ICal and CalDAV issues: Address Panel - Open Directory Lookup? & others.

Similar Messages

• 10.9.2 machines having issues connecting to open directory

  So i've set up a new mac mini with 10.9.2 and the most recent Server App.  I managed to bind a 10.8.5 macbook air 11" and have had no issues, but when I started testing on the new machines (brand new iMac 27") with 10.9.2 im having issues, tested on my machine running 10.9.2 and another 10.8.5 machine to replicate,  only the 10.9 machines are having issues.  This is what im seeing in the console when i try to log in (names changed for security)
  4/16/14 7:29:08.266 PM SecurityAgent[1568]: User info context values set for new.user
  4/16/14 7:29:08.337 PM opendirectoryd[22]: GSSAPI Error:  Miscellaneous failure (see text (Server (krbtgt/[email protected]) unknown (negative cache))
  4/16/14 7:29:08.338 PM authorizationhost[1622]: Failed to authenticate user <new.user> (error: 9).
  ive done a permissons check, this mac mini is only running profile manager and open directory, no other services...
  Please Help!

  Many, if not most, Open Directory problems can be resolved by taking the following steps. Test after each one, and back up all data before making any changes.
  1. The OD master must have a static IP address on the local network, not a dynamic address.
  2. You must have a working DNS service, and the master's hostname must match its fully-qualified domain name. To confirm, select the server by name in the sidebar of the Server application window, then select the Overview tab. Click the Edit button on the Host Name line. On the Accessing your Server sheet, Domain Name should be selected. On the Accessing your Server sheet, change the Host Name, if necessary. The server must have at least a three-level name (e.g. "server.yourdomain.com"), and the name must not be in the ".local" top-level domain, which is reserved for Bonjour.
  3. The primary DNS server used by the master must be 127.0.0.1 (that is, itself) unless you're using another server for internal DNS. The only DNS server set on the clients should be the internal one, which they should get from DHCP if applicable.
  4. Follow these instructions to rebuild the Kerberos configuration on the master.
  5. If you use authenticated binding, check the validity of the master's certificate. The common name must match the hostname and domain name. Deselecting and then reselecting the certificate in Server.app has been reported to have an effect in some cases.
  6. Unbind and then rebind the clients in the Users & Groups preference pane. Use the fully-qualified domain name of the master.
  7. Reboot the master and the clients.
  8. Don't log in to the server with a network user's account.
  9. Export all OD users, delete them, turn off OD, turn it back on, and import. Ensure that the UID's are in the 1001+ range.

• How can I get authentication and authorization through OS X open directory with the Sun ZFS STOR ZS3-2

  how can I get authentication and authorization through OS X open directory with the Sun ZFS STOR ZS3-2
  I have configure NFS, I need help configuring the share that I created in the Sun ZFS STOR ZS3-2 to connect with the OS X Open Directory

  Hi,
      You may  try checking the help page for ldap configuration :
  https://<Appliance_IP>:215/wiki/index.php/Configuration:Services:LDAP
  ZFS Storage supports LDAP, NIS, AD as directory service.
  Hope Open Directory is also based on LDAP and may work in similar fashion.
  Thanks
  Nitin

• Is there a way to have the address panel open automatically when opening Mail in Mavericks?

  Before upgrading to Mavericks, Mail panels such as the Address Panel would open if they were open last time quit the program. Now I can't see a way to have this happen. I have to manually open these.

  You can add the Address Panel to the toolbar for easy access. Personally, I just start typying and let Autofill enter the email address I want.

• ICal and CalDAV: Added items in sunbird do not appear in iCal

  Hello,
  I hope the question fits the forum and has not yet been answered. Sorry if it is the case. Anyway, here is my problem. I have this CalDAV account that I want to use both on my mac using iCal and at the office using sunbird (computer on linux).
  This works perfectly well when I create or delete events in ical, i.e. the changes are reflected in sunbird. However, for some reason I don't understand, when I create, modify or delete an event in sunbird, this is not updated when I launch iCal. It seems that iCal does not update itself.
  Has anyone ever experienced this ? Any help on this would be great. Thanks a lot.

