Hush now slapd.log GSSAPI Errors

I think we got the GSSAPI errors showing up repeatedly in our slapd.log to go away by stripping out then replacing the LDAP KDC principle and key. Here's how if you'd like to try (at your own risk):
Remove the LDAP service principal:
sudo kadmin.local -q 'delprinc ldap/<FQDN>'
Remove the principal key from the keytab:
sudo kadmin.local -q 'ktrem ldap/<FQDN>'
Create a fresh LDAP service principal:
sudo kadmin.local -q 'addprinc -randkey ldap/<FQDN>@<REALM>'
Import the new principal key into the keytab file:
sudo kadmin.local -q 'ktadd ldap/<FQDN>@<REALM>'
Reboot when convenient. Reloading the slapd didn't seem to enable this
fix. I did not try reloading both slapd and the krb5kdc.
(FQDN = Fully Qualified Domain Name. Yes I know you know, but there will be somebody that will message me asking what it means)

We're seeing them on just about all of our Tiger servers. We are or were having stability issues and this was one of the odd activities taking place. I felt that it was better to clear these just incase they were playing a role in the instability.
The cause could be that there is something wrong with Apple's integration of OpenLDAP with Kerberos. Somehow OpenLDAP isn't happy with the LDAP principal and key within Kerberos. Refreshing it manually with these commands sorted it.

Similar Messages

  • Promoto to OD Master - errors in slapconfig.log and slapd.log

    After a lot of promoting to OD Master and demoting to Standalone I have finally a OD Master that seems like it's working.
    At least I can bind my clients to it and then (after reboot of the client) work with networked home-dirs Smile.
    BUT I have a couple of entries in my logs that I have not seen in the testserver (I had no problems with setting up a testserver as an OD Master on a test-LAN…)
    1. /Library/Logs/slapconfig.log:
    Creating the keytab file
    kadmin: No entry for principal xgrid/[email protected]
    exists in keytab
    WRFILE:/etc/krb5.keytab
    kadmin: No entry for principal afpserver/[email protected]
    exists in keytab
    WRFILE:/etc/krb5.keytab
    Creating the keytab file
    kadmin: No entry for principal ldap/[email protected] exists
    in keytab WRFILE:/etc/krb5.keytab
    2006-03-13 22:59:23 +0100 - kerberosautoconfig command output:
    The machine is standalone
    Removing /Library/Preferences/edu.mit.Kerberos
    2006-03-13 22:59:23 +0100 - kerberosautoconfig command failed with status 255
    2006-03-13 22:59:23 +0100 - command: /usr/sbin/mkpassdb -kerberize
    2006-03-13 22:59:23 +0100 - mkpassdb command output:
    kadmin.local: unable to get default realm
    kadmin.local: unable to get default realm
    kadmin.local: unable to get default realm
    2. /var/log/slapd.log:
    Monday, March 13 2006 @ 05:09 pm CST
    After a lot of promoting to OD Master and demoting to Standalone I have finally a OD Master that seems like it's working.
    At least I can bind my clients to it and then (after reboot of the client) work with networked home-dirs Smile.
    BUT I have a couple of entries in my logs that I have not seen in the testserver (I had no problems with setting up a testserver as an OD Master on a test-LAN…)
    1. /Library/Logs/slapconfig.log:
    Creating the keytab file
    kadmin: No entry for principal xgrid/[email protected]
    exists in keytab
    WRFILE:/etc/krb5.keytab
    kadmin: No entry for principal afpserver/[email protected]
    exists in keytab
    WRFILE:/etc/krb5.keytab
    Creating the keytab file
    kadmin: No entry for principal ldap/[email protected] exists
    in keytab WRFILE:/etc/krb5.keytab
    2006-03-13 22:59:23 +0100 - kerberosautoconfig command output:
    The machine is standalone
    Removing /Library/Preferences/edu.mit.Kerberos
    2006-03-13 22:59:23 +0100 - kerberosautoconfig command failed with status 255
    2006-03-13 22:59:23 +0100 - command: /usr/sbin/mkpassdb -kerberize
    2006-03-13 22:59:23 +0100 - mkpassdb command output:
    kadmin.local: unable to get default realm
    kadmin.local: unable to get default realm
    kadmin.local: unable to get default realm
    2. /var/log/slapd.log:
    Mar 13 23:01:00 server slapd[389]: Entry
    (uid=untitled_1,cn=users,dc=server,dc=my-domain-name,dc=net):
    object class 'posixAccount' requires attribute 'homeDirectory'\n
    Mar 13 23:01:00 server slapd[389]: entry failed schema check: object class 'posixAccount'
    requires attribute 'homeDirectory'\n
    Mar 13 23:01:33 server slapd[389]: Entry
    (uid=t2,cn=users,dc=server,dc=my-domain-name,dc=net): object
    class 'posixAccount' requires attribute 'homeDirectory'\n
    Mar 13 23:01:33 server slapd[389]: entry failed schema check: object class 'posixAccount'
    requires attribute 'homeDirectory'\n
    PS.:
    - Just to be on the safe side I have batch-replaced the domain name with "my-domain-name" & "MY-DOMAIN-NAME"
    - Some linebreaks have been added to the logs above to make the whole post more readable!
    Before I made the (almost?) successfull promotion to OD Master I did:
    - Make sure reverse DNS is working
    - Made the server's Network Preferences DNS server point to 127.0.0.1
    - Set the hostname via "sudo scutil --set HostName"
    - /etc/hostconfig contains "HOSTNAME=-AUTOMATIC-"
    - The server is running DNS, AFP, Web, MySQL & Mail
    - How serious are the errors I can see in the logs?
    - How an I fix them?
    TIA From a Kerberos newbie (that had a lot of help from the O'reilly book "Mac OS X Panther Administration")
    PS.: This question is also asked on the very informative site AFP548 so far with no replies:
    http://www.afp548.com/forum/viewtopic.php?forum=39&showtopic=11693
    G5 dual 2.0 GHz, Mac SE and a lot more…   Mac OS X (10.4.5)  

