Joining OSX server to windows 2000 AD KDC

Hi All,

I'm trying to join OSX server 10.4.7 to a windows 2000 Active Directory
KDC server. After I join the OSX server to the AD server (with
Directory Acces), I start Server Admin fallow by Open Directory and
then Settings. I change the Role of the server from Stanalone Server to
Connected to a Directory system and finally I click on Join Kerberos. I
fill the fields and receive the error message below when I click the OK
button:

Kerberos keytab error. Error while creating the Kerberos keytab file
for this server.

I also found in the /Library/Logs/slapconfig.log file this information:

2006-07-12 09:00:36 -0400 - slapconfig -sso_util
2006-07-12 09:00:36 -0400 - command: /usr/sbin/sso_util configure -r
MY_KERBOROS_REALM -a KDC_ADM_LOGIN -p **** -v 1 all
2006-07-12 09:00:38 -0400 - sso_util command output:
Contacting the directory server
Creating the service list
Creating the service principals
kadmin: Database error! Required KADM5 principal missing while
initializing kadmin interface
kadmin: Database error! Required KADM5 principal missing while
initializing kadmin interface
kadmin: Database error! Required KADM5 principal missing while
initializing kadmin interface
kadmin: Database error! Required KADM5 principal missing while
initializing kadmin interface
kadmin: Database error! Required KADM5 principal missing while
initializing kadmin interface
kadmin: Database error! Required KADM5 principal missing while
initializing kadmin interface
kadmin: Database error! Required KADM5 principal missing while
initializing kadmin interface
kadmin: Database error! Required KADM5 principal missing while
initializing kadmin interface
kadmin: Database error! Required KADM5 principal missing while
initializing kadmin interface
kadmin: Database error! Required KADM5 principal missing while
initializing kadmin interface
kadmin: Database error! Required KADM5 principal missing while
initializing kadmin interface
kadmin: Database error! Required KADM5 principal missing while
initializing kadmin interface
2006-07-12 09:00:38 -0400 - sso_util command failed with status 2

Anybody have clues on that?

Best regards

Yvan Michaud
System Administrator
University of Sherbrooke

>
> Hi All,
> I'm trying to join OSX server 10.4.7 to a windows 2000 Active Directory
> KDC server. After I join the OSX server to the AD server (with
> Directory Acces), I start Server Admin fallow by Open Directory and
> then Settings. I change the Role of the server from Stanalone Server to
> Connected to a Directory system and finally I click on Join Kerberos. I
> fill the fields and receive the error message below when I click the OK
> button:
>
> Kerberos keytab error. Error while creating the Kerberos keytab file
> for this server.
>
> I also found in the /Library/Logs/slapconfig.log file this information:
>
> 2006-07-12 09:00:36 -0400 - slapconfig -sso_util
> 2006-07-12 09:00:36 -0400 - command: /usr/sbin/sso_util configure -r
> MY_KERBOROS_REALM -a KDC_ADM_LOGIN -p **** -v 1 all
> 2006-07-12 09:00:38 -0400 - sso_util command output:
> Contacting the directory server
> Creating the service list
> Creating the service principals
> kadmin: Database error! Required KADM5 principal missing while
> initializing kadmin interface

This looks as if the principal kadmin/admin@MY_KERBOROS_REALM is missing.

> kadmin: Database error! Required KADM5 principal missing while
> initializing kadmin interface
> kadmin: Database error! Required KADM5 principal missing while
> initializing kadmin interface
> kadmin: Database error! Required KADM5 principal missing while
> initializing kadmin interface
> kadmin: Database error! Required KADM5 principal missing while
> initializing kadmin interface
> kadmin: Database error! Required KADM5 principal missing while
> initializing kadmin interface
> kadmin: Database error! Required KADM5 principal missing while
> initializing kadmin interface
> kadmin: Database error! Required KADM5 principal missing while
> initializing kadmin interface
> kadmin: Database error! Required KADM5 principal missing while
> initializing kadmin interface
> kadmin: Database error! Required KADM5 principal missing while
> initializing kadmin interface
> kadmin: Database error! Required KADM5 principal missing while
> initializing kadmin interface
> kadmin: Database error! Required KADM5 principal missing while
> initializing kadmin interface
> 2006-07-12 09:00:38 -0400 - sso_util command failed with status 2
>
> Anybody have clues on that?