  Hi
  I indeed checked and I've set it to update every 1 minutes. I even update it by hand and the new events added in sunbird do not show up. So I don't know, may be the events added under sunbird are not exactly in the same format as the ones added by iCal and that would be why iCal don't add them...
  If anyone has any idea of why it's not appearing I am interested. Thanks for the help

• Ical and caldav password

  I changed my google password and now the calendar tells me my caldav password is incorrect, i've changed it a hundred times and it won't accept it.

  Open Keychain Access in Utilities, use Keychain First Aid under the Window Menu item, then either check the Password under that item, change it, or delete it and start over.
  Then See if this helps...
  Mac OS X 10.4 Help, I forgot a password in my Keychain
  http://docs.info.apple.com/article.html?path=Mac/10.4/en/mh1960.html
  Resetting your keychain in Mac OS X...
  If Keychain First Aid finds an issue that it cannot repair, or if you do not know your keychain password, you may need to reset your keychain.
  http://support.apple.com/kb/TS1544

• HT201358 Can ARD3 work with the Active Directory setup on a Windows machine and without the need of Open Directory

  We need the 'Golden Triangle' setup to work with ARD3 running on a Mac server with client Mac details retrieved from a Windows Active Directory. In this system, the ARD3 will be used to install packages from a Mac OS X server, where the client Mac list is gathered directly from a Windows Active Directory, which is already in place.
  So, please guide me whether Apple Remote Desktop 3 is capable of getting client machine details from an Active Directory without the need of re-creating the client Mac list in the Mac server running ARD3.
  If ARD3 can not be used in this case, do you recommend any other tools that can resolve our issue.
  Thank you in advance.
  Sudheesh.

  ARD cannot directly obtain client information from Active Directory, no. It may be possible to create a script that would get such information and be able to put it into ARD, but I wouldn't begin to know how to write such a script. You may also be able to bind your OS X Server to ARD and create groups there. This article is obsolete for 10.6 or later but may provide some clues as to how to proceed:
  http://support.apple.com/kb/TA24276
  There are a number of third-party systems that can manage Macs that may be able to draw information from AD, such as Casper, LANDesk, and others. Which if any would meet your needs depends on many factors including how many devices you need to manage, whether you're looking for a cross-platform tool, your budget, etc. This is a difficult issue to address in a forum like this since there are so many variables to be considered.
  Regards.

• ICal and iCloud issues on new BT ISP

  My iCloud and iCal Calanders were working fine until last week when I switched to a new broadband provider (BT or British Telecom) and a new router supplied by them.
  Now I find a small warning triangle in iCal next to my calendar name, clicking on it reveals an error message saying "The request for account "ICloud" failed. I have signed out of iCloud but I am now unable to sign back in, a message appears saying "you can't sign in at this time, try again".
  iCloud syncing has failed on my iphone 3, MBP and my iMac.
  I'm guessing this has something to do with my new WiFi set up or being on a new server with my new ISP. Unfortunately I do not know where to start to resolve this issue. Any advice?
  I'm using Mavericks (10.9.5) on the iMac and 10.8.5 on the MBP. Help! this is affecting my work.

  I forgot about the home/sleep button hold-down option.  Worth a try.  --But it didn't work for this problem.
  Still have the green app saying there are 26 (already read) messages waiting.
  Any other ideas?
  (and thanks so much for the quick replies!!)

• XenApp 6.5 and Acrobat issue: "Unable to open the document".

  We are using XenApp 6.5 with a published desktop Windows 7 x64. If we open Acrobat Pro 10.1.5 and Create PDF we get an error "Unable to open the document". If we do the same action directly on the XenApp server then it works as expected. The Word doc in question was created by the test user and is located on their Home drive area so the permissions are correct. If i try to save the Word doc as PDF it works fine directly and indirectly.
  There seems to be lots of people asking similar questions here:
  http://forums.adobe.com/message/4275334
  Thanks
  Gary

  From the link below:
  http://www.adobe.com/devnet-docs/acrobatetk/tools/AdminGuide/citrix.html
  what does: Deploy enterprise files to the product’s directories (rather than per-user directories) so they are available to all users mean in practice...?