    the message "kadmin.local: unable to get default realm" indicates that your
    /Library/Preferences/edu.mit.Kerberos file is missing or incorrect.
    Using workgroup manager look at the KerberosClient record (you may need to go into the preferences and set the "show all records" checkbox), look in the XMLPlist attribute for an xml representation of the edu.mit.Kerberos file.
    as root on the OD Master, run klist -k to view keytabs (there should be 3 mostly identical entries for each service)
    also as root on the OD Master, run kadmin.local -q "listprincs" to view the principals in the kdc.
    Hope this gets you started
    - Leland
    DP G4   Mac OS X (10.4.2)  

  • Slapd.log error message

    Hi !
    I have a Xserve running 10.6.8
    I have noticed that the /var/log/slapd.log
    has been reporting lots of instances of
    Mar  6 08:19:11 services slapd[57]: <= bdb_substring_candidates: (apple-nickname) not indexed
    Mar  6 08:19:11 services slapd[57]: <= bdb_substring_candidates: (apple-namesuffix) not indexed
    Mar  6 08:19:11 services slapd[57]: <= bdb_substring_candidates: (apple-emailcontacts) not indexed
    On searching
    https://discussions.apple.com/message/1658376?messageID=1658376#1658376?messageI D=1658376
    The conclusion being that as long as everything was working, which it is, they can be ignored
    But my server wasn't recording these events until recently and even if they are an annoyance I would like to know how to make them stop.
    If anyone has any information that would appreciated.
    Regards
    Tony

    Thanks for taking the trouble
    I appreciate what you are saying
    I have inherited a naming convention - and the management want that kept (for the time being)
    I have quite a few machines named, both on the machine locally, and in workgroup manager using hypens and none of these are causing an issue.
    I can only assume that this machine was once named with an "underscore" and then once realised was renamed with a hyphen.
    But it has still left this error being reported in slapd.log
    I want to know where this record may be held (file/directory) so that I can remove it to stop the error message

