos masters by some unique-to-OSX mechanism. However, the article was written at the time of OS X Server 10.4. In 10.6, my OD replica doesn't appear to be a Kerberos master, and I cannot run kadmin.local on it. kadmin.local must be executed on the master Kerberos server, as root.

This makes me wonder if it’s possible to run an Xgrid controller on an OD replica server. I’ve tried getting it to work, but so far, no luck.

Another topic that I have yet to fully investigate is the issue of Kerberos slave (replica) servers in OSX Server. This article:

http://www.afp548.com/article.php?story=20060724104018616

… says that each OD replica becomes a Kerberos master server, and changes get replicated back to the other Kerberos masters by some unique-to-OSX mechanism. However, the article was written at the time of OS X Server 10.4. In 10.6, my OD replica doesn’t appear to be a Kerberos master, and I cannot run kadmin.local on it.

]]> By: GEORGE http://www.netmojo.ca/2008/03/19/kerberos-issues-with-podcast-producer-xgrid-on-leopard-server/comment-page-1/#comment-914 GEORGE Fri, 08 Aug 2008 07:08:10 +0000 http://www.netmojo.ca/blog/2008/03/19/kerberos-issues-with-podcast-producer-xgrid-on-leopard/#comment-914 thank you for the answer, the thing is that I am still not able to start xgrid with kerberos authentication. Here is the error from kadmin.local any other ideas would be really appreciated: $ sudo kadmin.local Password: Authenticating as principal root/admin@SERVERNAME.DOMAIN.RO with password. kadmin.local: No such file or directory while initializing kadmin.local interface thank you for the answer, the thing is that I am still not able to start xgrid with kerberos authentication.

Here is the error from kadmin.local any other ideas would be really appreciated:

$ sudo kadmin.local
Password:
Authenticating as principal root/admin@SERVERNAME.DOMAIN.RO with password.
kadmin.local: No such file or directory while initializing kadmin.local interface

]]> By: Brent http://www.netmojo.ca/2008/03/19/kerberos-issues-with-podcast-producer-xgrid-on-leopard-server/comment-page-1/#comment-913 Brent Thu, 07 Aug 2008 16:31:07 +0000 http://www.netmojo.ca/blog/2008/03/19/kerberos-issues-with-podcast-producer-xgrid-on-leopard/#comment-913 George, it must be executed with root privileges. Prefix with "sudo". George, it must be executed with root privileges. Prefix with “sudo”.

]]> By: GEORGE http://www.netmojo.ca/2008/03/19/kerberos-issues-with-podcast-producer-xgrid-on-leopard-server/comment-page-1/#comment-912 GEORGE Thu, 07 Aug 2008 12:09:18 +0000 http://www.netmojo.ca/blog/2008/03/19/kerberos-issues-with-podcast-producer-xgrid-on-leopard/#comment-912 hello Interesting postings I have the folowing: $ sudo klist -k | grep xgrid 4 xgrid/servername.domain.ro@SERVERNAME.DOMAIN.RO 4 xgrid/servername.domain.ro@SERVERNAME.DOMAIN.RO 4 xgrid/servername.domain.ro@SERVERNAME.DOMAIN.RO 3 xgrid@SERVERNAME.DOMAIN.RO 3 xgrid@SERVERNAME.DOMAIN.RO 3 xgrid@SERVERNAME.DOMAIN.RO 2. $ kadmin.local Couldn't open log file /var/log/krb5kdc/kadmin.log: Permission denied Authenticating as principal adminuser/admin@SERVERNAME.DOMAIN.RO with password. kadmin.local: Permission denied while initializing kadmin.local interface hello

Interesting postings

I have the folowing:

$ sudo klist -k | grep xgrid
4 xgrid/servername.domain.ro@SERVERNAME.DOMAIN.RO
4 xgrid/servername.domain.ro@SERVERNAME.DOMAIN.RO
4 xgrid/servername.domain.ro@SERVERNAME.DOMAIN.RO
3 xgrid@SERVERNAME.DOMAIN.RO
3 xgrid@SERVERNAME.DOMAIN.RO
3 xgrid@SERVERNAME.DOMAIN.RO

2. $ kadmin.local
Couldn’t open log file /var/log/krb5kdc/kadmin.log: Permission denied
Authenticating as principal adminuser/admin@SERVERNAME.DOMAIN.RO with password.
kadmin.local: Permission denied while initializing kadmin.local interface

]]> By: Brent http://www.netmojo.ca/2008/03/19/kerberos-issues-with-podcast-producer-xgrid-on-leopard-server/comment-page-1/#comment-910 Brent Fri, 04 Apr 2008 07:07:43 +0000 http://www.netmojo.ca/blog/2008/03/19/kerberos-issues-with-podcast-producer-xgrid-on-leopard/#comment-910 Also, try running: <fixed>sudo serveradmin settings xgrid</fixed> If the FQDN of your kerberos server isn't in the prefs:ControllerName field, you can set it with: <fixed>sudo serveradmin settings xgrid:AgentSettings:prefs:ControllerName = "myserver.netmojo.ca"</fixed> Yet another place to look for problems is in the plaintext xml file: <fixed>/Library/Preferences/com.apple.pcastserverd.plist</fixed> I'm interested to know how it goes. Good luck! Also, try running:

sudo serveradmin settings xgrid

If the FQDN of your kerberos server isn’t in the prefs:ControllerName field, you can set it with:

sudo serveradmin settings xgrid:AgentSettings:prefs:ControllerName = “myserver.netmojo.ca”

Yet another place to look for problems is in the plaintext xml file:

/Library/Preferences/com.apple.pcastserverd.plist

I’m interested to know how it goes. Good luck!

]]> By: Brent http://www.netmojo.ca/2008/03/19/kerberos-issues-with-podcast-producer-xgrid-on-leopard-server/comment-page-1/#comment-909 Brent Thu, 03 Apr 2008 21:30:32 +0000 http://www.netmojo.ca/blog/2008/03/19/kerberos-issues-with-podcast-producer-xgrid-on-leopard/#comment-909 Did you have to change the <fixed>/private/etc/xgrid/controller/service-principal</fixed> file? If so, did you restart Xgrid and the KDC after changing it? Is your actual FQDN equal to the name in that file, and does DNS resolve your IP address (forward and reverse lookups) to that name? Did you have to change the /private/etc/xgrid/controller/service-principal file? If so, did you restart Xgrid and the KDC after changing it? Is your actual FQDN equal to the name in that file, and does DNS resolve your IP address (forward and reverse lookups) to that name?

]]> By: Jussi http://www.netmojo.ca/2008/03/19/kerberos-issues-with-podcast-producer-xgrid-on-leopard-server/comment-page-1/#comment-908 Jussi Thu, 03 Apr 2008 07:15:50 +0000 http://www.netmojo.ca/blog/2008/03/19/kerberos-issues-with-podcast-producer-xgrid-on-leopard/#comment-908 Hi, for me this did not solve the problem with “agent could not determine the expected controller service principal”. My xgrid service principal and the one expected are the one and the same. Any ideas? /jussi Hi,

for me this did not solve the problem with “agent could not determine the expected controller service principal”. My xgrid service principal and the one expected are the one and the same. Any ideas?

/jussi

]]>