• I had a problem with firefox not showing up when I tried to open it. So I uninstalled it and reinstalled. After reinstallation my computer tells me the file is corrupt and I still can't open it. Other browsers work fine.

  Mozilla Firefox has worked fine for several years. Beginning two days ago I would click on the desktop icon, I would see the little whirling circle for about 1 second and then nothing would happen. Later when I shut down the computer, suddenly I would see the mozilla firefox page come up for an instant and then shut down. The computer was telling me that it was open, but I couldn't see the home page or use it. Then I decided to try uninstalling it and reinstalling. The uninstall went fine. But after downloading the latest version, which my antivirus program told me was safe, the computer refused to install the executable program, telling me it was corrupt. I have already lost all my bookmarks, etc. It looks like my only solution is to use another browser. However I really prefer Mozilla. Any suggestions?

  Do a clean (re)install and delete the Firefox program folder (C:\Program Files\Mozilla Firefox\).
  Download a fresh Firefox copy and save the file to the desktop.
  *Firefox 10.0.x: http://www.mozilla.org/en-US/firefox/all.html
  Uninstall your current Firefox version, if possible.
  *Do NOT remove personal data when you uninstall the current version or you lose your bookmarks and other data because all profile folders will be removed.
  Remove the Firefox program folder before installing that newly downloaded copy of the Firefox installer.
  *It is important to delete the Firefox program folder to remove all the files and make sure that there are no problems with files that were leftover after uninstalling.
  *http://kb.mozillazine.org/Uninstalling_Firefox
  Your bookmarks and other profile data are stored elsewhere in the Firefox Profile Folder and won't be affected by a reinstall, but make sure that you do not select to remove personal data if you uninstall Firefox.
  *http://kb.mozillazine.org/Profile_folder_-_Firefox
  *http://kb.mozillazine.org/Profile_backup
  *http://kb.mozillazine.org/Standard_diagnostic_-_Firefox#Clean_reinstall

• I recently upgraded to snow leopard and now every time i open iCal i get multiple events to update in iCal

  I recently upgraded to snow leopard and now every time i open iCal i get multiple events to update in iCal.  Except I don't know where these are coming from or why.   I've check iCal preferences and Help - can't find a way to stop this from happening automatically.  Any Clues?  Also, some of the events are already on my calendar and have been for quite some time.

  Greetings,
  What do you mean by "events to update"?  Do you mean invites to new events or changes to existing invites?
  Troubleshooting:
  1. Your profile indicates you are running 10.6.7, 10.6.8 is the current version Apple > Software update.
  2. First make an iCal backup:  Click on each calendar on the left hand side of iCal 1 at a time highlighting it's name and then going to File Export > Export and saving the resulting calendar file to a logical location for safekeeping.
  3. Remove the following to the trash and restart your computer:
  Home > Library > Caches > com.apple.ical
  Home > Library > Calendars > Calendar Cache, Cache, Cache 1, 2, 3, etc. (Do not remove Sync Cache or Theme Cache if present)
  Home > Library > Preferences > com.apple.ical (There may be more than one of these. Remove them all.)
  ---NOTE: Removing these files may remove any shared (CalDAV) calendars you may have access to. You will have to re-add those calendars to iCal > Preferences > Accounts.
  3. Launch iCal and test.
  Hope that helps!

• Exception in servermgr_accounts when creating open directory master...