  • GSSAPI Error: Server not found in Kerberos database

    Hi all
    For about 3 days I'm now seeing this error message in system.log every 3 minutes:
    DirectoryService: GSSAPI Error: Miscellaneous failure (Server not found in Kerberos database)
    This happens on a fileserver which is connected to an OD server.
    I did a search in this forum and found one thread about it. The advice there was to look in kdc.log to see which principal is failing - but I don't have a kdc.log. The other tip was to use kadmin to get a list of the principals by using
    kadmin.local -q listprincs
    but what I get instead of this list is:
    Authenticating as principal xyz/[email protected] with password.
    kadmin.local: No such file or directory while initializing kadmin.local interface
    It seems that some file is missing, which would explain why DirectoryService can't find the server in the database... I have to confess that I have no idea as to how Kerberos works or how to configure it.
    Authentication against the OD server is working fine, it's just that the errors in the log are getting on my nerves, and they make it difficult to find other, more important messages in system.log.
    Thankas, Tina

    Ah, I see, the kdc.log is on the OD server, not on
    the file server where I was looking for it.
    OK, in the kdc logfile I have a lot of entries like
    these ones:
    Kerberos is an auth system where the user authenticates to the kdc and is issued a TGT (Ticket Granting Ticket). The user then presents their TGT and a service principal (Kerberos name of a server) to the kdc to get a service ticket. The user then sends the service ticket to the server who lets the user in.
    Some interpretation:
    Mar 22 09:18:35 zool09.abc.xy krb5kdc[218](info):
    TGS_REQ (7 etypes {18 17 16 23 1 3 2}) 130.60.23.23:
    UNKNOWN_SERVER: authtime 1143003387,
    [email protected] for krbtgt/[email protected],
    Server not found in Kerberos database
    This (TGS_REQ) is request for a service ticket from 130.60.23.23 using the
    TGT owned by [email protected], to get a service ticket for
    krbtgt/[email protected]. It looks like krbtgt/[email protected] is not in your kdc's database. This looks like a cross realm request.
    If you are also connected to an active directory system you might see something like this.
    Mar 22 09:19:20 zool09.abc.xy krb5kdc[218](info):
    AS_REQ (7 etypes {18 17 16 23 1 3 2}) 130.60.23.11:
    NEEDED_PREAUTH: [email protected] for
    krbtgt/[email protected], Additional
    pre-authentication required
    Mar 22 09:19:20 zool09.abc.xy krb5kdc[218](info):
    AS_REQ (7 etypes {18 17 16 23 1 3 2}) 130.60.23.11:
    ISSUE: authtime 1143015560, etypes {rep=16 tkt=16
    ses=16}, [email protected] for
    krbtgt/[email protected]
    The AS_REQ's above are the two step authentication process for user [email protected] from 130.60.23.11.
    Mar 22 09:19:20 zool09.abc.xy krb5kdc[218](info):
    TGS_REQ (7 etypes {18 17 16 23 1 3 2}) 130.60.23.11:
    UNKNOWN_SERVER: authtime 1143001370,
    [email protected] for
    krbtgt/[email protected], Server not
    found in Kerberos database
    This is another service ticket request. Though the requested service principal looks malformed, I would look for something misconfigured on 130.60.23.11.
    Possibly watch what user zds01 is doing during login to get some idea of what's going on.
    Mar 22 09:19:20 zool09.abc.xy krb5kdc[218](info):
    TGS_REQ (7 etypes {18 17 16 23 1 3 2}) 130.60.23.11:
    UNKNOWN_SERVER: authtime 1143001370,
    [email protected] for
    krbtgt/[email protected], Server not found
    in Kerberos database
    Same as above.
    What do they mean? I didn't set up Kerberos
    authentication, I think I don't need it, is there any
    way to disable it? Or am I using it without knowing
    it??
    When you set up the OD Master, a kdc & the needed files were set up to allow single sign on to all the kerberized services in the system.
    - see if you have an
    /Library/Preferences/edu.mit.Kerberos file
    - Also look for an /etc/krb5.keytab file
    Yes, I have both of them.
    kadmin.local -q listprincs on the OD server gives me
    a long list of computers, users and services like
    this:
    I don't know what these all mean... could you give me
    a brief explanation?
    [email protected]
    When you create a computer record in Workgroup Manager a generic principal name is added to the kdc for that computer. It is related to the host/computer_name@REALM service principal for servers.
    [email protected]
    This is a user principal (this is the account name for the user in the Kerberos system) Sometimes you will see user/admin@REALM.
    afpserver/[email protected]
    This is a service principal. They usually are in the form servicetype/server_dnsname@REALM
    One of the things that Kerberos is very sensitive to is correct DNS configuration. You need to have both forward (name -> IP) and reverse (IP -> name) DNS set up for all the servers in your realm.
    Hope this helps
    - Leland
    DP G4   Mac OS X (10.4.5)  

