I ran into several difficulties setting up Podcast Producer in Leopard server. I followed the setup instructions in the manual, but when it came to getting Xgrid up and running, I hit a wall.

Here are the problems that I encountered:

“agent could not determine the expected controller service principal”

The Podcast Producer manual says that Kerberos authentication in Xgrid is necessary (page 26)…
(more…)

Kerberos and Single Sign-on in Leopard Server

It has been awhile since my last post of this series — sorry to keep you waiting. Kerberos on Mac OS X Server is a finicky thing, and it took me this long to get it working! Well, I did take a 3 week vacation, and was busy with other projects for at least 2 weeks … but it was a major pain in the ass to set up, and I’m not yet entirely satisfied.

To get straight to the point, the following procedure got kerberos with single sign-on up and running for me. Hopefully it will work for you too.

(more…)

I booted up my Leopard server yesterday to discover that my directory administrator account — that’s the one used to authenticate to /LDAP/127.0.0.1 in Workgroup Manager — appeared to be broken. It looked as if I was locked out, as if I had forgotten my password. I knew that I hadn’t forgotten my password, and I verified that by logging into the directory using ldapsearch. However, Workgroup Manager insisted, “login information not valid for this server”.

I worked on it for awhile, sifting through log files and Googling for answers, but ran out of time for the evening: I was almost late for American Gangster. To my surprise, when I booted up Leopard server today, it worked. To confirm my sanity, I rebooted again: this time, no dice. So there was some kind of random failure happening. After some hunting around, I noticed a single entry in slapd.log:

slapd[40]: SASL [conn=9] Failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Decrypt integrity check failed)

(more…)