Best regards

Yvan Michaud
System Administrator
University of Sherbrooke

--
Richard Silverman
res@qoxp.net

Richard E. Silverman a écrit :

> >
> > Hi All,
> > I'm trying to join OSX server 10.4.7 to a windows 2000 Active Directory
> > KDC server. After I join the OSX server to the AD server (with
> > Directory Acces), I start Server Admin fallow by Open Directory and
> > then Settings. I change the Role of the server from Stanalone Server to
> > Connected to a Directory system and finally I click on Join Kerberos. I
> > fill the fields and receive the error message below when I click the OK
> > button:
> >
> > Kerberos keytab error. Error while creating the Kerberos keytab file
> > for this server.
> >
> > I also found in the /Library/Logs/slapconfig.log file this information:
> >
> > 2006-07-12 09:00:36 -0400 - slapconfig -sso_util
> > 2006-07-12 09:00:36 -0400 - command: /usr/sbin/sso_util configure -r
> > MY_KERBOROS_REALM -a KDC_ADM_LOGIN -p **** -v 1 all
> > 2006-07-12 09:00:38 -0400 - sso_util command output:
> > Contacting the directory server
> > Creating the service list
> > Creating the service principals
> > kadmin: Database error! Required KADM5 principal missing while
> > initializing kadmin interface
>
> This looks as if the principal kadmin/admin@MY_KERBOROS_REALM is missing.
>
> > kadmin: Database error! Required KADM5 principal missing while
> > initializing kadmin interface
> > kadmin: Database error! Required KADM5 principal missing while
> > initializing kadmin interface
> > kadmin: Database error! Required KADM5 principal missing while
> > initializing kadmin interface
> > kadmin: Database error! Required KADM5 principal missing while
> > initializing kadmin interface
> > kadmin: Database error! Required KADM5 principal missing while
> > initializing kadmin interface
> > kadmin: Database error! Required KADM5 principal missing while
> > initializing kadmin interface
> > kadmin: Database error! Required KADM5 principal missing while
> > initializing kadmin interface
> > kadmin: Database error! Required KADM5 principal missing while
> > initializing kadmin interface
> > kadmin: Database error! Required KADM5 principal missing while
> > initializing kadmin interface
> > kadmin: Database error! Required KADM5 principal missing while
> > initializing kadmin interface
> > kadmin: Database error! Required KADM5 principal missing while
> > initializing kadmin interface
> > 2006-07-12 09:00:38 -0400 - sso_util command failed with status 2
> >
> > Anybody have clues on that?
>
> Best regards
>
> Yvan Michaud
> System Administrator
> University of Sherbrooke
>
>
> --
> Richard Silverman
> res@qoxp.net

Richard,

Thank for that fast response. I'm kind of newbie with Kerberos. I check
on the MIT web site to have a definition of principal but it still not
clear to me. Here, the output of the kadmin get_principal command:

OSX_server:~ admin_login$ kadmin get_principal
Authenticating as principal admin/admin@MY_KERBEROS_REALM with
password.
kadmin: Client not found in Kerberos database while initializing kadmin
interface

Could you tell me more on the clue you gave to me (This looks as if the
principal kadmin/admin@MY_KERBOROS_REALM is missing.)?