  • GSSAPI Error - Miscellaneous failure - ldap - krbtgt

    Hello,
    So I don't know too much about managing and maintaining a network, but I know 1000 times more than everyone I work with.  So I got the "IT Guy" title pushed on me.  So I was looking at the server logs and there is a message that shows up every minute.  And every minute the message displays about 10 times.
    2/8/13 12:15:53.844 PM slapd: GSSAPI Error:  Miscellaneous failure (see text (Server (krbtgt/[email protected]) unknown while looking up 'ldap/[email protected]' (cached result, timeout in 1200 sec))
    Also in the slapd.log this message shows up over and over.  I don't know if they are related, but they could be.
    Feb  8 12:18:56 sol slapd[49440]: do_syncrepl1: client_connect failed (-1)
    Feb  8 12:18:56 sol slapd[49440]: slap_client_connect: URI=ldap://marvin.multi-tek.com:389 ldap_sasl_interactive_bind_s failed (-2)
    I've searched and searched for an answer here and other places, but no one seems to have the same problem.  I don't even know if this is a problem although I don't think this should be happening.  Everything seems to be working okay.  We have 2 servers running Lion.  Let me know what else you need to know.
    Thanks for looking.

    Solved the problem by myself
    - Disable the automatic recognition of the account settings-

  • ./ns-slapd: fatal: relocation error:

    Hello All,
    I am getting this error while trying to start our Netscape Directory Server 4.16 (Running with iMS5.2).
    ld.so.1: ./ns-slapd: fatal: relocation error: file
    /usr/iplanet/server5/bin/msg/lib/libnsuni31.so: symbol log: referenced symbol not found
    Killed
    Any ideas what is causing it?
    Thanks in advance,
    Azim Lakha

    Thanks Rich,
    The LD_LIBRARY_PATH was set to /usr/iplanet/server5/bin/msg/lib. I removed it and everything is working fine now.
    Once again, many thanks

  • GSSAPI Errors and VPN

    I've been getting lots of GSSAPI errors when clients connect via VPN. When clients are connected via VPN DNS doesn't resolve correctly and stability is poor.
    From system.log:
    Jun 26 08:14:39 myservername DirectoryService[60]: GSSAPI Error: Miscellaneous failure (Server not found in Kerberos database)
    From kdc.log:
    Jun 26 08:14:42 FQDN krb5kdc[276](info): TGS_REQ (7 etypes {18 17 16 23 1 3 2}) 10.0.0.4: UNKNOWN_SERVER: authtime 1182832508, MyVPNClient@FQDN for krbtgt/PPS.COM@FQDN, Server not found in Kerberos database
    I see this odd entry when I do a kadmin.local -q listprincs:
    vpn/fqdn@FQDN
    vpn_28e90fc33eff@FQDN
    The second entry seems wrong. Would it be safe to delete it?
    I have so far tried rebuilding the entire server from scratch, demoting Open Directory to Standalone then repromoting back to Open Directory Master. I also tried the procedure in this tread:
    http://discussions.apple.com/thread.jspa?messageID=4240563&#4240563
    Nothing is working!
    Thanks!
      Mac OS X (10.4)  