  Just to give you some background, I'm new to Mac Os X Server. And I'm trying to get a mail/ical/web-server with "open directory" setup. The server is placed in a remote location, behind a NAT-firewall.
  I thought I hade everything setup, took a while to figure out the DNS-configs. But I managed to get everything working, and apply the server through a NetworkAccountServer on a client.
  When I wanted to setup some e-mail aliases for my e-mail accounts, I remembered I hade seen that in "Server Preferences".
  But when opening "Server Preferences" i got the following message:
  "Multiple errors occurred on the server while processing commands. Use the Console application to view the error messages.", I could access everything accept Users and Groups, when clicking these it tried to create a new open directory.
  The Console App shows this Message:
  2/4/11 1:15:31 AM servermgrd[3725] servermgr_accounts: noteDirectoryNodeAdded (reopening nodes)
  2/4/11 1:15:31 AM servermgrd[3725] * Terminating app due to uncaught exception 'NSUnknownKeyException', reason: '[<NSCFDictionary 0x102021680> valueForUndefinedKey:]: this class is not key value coding-compliant for the key VR.'
  * Call stack at first throw:
  0 CoreFoundation 0x00007fff878fc7b4 __exceptionPreprocess + 180
  1 libobjc.A.dylib 0x00007fff890ce0f3 objcexceptionthrow + 45
  2 CoreFoundation 0x00007fff87954969 -[NSException raise] + 9
  3 Foundation 0x00007fff87e61c92 -[NSObject(NSKeyValueCoding) valueForUndefinedKey:] + 245
  4 Foundation 0x00007fff87d915a8 -[NSObject(NSKeyValueCoding) valueForKey:] + 420
  5 Foundation 0x00007fff87d8d0f6 -[NSDictionary(NSKeyValueCoding) valueForKey:] + 173
  6 servermgr_accounts 0x00000001005799c1 scDynamicStoreNotificationCallback + 25876
  7 servermgr_accounts 0x0000000100579948 scDynamicStoreNotificationCallback + 25755
  8 servermgr_accounts 0x0000000100577648 scDynamicStoreNotificationCallback + 16795
  9 servermgr_accounts 0x0000000100573521 scDynamicStoreNotificationCallback + 116
  10 SystemConfiguration 0x00007fff82273dad rlsPerform + 115
  11 CoreFoundation 0x00007fff87899401 __CFRunLoopDoSources0 + 1361
  12 CoreFoundation 0x00007fff878975f9 __CFRunLoopRun + 873
  13 CoreFoundation 0x00007fff87896dbf CFRunLoopRunSpecific + 575
  14 Foundation 0x00007fff87dc08e4 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 270
  15 Foundation 0x00007fff87dc07c3 -[NSRunLoop(NSRunLoop) run] + 77
  16 servermgrd 0x0000000100003f13 0x0 + 4294983443
  17 servermgrd 0x0000000100001388 0x0 + 4294972296
  18 ??? 0x0000000000000002 0x0 + 2
  2/4/11 1:15:31 AM com.apple.launchd[1] (com.apple.servermgrd[3725]) Job appears to have crashed: Abort trap
  2/4/11 1:15:31 AM com.apple.ReportCrash.Root[3831] 2011-02-04 01:15:31.997 ReportCrash[3831:2a03] Saved crash report for servermgrd[3725] version ??? (???) to /Library/Logs/DiagnosticReports/servermgrd2011-02-04-011531localhost.crash
  2/4/11 1:15:32 AM edu.mit.Kerberos.kadmind[3848] kadmind: starting...
  2/4/11 1:15:33 AM Server Admin[1931] Error '-1' when applying directory role change
  2/4/11 1:15:34 AM com.apple.launchd[1] (edu.mit.Kerberos.kadmind[3848]) Exited with exit code: 2
  2/4/11 1:15:34 AM com.apple.launchd[1] (edu.mit.Kerberos.kadmind) Throttling respawn: Will start in 9 seconds
  2/4/11 1:15:34 AM com.apple.launchd[1] (edu.mit.Kerberos.krb5kdc) Throttling respawn: Will start in 9 seconds
  2/4/11 1:15:43 AM edu.mit.Kerberos.kadmind[3951] kadmind: starting...
  2/4/11 1:15:51 AM com.apple.launchd[1] (com.apple.suhelperd[4009]) Exited with exit code: 2
  I tried reseting the "Open Directory Service" in "Server Admin", by setting it to "standalone directory".
  It did stop the "Open directory", but the console was again showing the message above.
  With the server in stand-alone mode, I could access "Server Preferences" again, but as soon as I create an "Open Directory again", it fails with the above error, and I cant access the Open Directory from Server Preferences.
  To summarize, the message shows when:
  1. Creating an Open Directory Master.
  2. Removing a Open Directory Master.
  3. Entering Server Preferences with Open Directory Master running.
  A wierd thing is that the "Open directory" seems to be fine. I can manage it in "Workgroup manager", login to webmail, calenders, VPN etc. I just can't manage it from "Server Preferences".
  I did make som misstakes in the beginning (primarly not setting a proper host-name before creating the first "Open Directory", and also having a local-user with the same short-name as a user in the "Open Directory") But that should all solved now.
  Any Idea's on what could be wrong?
  Where else can I set e-mail aliases for my "Open Directory" users? Is it possible for them to administer aliases themselves?
  Thanks in advance!
  PS. Anyone have any tips on mail-forwarding to multiple external accounts? Do I really need to edit this manually in /etc/postfix/aliases? Is there anyway I can let my users administer forwarding?

