+ Post New Thread
Page 3 of 4 FirstFirst 1234 LastLast
Results 31 to 45 of 56
Mac Thread, Uncheck 'Force local home directory..' causes serious delays in Technical; You could use this combo update package that would go from 10.6.5 to 10.6.8 in one go....
  1. #31

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,184
    Thank Post
    299
    Thanked 211 Times in 181 Posts
    Rep Power
    55
    You could use this combo update package that would go from 10.6.5 to 10.6.8 in one go.

  2. #32

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,184
    Thank Post
    299
    Thanked 211 Times in 181 Posts
    Rep Power
    55
    Also is this of any use?

    https://discussions.apple.com/thread...art=0&tstart=0

    It seems to mention that the NFS service is being used to access home dirs, using Kerberos authentication. As your 2nd error is stating that your server is not is the kerberos Database, this could be your problem. If your users are set for any auth type it may be looking for kerberos and then falling back to the next auth type.

    You could possibly try to re-kerberise your services. Also if it is a AD-OD system, ensure that kerberos is not running on your OD. I think you have been through the klsit -kt commands before but if not then you could take a look at the results of that to see (if you are using NFS) that the service is kerberised. If it doesn't have the FQDN domain listed then you may need to kerberise the service again.

  3. Thanks to HodgeHi from:

    Sheridan (29th May 2012)

  4. #33

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,184
    Thank Post
    299
    Thanked 211 Times in 181 Posts
    Rep Power
    55
    The command to kerberise all the services is

    Code:
    sudo dsconfigad -enablesso

  5. #34
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,160
    Thank Post
    89
    Thanked 84 Times in 56 Posts
    Rep Power
    28
    Do you re-kerberise the services on the client or server, or both?

    I've checked klist and the services all show the FQDN of the mac.

    Today I've rebuilt a test mac from scratch (actually my original cd was 10.6.2) and used the 10.6.8 combo to get it up to date. Problem still occurs and has happened at least 5 times today! The last time it happened I had the Console open looking at the errors and the error that coincides with the hang is the same one I had ages ago, from smb_iod_sendall: Timed out waiting on the response for 0xa0 mid=0xdaf.

    The error above does show different hex values but its the one that always appears around the time of the hang.

    Oh Oh - doing a search for the above error brings up this:

    https://discussions.apple.com/thread...art=0&tstart=0

    Which looks like I'm stuffed unless I upgrade them to 10.7
    Last edited by Sheridan; 29th May 2012 at 03:20 PM.

  6. #35
    JR-PCS's Avatar
    Join Date
    Apr 2012
    Posts
    91
    Thank Post
    3
    Thanked 19 Times in 18 Posts
    Rep Power
    11
    Lion is only 9.90 when buying 20+ licenses.

    I'm disappointed in my self for not suggesting that it could be incompatibility with your file server. I have seen this before, just last summer in fact. Good to know 10.7 could be the fix though.

  7. #36
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,160
    Thank Post
    89
    Thanked 84 Times in 56 Posts
    Rep Power
    28
    I looked into the smb issues a good while ago when we were all on 2003 server, however now its 50/50 whether the users are on 2003 or 2008 server and they all get the issue. So it does seem like the fault lies totally with osx 10.6. Nobody seems to have these issues with 10.5 that I can find!

  8. #37

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,184
    Thank Post
    299
    Thanked 211 Times in 181 Posts
    Rep Power
    55
    The change probably came with Server 2008 using an updated SMB2 protocol. Lion Server is the only one that I know of that was released with support for this. I am using server 2003 across all of our servers and share out using both SMB and AFP. Is it possible to use AFP instead or are your shares on the windows server?

    The kerberising of the services is done on the server.

    Edit: I have just found an article that shows how to disable SMB2 signing. Could this help?

    http://www.petri.co.il/how-to-disabl...erver-2008.htm

  9. #38

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,184
    Thank Post
    299
    Thanked 211 Times in 181 Posts
    Rep Power
    55
    The last post in the Apple discussion thread you mentioned is an interesting one. Have you got CS5 installed on any of your macs? Could you remove a copy off one and se if the results are the same, or have you already tried a fresh install of just the OS with the combo update?

    Also just reading your last post regarding the klist. You say they all have the FQDN of the mac. Is this the mac server? I almost certain that if your services are kerberised by the AD then they should have the AD REALM after the service name. Mac Servers tend to add the server name at the beginning of the REALM name like server.example.com instead of just example.com.

    Here's a list of my services, kerberised by the AD.