Regards

Yvan Michaud
System Administrator
University of Sherbrooke

Trivial wrote:
> Richard E. Silverman a écrit :
>
> > >
> > > Hi All,
> > > I'm trying to join OSX server 10.4.7 to a windows 2000 Active Directory
> > > KDC server. After I join the OSX server to the AD server (with
> > > Directory Acces), I start Server Admin fallow by Open Directory and
> > > then Settings. I change the Role of the server from Stanalone Server to
> > > Connected to a Directory system and finally I click on Join Kerberos.I
> > > fill the fields and receive the error message below when I click the OK
> > > button:
> > >
> > > Kerberos keytab error. Error while creating the Kerberos keytab file
> > > for this server.
> > >
> > > I also found in the /Library/Logs/slapconfig.log file this information:
> > >
> > > 2006-07-12 09:00:36 -0400 - slapconfig -sso_util
> > > 2006-07-12 09:00:36 -0400 - command: /usr/sbin/sso_util configure -r
> > > MY_KERBOROS_REALM -a KDC_ADM_LOGIN -p **** -v 1 all
> > > 2006-07-12 09:00:38 -0400 - sso_util command output:
> > > Contacting the directory server
> > > Creating the service list
> > > Creating the service principals
> > > kadmin: Database error! Required KADM5 principal missing while
> > > initializing kadmin interface
> >
> > This looks as if the principal kadmin/admin@MY_KERBOROS_REALM is missing.
> >
> > > kadmin: Database error! Required KADM5 principal missing while
> > > initializing kadmin interface
> > > kadmin: Database error! Required KADM5 principal missing while
> > > initializing kadmin interface
> > > kadmin: Database error! Required KADM5 principal missing while
> > > initializing kadmin interface
> > > kadmin: Database error! Required KADM5 principal missing while
> > > initializing kadmin interface
> > > kadmin: Database error! Required KADM5 principal missing while
> > > initializing kadmin interface
> > > kadmin: Database error! Required KADM5 principal missing while
> > > initializing kadmin interface
> > > kadmin: Database error! Required KADM5 principal missing while
> > > initializing kadmin interface
> > > kadmin: Database error! Required KADM5 principal missing while
> > > initializing kadmin interface
> > > kadmin: Database error! Required KADM5 principal missing while
> > > initializing kadmin interface
> > > kadmin: Database error! Required KADM5 principal missing while
> > > initializing kadmin interface
> > > kadmin: Database error! Required KADM5 principal missing while
> > > initializing kadmin interface
> > > 2006-07-12 09:00:38 -0400 - sso_util command failed with status 2
> > >
> > > Anybody have clues on that?
> >
> > Best regards
> >
> > Yvan Michaud
> > System Administrator
> > University of Sherbrooke
> >
> >
> > --
> > Richard Silverman
> > res@qoxp.net
>
> Richard,
>
> Thank for that fast response. I'm kind of newbie with Kerberos. I check
> on the MIT web site to have a definition of principal but it still not
> clear to me. Here, the output of the kadmin get_principal command:
>
> OSX_server:~ admin_login$ kadmin get_principal
> Authenticating as principal admin/admin@MY_KERBEROS_REALM with
> password.
> kadmin: Client not found in Kerberos database while initializing kadmin
> interface
>
> Could you tell me more on the clue you gave to me (This looks as if the
> principal kadmin/admin@MY_KERBOROS_REALM is missing.)?
>
> Regards
>
> Yvan Michaud
> System Administrator
> University of Sherbrooke

I finally solve my problem. In Directory Acces, make sure you see your
AD setup in the Authentification tag and then custom path and save that
config.

Hope that could help other.

Yvan Michaud
System Administrator
University of Sherbrooke

Joining OSX server to windows 2000 AD KDC - Kerberos

Thread: Joining OSX server to windows 2000 AD KDC

LinkBack

Tools

Joining OSX server to windows 2000 AD KDC

Re: Joining OSX server to windows 2000 AD KDC

Re: Joining OSX server to windows 2000 AD KDC

Re: Joining OSX server to windows 2000 AD KDC