Monday, October 29, 2007

Group Members

Have you ever tried to get a list of group members in a text file.

Well you can do it this way:

dscl /LDAPv3/ -read /Groups/ThisGroup Member > ThisGroupsMembers.txt

Wednesday, October 17, 2007

Join Kerberos

I was having some troubles getting a server to join kerberos.

After some time I found out that the problem was related to a correct dns entry.

So there are two ways to fix this:

a) correct dns
b) if that is not possible due to some reason as in my case you may try this:

Use a text editor to open the /etc/hosts file, then add the following entry to the end of the file:

IP address FQDN

... where IP address is the IP address of the KDC, and FQDN is the fully qualified domain name that you specified on your DNS server.

For example: 123.456.78.910

In Terminal (/Applications/Utilities), execute the following command:
sudo scutil --set HostName
... where FQDN is the fully qualified domain name of this server that was configured on your DNS server.

After that I had no problems to join kerberos using:

sso_util remove -k -a diradminuser -p diradminpassword
rm /etc/krb5.keytab
# rm /Library/Preferences/
# rm -R /Library/Preferences/DirectoryService/
rm -R /var/db/krb5kdc/*

/usr/sbin/sso_util configure -r LDAP.HOPRO.EDU -a diradminuser -p diradminpassword -f /LDAPv3/ipaddrofladserver -v 1 all

Hint found here:
Mac OS X Server 10.4: Kerberos authentication services may not successfully start

Wednesday, October 10, 2007

Passwords not working?

Are you running a Mac OS X server and having troubles with your passwords?

The symptoms you see are:

- A user can't log in to some systems
- The /Library/Logs/PasswordService/ApplePasswordServer.Server.log on the relevant password server contains this message:

Dec 5 2005 14:28:26 AUTH2: {0x4322345c67952fc40000016800000685, user1} DIGEST-MD5 authentication failed, SASL error -13 (password incorrect).

Then have a look at this document:

Mac OS X Server: Authentication issues with DIGEST-MD5, "SASL error -13"