    Code:
     72 05/14/12 14:42:41 imap/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      72 05/14/12 14:42:41 xmpp/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      72 05/14/12 14:42:41 fcsvr/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      72 05/14/12 14:42:41 http/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      72 05/14/12 14:42:41 ftp/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      72 05/14/12 14:42:41 afpserver/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      72 05/14/12 14:42:41 afpserver/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      72 05/14/12 14:42:41 afpserver/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      72 05/14/12 14:42:41 smtp/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      72 05/14/12 14:42:41 host/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      72 05/14/12 14:42:41 host/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      72 05/14/12 14:42:41 ipp/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      72 05/14/12 14:42:41 xgrid/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      72 05/14/12 14:42:41 xgrid/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      72 05/14/12 14:42:41 xgrid/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      72 05/14/12 14:42:41 vpn/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      72 05/14/12 14:42:41 vnc/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      72 05/14/12 14:42:41 nfs/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      72 05/14/12 14:42:41 nfs/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      72 05/14/12 14:42:41 vpn/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      72 05/14/12 14:42:41 pop/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      72 05/14/12 14:42:41 ldap/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      72 05/14/12 14:42:41 ldap/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      72 05/14/12 14:42:41 ldap/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      72 05/14/12 14:42:41 HTTP/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      72 05/14/12 14:42:41 HTTP/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      72 05/14/12 14:42:41 HTTP/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      72 05/14/12 14:42:41 cifs/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      72 05/14/12 14:42:41 cifs/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      72 05/14/12 14:42:41 cifs/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      72 05/14/12 14:42:41 pop/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      72 05/14/12 14:42:41 nfs/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 ipp/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 vnc/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      72 05/14/12 14:42:41 pop/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 vnc/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      72 05/14/12 14:42:41 pcast/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      72 05/14/12 14:42:41 pcast/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      72 05/14/12 14:42:41 pcast/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      72 05/14/12 14:42:41 XMPP/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      72 05/14/12 14:42:41 XMPP/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      72 05/14/12 14:42:41 XMPP/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 imap/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 xmpp/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 fcsvr/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 http/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 ftp/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 afpserver/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 afpserver/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 afpserver/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 smtp/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 host/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 host/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 host/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 ipp/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 vpn/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 xgrid/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 xgrid/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 xgrid/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 vpn/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 vnc/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 nfs/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 nfs/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 vpn/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 pop/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 ldap/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 ldap/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 ldap/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 HTTP/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 HTTP/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 HTTP/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 cifs/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 cifs/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 cifs/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 pop/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 nfs/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 pop/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 pcast/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 pcast/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 pcast/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 XMPP/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 XMPP/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK
      73 05/28/12 14:25:35 XMPP/fizz.eatonvalley.sandwell.sch.uk@EATONVALLEY.SANDWELL.SCH.UK

  10. Thanks to HodgeHi from:

    Sheridan (30th May 2012)

  11. #39

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,213
    Thank Post
    2,766
    Thanked 935 Times in 875 Posts
    Rep Power
    343
    Quote Originally Posted by HodgeHi View Post
    Edit: I have just found an article that shows how to disable SMB2 signing. Could this help?

    How to Disable SMB 2.0 on Windows Vista/2008
    I used that article quite a while back when I did a guide for disabling SMB 2.0 on windows 7 as per attached pdf for scan to folder on Ricoh Copiers
    Attached Files Attached Files

  12. Thanks to mac_shinobi from:

    Sheridan (30th May 2012)

  13. #40
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,160
    Thank Post
    89
    Thanked 84 Times in 56 Posts
    Rep Power
    28
    The Mac I'm using for testing now has no CS5 on it - and the users I'm trying connect only to a Server 2003 share. I did look at the SMB2 issues a while back but as we were nearly all on 2003 and still 50% are I didn't follow that one up.

    When I look at klist on one of the failing macs the services all show similar (cifs,afpserver,vnc etc) I.e afpserver/macname.domain.org.uk@macservername.domain.org.uk

    There seems to be two entries for each service, one as above and one with @domain.org.uk on the end

    Is that correct? I'm not sure how to troubleshoot kerberos!
    Last edited by Sheridan; 30th May 2012 at 12:39 PM.

