Client not found in Kerberos database

Thu Jun 21 18:50:11 EDT 2007

Hi,

I have an Intel xseve 10.4.9 server bound to AD and also have OD configured
on the same server for Mac management.
Other services running are AFP and WINDOWS. I will also be using the same
server as a file server for both Mac and Windows.

Below are my issues.

When the WINDOWS service starts on our Intel Xserve with 10.4.9 installed I
receive the below error message.

I have tested single sign on "SSO" from Mac and Windows systems and
everything seems to work, but am concerned that this error may cause an
issue at a later date.

I also have an issue with windows users suddenly not being able to connect
to a share on the Intel Xserve via SMB which is strange as the same user on
a Mac could still connect via AFP or SMB a restart of the WINDOWS service
seems to clear this problem, not sure if this is related to the below error
but it's a real issue and seems to be very random. When this happen I seem
to receive "broken pipe" errors in the "smbd.conf" log.

I checked the "secrets.tdb" and found that this did not have the "\00" on
the end of the "SECRETS/MACHINE_PASSWORD/", so I ran the script at "afp548"
site under forum "10.4.8 Intel - AD, Samba kerberos machine password" which
added the "\00". The strange thing is that all seemed to still work even
thought the "secrets.tdb" was not correct, perhaps this could be the cause
of the SMB dropouts?

Below is from the SMBD.LOG
*********************

[2007/05/30 19:14:49, 0]
/SourceCache/samba/samba-100.7/samba/source/smbd/server.c:main(789)

smbd version 3.0.10 started.
Copyright Andrew Tridgell and the Samba Team 1992-2004
[2007/05/30 19:14:49, 0]
/SourceCache/samba/samba-100.7/samba/source/libads/kerberos.c:ads_kinit_password(146)

kerberos_kinit_password host/ OSXSERVER at REALM.EDU.AU failed: Client not
found in Kerberos database
[2007/05/30 19:14:49, 0]
/SourceCache/samba/samba-100.7/samba/source/printing/nt_printing.c:nt_printing_init(386)

nt_printing_init: error checking published printers: WERR_ACCESS_DENIED
[2007/05/31 10:24:34, 0]

*****************

The above error occurs after I BIND the server to AD and run the "dsconfigad
–enableSSO" command and restart the server. I have tried removing the OD
configuration and BINDING to AD again but still get the above error.

The "OSXSERVER" in the log  is the OS X server name and the "REALM.EDU.AU"
is the AD realm. It seems to be related to the SMB.conf as when I change the
"netbios" name in the SMB.conf the "OSXSERVER" name changes in the SMBD.LOG.

Thanks for any help,
Regan.