    Hi iGary
    Except it did appear on a mobile client when
    attempting to bind to the OS X Server directory. This
    mobile client was bound to an Active Directory, do I
    forcibly unbound it and deleted all Kerberos and
    DirectoryService preferences. Now I'm running well.
    I don’t see why not, it can’t hurt.
    Good luck – Tony

  • GSSAPI Error Another one

    Hello All
    I'm having a problem to login on my MacServer since yesterday when we got new connection and I had to change my DNS configuration.
    No one can login, and on logs I got this error messages
    To give a brief explanation about the problem, the server has 3 network interfaces 1 for external access (internet) and 2 for our internal networks. So with the new internet connection I had to change the external interface's IP address. So I've also changed it on the DNS (as you can see on the log before it was 172.16.XX.XX). But after that nobody can login.
    System Log
    +DirectoryService[61]: GSSAPI Error: Miscellaneous failure (Server not found in Kerberos database)+
    Kdc Log
    +Jun 18 10:50:09 server.domain.com krb5kdc[242](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 81.145.128.82: ISSUE: authtime 1213782609, etypes {rep=16 tkt=16 ses=16}, [email protected] for krbtgt/[email protected]+
    +Jun 18 10:50:10 server.domain.com krb5kdc[242](info): TGS_REQ (7 etypes {18 17 16 23 1 3 2}) 81.145.128.82: UNKNOWN_SERVER: authtime 1213779829, [email protected] for ldap/[email protected], Server not found in Kerberos database+
    Kadmin command
    +sudo kadmin.local -q listprincs | grep ldap+
    ldap/[email protected]
    My DNS Zone
    +$TTL 86400+
    +domain.com. IN SOA server.domain.com. sysadmin.domain.co.uk. (+
    +2008061818 ; serial+
    +3h ; refresh+
    +1h ; retry+
    +1w ; expiry+
    +1h ) ; minimum+
    +domain.com. IN NS server.domain.com.+
    +domain.com. IN A 99.99.999.99+
    +server IN A 99.99.999.99+
    Inside my /Library/Preferences I've got 2 edu.mit.Kerberos files
    edu.mit.Kerberos
    edu.mit.Kerberos.UrLRdkjIuH7V7yG2QuH8e
    One of them (the UrL*) is empty the other one has this configuration
    +# WARNING This file is automatically created, if you wish to make changes+
    +# delete the next two lines+
    +# autogenerated from : /LDAPv3/127.0.0.1+
    +# generation_id : 1093139664+
    [libdefaults]
    +default_realm = SERVER.DOMAIN.COM+
    [realms]
    +SERVER.DOMAIN.COM = {+
    +kdc = server.domain.com+
    +admin_server = server.domain.com+
    [domain_realm]
    +domain.com = SERVER.DOMAIN.COM+
    +.domain.com = SERVER.DOMAIN.COM+
    [logging]
    +admin_server = FILE:/var/log/krb5kdc/kadmin.log+
    +kdc = FILE:/var/log/krb5kdc/kdc.log+
    I've read all the topics about it but till now I couldn't solve my problem.
    Is anyone able to help me?
    Thanks

    I even tried the online support option using my PlayBook's serial number; when I entered my email address, it said that it failed to recognise it.
    Yet in the tablet it clearly shows the right one.
    I am beginning to have serious doubts about having bought it in the first place.
    Techie Charlie.
    Trying to stay loyal to BlackBerry.
    Currently using BBM on my Android Motorola Moto G