  14. #41
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,160
    Thank Post
    89
    Thanked 84 Times in 56 Posts
    Rep Power
    28
    Heres a dump of klist from one of the test macs:

    Code:
      1 host/imac11.domain.org.uk@domain.org.uk
       1 host/imac11.domain.org.uk@domain.org.uk
       1 host/imac11.domain.org.uk@domain.org.uk
       1 host/imac11.domain.org.uk@domain.org.uk
       1 host/imac11.domain.org.uk@domain.org.uk
       1 imac11$@domain.org.uk
       1 imac11$@domain.org.uk
       1 imac11$@domain.org.uk
       1 imac11$@domain.org.uk
       1 imac11$@domain.org.uk
       1 cifs/imac11.domain.org.uk@domain.org.uk
       1 cifs/imac11.domain.org.uk@domain.org.uk
       1 cifs/imac11.domain.org.uk@domain.org.uk
       1 cifs/imac11.domain.org.uk@domain.org.uk
       1 cifs/imac11.domain.org.uk@domain.org.uk
       1 vnc/imac11.domain.org.uk@domain.org.uk
       1 vnc/imac11.domain.org.uk@domain.org.uk
       1 vnc/imac11.domain.org.uk@domain.org.uk
       1 vnc/imac11.domain.org.uk@domain.org.uk
       1 vnc/imac11.domain.org.uk@domain.org.uk
       1 afpserver/imac11.domain.org.uk@domain.org.uk
       1 afpserver/imac11.domain.org.uk@domain.org.uk
       1 afpserver/imac11.domain.org.uk@domain.org.uk
       1 afpserver/imac11.domain.org.uk@domain.org.uk
       1 afpserver/imac11.domain.org.uk@domain.org.uk
       2 host/imac11.domain.org.uk@domain.org.uk
       2 host/imac11.domain.org.uk@domain.org.uk
       2 host/imac11.domain.org.uk@domain.org.uk
       2 host/imac11.domain.org.uk@domain.org.uk
       2 host/imac11.domain.org.uk@domain.org.uk
       2 imac11$@domain.org.uk
       2 imac11$@domain.org.uk
       2 imac11$@domain.org.uk
       2 imac11$@domain.org.uk
       2 imac11$@domain.org.uk
       2 cifs/imac11.domain.org.uk@domain.org.uk
       2 cifs/imac11.domain.org.uk@domain.org.uk
       2 cifs/imac11.domain.org.uk@domain.org.uk
       2 cifs/imac11.domain.org.uk@domain.org.uk
       2 cifs/imac11.domain.org.uk@domain.org.uk
       2 vnc/imac11.domain.org.uk@domain.org.uk
       2 vnc/imac11.domain.org.uk@domain.org.uk
       2 vnc/imac11.domain.org.uk@domain.org.uk
       2 vnc/imac11.domain.org.uk@domain.org.uk
       2 vnc/imac11.domain.org.uk@domain.org.uk
       2 afpserver/imac11.domain.org.uk@domain.org.uk
       2 afpserver/imac11.domain.org.uk@domain.org.uk
       2 afpserver/imac11.domain.org.uk@domain.org.uk
       2 afpserver/imac11.domain.org.uk@domain.org.uk
       2 afpserver/imac11.domain.org.uk@domain.org.uk
       1 imac11$@XSERVE01.domain.org.uk
       1 imac11$@XSERVE01.domain.org.uk
       1 imac11$@XSERVE01.domain.org.uk
       1 imac11$@XSERVE01.domain.org.uk
       1 imac11$@XSERVE01.domain.org.uk
       7 host/imac11.domain.org.uk@XSERVE01.domain.org.uk
       7 host/imac11.domain.org.uk@XSERVE01.domain.org.uk
       7 host/imac11.domain.org.uk@XSERVE01.domain.org.uk
       7 host/imac11.domain.org.uk@XSERVE01.domain.org.uk
       7 host/imac11.domain.org.uk@XSERVE01.domain.org.uk
       7 afpserver/imac11.domain.org.uk@XSERVE01.domain.org.uk
       7 afpserver/imac11.domain.org.uk@XSERVE01.domain.org.uk
       7 afpserver/imac11.domain.org.uk@XSERVE01.domain.org.uk
       7 afpserver/imac11.domain.org.uk@XSERVE01.domain.org.uk
       7 afpserver/imac11.domain.org.uk@XSERVE01.domain.org.uk
       7 cifs/imac11.domain.org.uk@XSERVE01.domain.org.uk
       7 cifs/imac11.domain.org.uk@XSERVE01.domain.org.uk
       7 cifs/imac11.domain.org.uk@XSERVE01.domain.org.uk
       7 cifs/imac11.domain.org.uk@XSERVE01.domain.org.uk
       7 cifs/imac11.domain.org.uk@XSERVE01.domain.org.uk
       7 vnc/imac11.domain.org.uk@XSERVE01.domain.org.uk
       7 vnc/imac11.domain.org.uk@XSERVE01.domain.org.uk
       7 vnc/imac11.domain.org.uk@XSERVE01.domain.org.uk
       7 vnc/imac11.domain.org.uk@XSERVE01.domain.org.uk
       7 vnc/imac11.domain.org.uk@XSERVE01.domain.org.uk
    Not being a kerberos expert I don't know whether that looks right or not!

