Languages

Archived - Mac OS X v10.5 and 10.6: Duplicate computer name alert when binding to Open Directory

This article has been archived and is no longer updated by Apple.

Symptoms

When attempting to bind a NetInstall or NetRestore client to Open Directory, a client may receive an alert that the computer already exists.  Looking up the computer in Open Directory may return a duplicate "LKDC:SHA1" entry.

Resolution

For Mac OS X v10.6 systems, use the System Image Utility included in Mac OS X Server v10.6.3 or later, and create the NetInstall or NetRestore image from a 10.6.3 or later system.

For Mac OS X v10.5 systems, create a new image using the System Image Utility included in Server Admin Tools 10.5.6 or later, which is available from Apple Support Downloads (it is also included with Mac OS X Server version 10.5.6 Update, or later). This utility automatically removes the local KDC during image creation.

Important: You should not manually remove Mac OS X system files or security configuration items to try to resolve this issue.

Additional Information

With Mac OS X 10.5 and later, each client system maintains a local KDC (LKDC) for local computer security.  A computer-specific certificate named com.apple.kerberos.kdc is created during the installation of OS X and a SHA1 hash of the certificate is generated and entries are added to the kerberos keytab for each service that uses the LKDC.  This SHA1 hash is part of the computer account created for clients when bound to Open Directory and must be unique for each client computer.

Last Modified: Aug 2, 2013
Helpful?
Yes
No
  • Last Modified: Aug 2, 2013
  • Article: TS1245
  • Views:

    3313
  • Rating:
    • 20.0

    (1 Responses)

Additional Product Support Information

Start a Discussion
in Apple Support Communities
See all questions on this article See all questions I have asked