  If anyone else has similar issues, I didn't find a solution. Re-installed the server from scratch...

• Authentication Delays / Slow Authentication for Open Directory Users

  I'm experiencing delays when authenticating Open Directory users and it absolutely has me at my wit's end.
  The problem is quite simple: any time an Open Directory user authenticates his password there is a delay of at least 5-10 seconds. This goes for clients that are bound to the directory server and also authenticating locally on the server. Here are some examples:
  * On the server, there is a several second delay on the Login Window screen when trying to log in using an Open Directory account. Logging in as a local user is instantaneous.
  * In Workgroup manager, authenticating as the Directory Administrator takes several seconds.
  * On a remote computer, sharing the screen using an Open Directory user take several seconds and again, a local user is instantaneous. Screen sharing takes particularly long and often temporarily shows a sheet saying it has lost the connection with the server while authenticating.
  * Connecting with AFP takes several seconds when using an Open Directory login
  * On a client computer, unlocking the screen after sleep or screen saver takes several seconds for Open Directory users
  * Connecting with SSH does NOT exhibit the behavior
  In addition to all of this, I've seen periodic random unexplainable freezes for several seconds on client computers that are bound to the directory even when logged in as a local user account (and with no other users logged in.) For example, launching applications often results in a freeze. After unbinding the computer from the directory the problem goes away entirely.
  The history of the problem:
  Used Tiger Server for over a year = no problems
  Clean install of Leopard Server 10.5.0 back in October = no problems
  Update to Leopard Server 10.5.1 = no problems
  Then, all of the sudden one day several weeks back I started having problems. The server had been up for a few weeks. I didn't install any updates. I didn't change any configuration. Literally the only thing that I had done recently was unplug the Apple Cinema Display and keyboard+mouse that was connected to the server. Then I started having problems so I plugged the display, keyboard and mouse back in to troubleshoot it. I cleared the directory services caches on my server and clients and rebooted the Airport Base Station that's serving as my router and eventually the problem went away. I wish I could tell you which of those things resolved the problem but I have no idea. It was fine for a couple more weeks (and incidentally I once again unplugged the display, keyboard and mouse from the server). Then last week I started having problems again and this time no amount of rebooting, cache clearing, rebinding, troubleshooting using information in these forums or anything else will fix the problem. I only mention the display/keyboard/mouse thing because it's literally the only thing I changed around the time the problems started happening. I truly don't think it has anything to do with it.
  So in desperation I backed up and did a clean install today. Here's the process I used:
  0. Erase the disk
  1. Install Leopard Server 10.5.0 from the install DVD
  2. In the setup assistant, use the Advanced Configuration option but I didn't enable any services. Set up network settings and host name of myserver.mydomain.private.
  3. Reboot
  4. Use Software Update to update to 10.5.1 and Security Update 2007-009 v1.1
  5. Reboot
  6. Configure DNS (see below for detailed configuration)
  7. Reboot
  8. Change role to Open Directory Master
  9. Reboot
  ... and the problem is still there. Simply logging into the server GUI with the Directory Administrator account has the delay. Authenticating in Workgroup Manager has the delay. I haven't even bothered to set up AFP or any other users yet. I'm truly at my wit's end and I'm ready to chuck the server out the window.
  I've done a lot of googling and searching of these forums looking for answers. All of the responses seem to point to a problem with DNS or with the Kerberos realm. I believe all of my setup is correct. Here it is:
  == Basic Configuration ==
  OS: Mac OS X Server 10.5.1 (9B18) with Security Update 2007-009 v.1.1
  Services Enabled:
  DNS
  Open Directory
  (All other services are not yet enabled)
  == DNS Setup ==
  Primary Zone: mydomain.private.
  Allows zone transfer: no
  Nameservers: ns.mydomain.private.
  myserver (Machine) 10.0.22.201
  ns (Alias) myserver.mydomain.private.
  Reverse Zone: 22.0.10.in-addr.arpa.
  10.0.22.201 (Reverse Mapping) myserver.mydomain.private.
  Accept recursive queries from the following networks:
  localnets
  Forwarder IP Addresses:
  208.67.222.222
  208.67.220.220
  == Open Directory Setup ==
  Role: Open Directory Master
  LDAP Search Base: dc=myserver,dc=mydomain,dc=private
  Kerberos Realm: myserver.mydomain.private
  == Network Configuration ==
  Configure: Manually
  IP Address: 10.0.22.201
  Subnet Mask: 255.255.255.0
  Router: 10.0.22.1
  DNS Server: 127.0.0.1
  Search Domains: mydomain.private
  == Other Stuff ==
  Using 'changeip -checkhostname' verifies that the hostname and DNS hostname are both myserver.mydomain.private.
  I set the realm to myserver.mydomain.private (though the default was myserver.local) based on the advice of another poster to this forum. Kerberos.app reveals something interesting: the kdc and admin servers are both myserver.local and the domains are .local and local. I tried changing all instances of 'local' to 'mydomain.private' to see if that would solve the problem. No luck.
  I verified on a client that 'host myserver' and 'host 10.0.22.201' return proper DNS and reverse DNS resolutions.
  Hopefully one of the gurus out there will be able to help me out.
  Thanks,
  jeff