  15. #42

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,184
    Thank Post
    299
    Thanked 211 Times in 181 Posts
    Rep Power
    55
    Whats the output from the OD Master?

    Some services that are kerberised using the LKDC will have a long UID after the @ symbol, such as the AFP service.

  16. #43

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,184
    Thank Post
    299
    Thanked 211 Times in 181 Posts
    Rep Power
    55
    Also if you check server admin and then the Overview of the OD service, Kerberos should be stopped. This is because if the server has used the kerberos realm of the AD server then it won't start ther kerberos service as it hasn't got it's own DB or something like that.

    If the kerberos service is running then this may indicate that the OD master has kerberised the services with it's own REALM. I don't know if this is causing your problem but it may cause issues with authentication if it was using 2 realms.

  17. #44
    Sheridan's Avatar
    Join Date
    Oct 2010
    Posts
    1,160
    Thank Post
    89
    Thanked 84 Times in 56 Posts
    Rep Power
    28
    OD Master (Xserve) output:

    Code:
         3 afpserver/LKDC:SHA1.B449178E8E43C29DED06A8AFADF5D443B9AD5619@LKDC:SHA1.B449178E8E43C29DED06A8AFADF5D443B9AD5619
       3 afpserver/LKDC:SHA1.B449178E8E43C29DED06A8AFADF5D443B9AD5619@LKDC:SHA1.B449178E8E43C29DED06A8AFADF5D443B9AD5619
       3 afpserver/LKDC:SHA1.B449178E8E43C29DED06A8AFADF5D443B9AD5619@LKDC:SHA1.B449178E8E43C29DED06A8AFADF5D443B9AD5619
       3 cifs/LKDC:SHA1.B449178E8E43C29DED06A8AFADF5D443B9AD5619@LKDC:SHA1.B449178E8E43C29DED06A8AFADF5D443B9AD5619
       3 cifs/LKDC:SHA1.B449178E8E43C29DED06A8AFADF5D443B9AD5619@LKDC:SHA1.B449178E8E43C29DED06A8AFADF5D443B9AD5619
       3 cifs/LKDC:SHA1.B449178E8E43C29DED06A8AFADF5D443B9AD5619@LKDC:SHA1.B449178E8E43C29DED06A8AFADF5D443B9AD5619
       3 vnc/LKDC:SHA1.B449178E8E43C29DED06A8AFADF5D443B9AD5619@LKDC:SHA1.B449178E8E43C29DED06A8AFADF5D443B9AD5619
       3 vnc/LKDC:SHA1.B449178E8E43C29DED06A8AFADF5D443B9AD5619@LKDC:SHA1.B449178E8E43C29DED06A8AFADF5D443B9AD5619
       3 vnc/LKDC:SHA1.B449178E8E43C29DED06A8AFADF5D443B9AD5619@LKDC:SHA1.B449178E8E43C29DED06A8AFADF5D443B9AD5619
      43 nfs/xserve01.domain.org.uk@domain.org.uk
      43 pcast/xserve01.domain.org.uk@domain.org.uk
      43 xmpp/xserve01.domain.org.uk@domain.org.uk
      43 xmpp/xserve01.domain.org.uk@domain.org.uk
      43 pcast/xserve01.domain.org.uk@domain.org.uk
      43 nfs/xserve01.domain.org.uk@domain.org.uk
      43 xmpp/xserve01.domain.org.uk@domain.org.uk
      43 ldap/xserve01.domain.org.uk@domain.org.uk
      43 ldap/xserve01.domain.org.uk@domain.org.uk
      43 nfs/xserve01.domain.org.uk@domain.org.uk
      43 xmpp/xserve01.domain.org.uk@domain.org.uk
      43 ldap/xserve01.domain.org.uk@domain.org.uk
      43 http/xserve01.domain.org.uk@domain.org.uk
      43 http/xserve01.domain.org.uk@domain.org.uk
      43 xmpp/xserve01.domain.org.uk@domain.org.uk
      43 ldap/xserve01.domain.org.uk@domain.org.uk
      43 xserve01$@domain.org.uk
      41 vnc/xserve01.domain.org.uk@domain.org.uk
      41 vnc/xserve01.domain.org.uk@domain.org.uk
      43 ldap/xserve01.domain.org.uk@domain.org.uk
      43 http/xserve01.domain.org.uk@domain.org.uk
      41 vnc/xserve01.domain.org.uk@domain.org.uk
      41 vpn/xserve01.domain.org.uk@domain.org.uk
      41 vpn/xserve01.domain.org.uk@domain.org.uk
      43 http/xserve01.domain.org.uk@domain.org.uk
      41 vnc/xserve01.domain.org.uk@domain.org.uk
      41 cifs/xserve01.domain.org.uk@domain.org.uk
      41 cifs/xserve01.domain.org.uk@domain.org.uk
      41 cifs/xserve01.domain.org.uk@domain.org.uk
      43 http/xserve01.domain.org.uk@domain.org.uk
      41 cifs/xserve01.domain.org.uk@domain.org.uk
      41 xgrid/xserve01.domain.org.uk@domain.org.uk
      41 XMPP/xserve01.domain.org.uk@domain.org.uk
      41 XMPP/xserve01.domain.org.uk@domain.org.uk
      41 vnc/xserve01.domain.org.uk@domain.org.uk
      41 xgrid/xserve01.domain.org.uk@domain.org.uk
      41 ftp/xserve01.domain.org.uk@domain.org.uk
      41 vpn/xserve01.domain.org.uk@domain.org.uk
      41 ftp/xserve01.domain.org.uk@domain.org.uk
      41 HTTP/xserve01.domain.org.uk@domain.org.uk
      41 cifs/xserve01.domain.org.uk@domain.org.uk
      41 vpn/xserve01.domain.org.uk@domain.org.uk
       3 XMPP/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 XMPP/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 XMPP/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 XMPP/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 xmpp/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 xmpp/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 xmpp/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 xmpp/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 xgrid/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 xgrid/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 xgrid/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 xgrid/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 vpn/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 vpn/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 vpn/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 vpn/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 vnc/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 vnc/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 vnc/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 vnc/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 host/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 host/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 host/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 host/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 smtp/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 smtp/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 smtp/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 smtp/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 cifs/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 cifs/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 cifs/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 cifs/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 pop/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 pop/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 pop/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 pop/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 pcast/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 pcast/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 pcast/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 pcast/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 ldap/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 ldap/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 ldap/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 ldap/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 ipp/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 ipp/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 ipp/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 ipp/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 imap/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 imap/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 imap/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 imap/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 http/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 http/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 http/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 http/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 HTTP/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 HTTP/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 HTTP/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 HTTP/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 ftp/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 ftp/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 ftp/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 ftp/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       4 ftp/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       4 ftp/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       4 ftp/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       4 ftp/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 fcsvr/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 fcsvr/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 fcsvr/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 fcsvr/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       4 cifs/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       4 cifs/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       4 cifs/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       4 cifs/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 afpserver/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 afpserver/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 afpserver/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 afpserver/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       4 afpserver/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       4 afpserver/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       4 afpserver/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       4 afpserver/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 nfs/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 nfs/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 nfs/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 nfs/xserve01.domain.org.uk@XSERVE01.domain.org.uk
       3 nfs/xserve01.domain.org.uk@XSERVE01.domain.org.uk
    Edit - woops posted wrong output!

