As we know with just about everything DNS is critical, so make sure it’s 100% before moving forward. It will save you countless time troubleshooting later.

Troubleshooting:

  1. First check your principles.
  2. Then test using Ticket Viewer in CoreServices.
  3. Check your DNS again and finally clean up the client:
    1. Delete the certificate via Terminal:security delete-certificate -c “com.apple.kerberos.kdc” /Library/Keychains/System.keychain
    2. Delete the local Kerberos configuration via Terminal:dscl . -delete /Config/KerberosKDC
    3. Kill the file that tells system not to setup a new local KDC:rm /var/db/ .configureLocalKDC
    4. Delete the remnants of the previous local KDC:rm -R /var/db/krb5kdc
    5. Create a new local KDC:/usr/libexec/configureLocalKDC