  • THE DATABASE CONNECTION IS LOST :;; WIERD  ORA-01012 NOT LOGGED ON ERROR

    ERROR: ORA-01012 NOT LOGGED ON ERROR
    I AM USING A JAVA SWING INTERFACE (JDK 1.1.8), WHICH USES JNI TO CALL C PROGRAMS WHICH IN TURN CONNECTS TO THE DATABASE, ORACLE 8.1.6.
    A DATABASE CONNECTION IS ESTABLISED IN THE MAIN CLASS BY CALLING A FUNCTION FROM THE CONSTRUCTOR.
    FOR ALL OTHER FUNCTION CALLS WHICH ARE MADE FROM WITHIN THIS CONSTRUCTOR, THE CONNECTION STAYS.
    BUT AFTER THE CONTRUCTOR CALL IS COMPLETE, DATABASE CONNECTION IS STRANGELY LOST. THUS ALL OTHER FUNCTION CALLS FAIL BECAUSE OF CONNECTION ISSUES GIVING ORA-01012. THOUGH IF I CHECK UP IN THE DATABASE, THE CONNECTION DOES FIND AN ENTRY.
    SO IT APPEARS THAT SOMEHOW THE JAVA INTERFACE LOOSES TRACK OF CONNECTION. BUT STRANGELY ALL THE FUNCTIONS WORK IF CALLED FROM THE CONSTRUCTOR......... BUT THATS NOT THE IDEA.
    PLEASE HELP, THIS PROBLEM IS BUGGING ME FOR WEEKS NOW.
    THANKS
    AMIT

    apologise for the caps lock.
    i am working on a previous system with java swing front end which alread uses jni, and connects to database using pro *c.
    My problem is that the connection is lost as soon as the constructor of the main class is run, giving an
    ORA-1012 NOT LOGGED ON ERROR.
    But if i place the same calls in the contructor all the database call work.
    It somehow appears that the java interface looses the connection context. Though the session does find entry in the oracle dynamic tables as long as i dont close the front end main window, thereby meaning that its the jave interface which looses the context.
    part of the code of the main class eiquser.
    //constructor
    public EiqUser() {
         super();
         initMRI();
    private void initMRI() {
         try {
              /* initialize geoManager environment */
              int rccc = new EiqCfuncs().eiqInitEnv();
    //eiqinitenv is a c function which connects to database using pro *C
              EiqCfuncs cfuncs = new EiqCfuncs();
              //EiqCfuncs has the prototypes of c functions used bye the java interface
              this.ivjFileMenu.setText(cfuncs.eiqGetText(resNum.getTEXT_FILE_MENU())); // sets the menu name
    and so on.........
    public void eiqUser_WindowClosed(java.awt.event.WindowEvent windowEvent) {
         new EiqCfuncs().eiqTermEnv(); // gives ora-1012 error
    //eiqtermenv is supposed to disconnect from data base, but returns an ora-1012 not logged on erro
         return;
    //eiqtermenv closes the connection with the data base. But fails in this case. if i place the same call ( eiqtermenv) in the initMRI function or the contructor it succeeds.
    Plus if i dont use the java interace and use a c stub for executing the same sequence of functions, then i dont face any problems.
    the proc calls exectuted ultimately by...
    :::eiqinitenv
    exec sql connect using :sqlid identified by sqlpw; // succeeds giving sqlerr.sqlcode=0;
    ::::eiqterm env
    exec sql commit work; //fails giving 0ra-1012 error
    exec sql rollback work;
    Why is the java interface loosing track of the connection once done with the constructor of the main class?? The session still finds an entry in the oracle dynamic tables.
    Please help
    Thx
    Amit

  • While Installation of 11g database creation time error ORA-28056: Writing audit records to Windows Event Log failed Error

    Hi Friends,
    OS = Windows XP 3
    Database = Oracle 11g R2 32 bit
    Processor= intel p4 2.86 Ghz
    Ram = 2 gb
    Virtual memory = 4gb
    I was able to install the oracle 11g successfully, but during installation at the time of database creation I got the following error many times and I ignored it many times... but at 55% finally My installation was hanged nothing was happening after it..... 
    ORA-28056: Writing audit records to Windows Event Log failed Error  and at 55% my Installation got hung,,,, I end the installation and tried to create the database afterward by DBCA but same thing happened....
    Please some one help me out, as i need to install on the same machine .....
    Thanks and Regards

    AAP wrote:
    Thanks Now I am able to Create a database , but with one error,
    When I created a database using DBCA, at the last stage I got this error,
    Database Configuration Assistant : Warning
    Enterprise Manager Configuration Failed due to the Following error Listener is not up or database service is not registered with it.  Start the listener & Registered database service & run EM Configuration Assistant again....
    But when I checked the listener was up.....
    Now what was the problem,  I am able to connect and work through sqlplus,
    But  I didnt got the link of EM and when try to create a new connection in sql developer it is giving error ( Status : failure - Test Failed the Network Adapter could not establish the connection )
    Thanks & Regards
    Creation of the dbcontrol requires a connection via the listener.  When configuring the dbcontrol as part of database creation, it appears that the dbcontrol creation step runs before the dynamic registration of the databsase with the listener is complete.  Now that the database itself is completed and enough time (really, just a minute or two) has passed to allow the instance to register, use dbca or emca to create the dbcontrol.
    Are you able to get a sqlplus connection via the listener (sqlplus scott/tiger@orcl)?  That needs to be the first order of business.

  • Installed Trend Micro Smart Surfing on new MacBook Pro and now it has caused error that won't let computer boot up.  How do I get it to a point that I can delete program?

    Installed Trend Micro Smart Surfing on new MacBook Pro and now it has caused error that won't let computer boot up.  How do I get it to a point that I can delete program?

    Try booting up in Safe mode (holding down the Shift key while booting). If the software came with an unistaller, use it to remove alll traces of the software - it's nothing that you need and, as you've experienced, can do more actual hard than good (as is the case with most software of this type). When you're booted in Safe Mode, if you can't run an uninstaller, at least check to make sure that there are no Trend Micro items that are set for automatic log in, at least.
    Clinton

  • SASL(-1): generic failure: GSSAPI Error. No Credentials Cache Found

    When I try to use any ldap command line utilties on my Xserve dual G5 running OS X Server 10.4.11, I get any number of errors including:
    SASL/GSSAPI authentication started
    ldapsasl_interactive_binds: Local error (-2)
    additional info: SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure (No credentials cache found)
    If I run kadmin, or klist as super user I get the same error or similar error
    If I run kdelete and then kinit I don't get an error message, but I still can't log in using the directory administrator account, or even root if I enable the root account.
    The Server Admin tool shows that Kerberos is running and it appears to be working on all the clients on the network (OS X 10.3 and 10.4), but I just can't use the command line. This is frustrating because there are a number of batch tasks I prefer doing with the command line such as ldapadd and ldapmodify. The only command line utility for LDAP that does seem to work is slapcat. Workgroup Admin works as does phpldapadmin.
    Any ideas?
    Message was edited by: Christopher Dart
    Message was edited by: Christopher Dart

    Solved the problem by myself
    - Disable the automatic recognition of the account settings-

  • Help, please.  Console logging strange error repeatedly

    Hello, I am very low on hard drive space suddenly, and it was suggested that I check the console log. Sure enough, there is an error repeating over and over. I'm not sure if fixing this will solve the hard drive space problem, but I'd still like to fix it. Here is the error:
    12/20/07 12:59:39 AM [0x0-0x1a01a].com.ArcSoft.WDBackupMonitor[182] I/O warning : failed to load external entity "/Users/Teddy/Documents/ArcSoft/WD%20Backup/BackupSchedule.xml"
    Any help would be much appreciated!

    Hello. I am having exactly the same problem. I just installed software from Western Digital from my new external hard drive. Now I get contunuous error messages: I/O warning: failed to load external entity "/Users/Me/Documents/ArcSoft/WD Backup/BackupSchedule.xml". The Western Digital software does not install this file, I can find no reference to it on their web page, I have no backup tasks pending using this program, and there is no uninstall program I can use to remove Western Digital's Backup program. Any suggestions or similar experiences?
    Mark Turner

  • S7 event log Protocol Error: Handheld File could not be opened (4004)

    Every time I do a hotsync now, I get an error message indicating that two files were not successfully back up: "S7 Event Log" and "EX_New Stories".  Both inidcate "Protocol Error: Handheld File could not be opened (4004)."  Does anybody know how to fix this?
    Post relates to: Centro (Sprint)

    No need to complicate the Forum with duplicate posts...
    Using the Search function here on the Forum, you'll find many posts that offer solutions to your problem.  I searched for "4004", and found many matches.
    One like this one may help.
    WyreNut
    I am a Volunteer here, not employed by HP.
    You too can become an HP Expert! Details HERE!
    If my post has helped you, click the Kudos Thumbs up!
    If it solved your issue, Click the "Accept as Solution" button so others can benefit from the question you asked!

  • Can't log php errors.

    I installed php 5.2.5 per the instructions on this page:
    http://switch.richard5.net/isp-in-a-box-v2/installing-php-on-mac-os-x/
    I've also installed Apache 2.2.8 and MySQL 5.1.24.
    Everything seems to be working fine, except for one strange problem. I cannot log php errors.
    I have edited my php.ini file so that
    error_log = "/Library/PHP5/logs/php_error.log"
    ... and I have set the permissions on the php_error.log file to 777.
    I have created a test .php file with deliberate errors, but none of the errors show up in the php_error.log file. The test error I am using is "if ($undefinedvariable) { do something }"
    No php error messages are showing up in Apache's log file.

    I contacted Richard Valk, and he suggested checking where my installation of PHP expected the php.ini file to be, by creating a script file to run the phpinfo() command. I found out that my installation expected php.ini to be in /Library/PHP5/lib/, and it was actually in /etc/. I don't remember if I moved it there or what exactly.
    I copied the php.ini file to /Library/PHP5/lib/, toggled Apache, and php error logging works now.
    Big thanks to Mr. Valk!

Maybe you are looking for

  • Cannot connect to Database using JavaWebServer

    Hello, I am trying to connect to the database using the javawebserver2.0 but when executed i get the following exception can any please tell when what cud be the possible problem Exception is: 500 Internal Server Error The servlet named TxValidateUse

  • Why does firefox v 29 not enable the Trend Micro extension

    Extensions Name Version Enabled ID Trend Micro BEP Firefox Extension 7.5.0.1137 false [email protected] Trend Micro NSC Firefox Extension 6.8.0.1096 false {22C7F6C6-8D67-4534-92B5-529A0EC09405} Trend Micro Toolbar 6.0.0.2030 false {22181a4d-af90-4ca3

  • Can't sign into to Creative Cloud Desktop application or Ae

    Hi, Please see attached images. Everytime I try to sign into CC ap on my new 27" iMac it brings up a window that says I'm signed out. It will not open or at all. Ae also gives me this prompt and won't open. Please help I'm in the middle of a time sen

  • I cannot log in to my YouTube account?

    Since I installed Firefox on my PC more than a month ago, I cannot log in to my YouTube account, and cannot watch any videos there. I get an error message, telling me connection to this site (something like that) has failed, you can "retry" it again.

  • How to play music on a 4S

    First - I am new to the Apple, so bear with me.  I have loaded some songs on my iPhone.  If I ask SIRI to play all songs - they play.  But I want to manualy play songs and not use the voice command.  If I select iTunes all I see are "New Releases/Top