    klist output is too long to put all of it here.
    Last edited by Sheridan; 30th May 2012 at 01:19 PM.

  18. #45

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,184
    Thank Post
    299
    Thanked 211 Times in 181 Posts
    Rep Power
    55
    Is your DNS all A OK? There seems to be a few different hostnames in the list and also 2 realms. If you take a look at the one I posted up, you can see that it is a single hostname, fizz.eatonvalley.sandwell.sch.uk with a single kerberos realm @EATONVALLEY.SANDWELL.SCH.UK. This is also the name of the domain.

    The only way I know of getting this back to how it should be is demoting the server to a stand-alone server and then re-promoting. You may need to remove a kerberos file but I can't recall which one, either the krb5.keytab file or the edu.mit.kerberos file. If you back up your groups and users in WGM you back re-import them afterwards. However, you may need to re-create the managed preferences. These are backed up using server admin but this would also backup the possibly messed up kerberos DB/LDAP DB etc.

SHARE:
+ Post New Thread
Page 3 of 4 FirstFirst 1234 LastLast

Similar Threads

  1. Force local homes
    By _Bat_ in forum Mac
    Replies: 3
    Last Post: 26th October 2011, 10:46 AM
  2. Replies: 0
    Last Post: 24th May 2011, 02:44 PM
  3. Replies: 12
    Last Post: 6th May 2010, 09:33 AM
  4. Replies: 19
    Last Post: 20th June 2006, 03:53 PM
  5. Replies: 9
    Last Post: 16th June 2006, 09:28 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •