On a problem Mac, check if the mit.edu.kerberos file has been modified back to a default. We’ve been seeing machines overwriting our custom file and replacing it with a default one. If the file has been changed try this:
In the default file look for the line that says [libdefaults]. Chances are the only thing under it will be “dns_fallback = no” or it could give you a realm list. Either way, cut and paste from your modified edu.mit.kerberos file everything under [libdefaults] line. Don’t replace the Kerberos file this time: cut and paste into it.
After you have done this go System/Library/Core Serivces/Kerberos.app and delete any Kerberos ticket you might find.
Restart and try to log in again.
On a problem Mac you could also try stopping and restarting directory services:
Sudo killall DirectoryServices
The service will start again automatically.
Then check that AD is in the search path: dscl /Search –read / CSPSearchPath SearchPolicy
It should return:
/Local/Default,
/BSD/local
Active Directory/All Domains
Lastly, if you are still having problems, turn on Directory Services logging at startup:
Sudo killall –USR1 DirectoryServices
Touch /Library/Preferences/DirectoryService/.DSLogDebugAtStart
After the restart the logs can be found in:
/Library/Logs/DirectoryService/DirectoryService.debug.log
No comments:
Post a Comment