  I gathered together some log information for when I try to authenticate user 'diradmin' in Workgroup Manager. You can see from the log messages that this authentication took 4 seconds. There's an interesting error message in slapd.log (see below) but it doesn't say what it's looking for in the keytab that it's not finding. Grr! I've provided a listing of the principles in my keytab. I haven't monkeyed around with it at all -- this is just what resulted from promoting the server to an Open Directory Master.
  == kdc.log ==
  Dec 30 18:21:48 myserver.mydomain.private krb5kdc[79](debug): handling authdata
  Dec 30 18:21:48 myserver.mydomain.private krb5kdc[79](debug): handling authdata
  Dec 30 18:21:48 myserver.mydomain.private krb5kdc[79](debug): .. .. ok
  Dec 30 18:21:48 myserver.mydomain.private krb5kdc[79](debug): .. .. ok
  Dec 30 18:21:48 myserver.mydomain.private krb5kdc[79](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) fe80::216:cbff:fea5:f3ce: ISSUE: authtime 1199060508, etypes {rep=16 tkt=16 ses=16}, [email protected] for krbtgt/[email protected]
  Dec 30 18:21:48 myserver.mydomain.private krb5kdc[79](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) fe80::216:cbff:fea5:f3ce: ISSUE: authtime 1199060508, etypes {rep=16 tkt=16 ses=16}, [email protected] for krbtgt/[email protected]
  Dec 30 18:21:52 myserver.mydomain.private krb5kdc[79](info): TGS_REQ (7 etypes {18 17 16 23 1 3 2}) fe80::216:cbff:fea5:f3ce: ISSUE: authtime 1199060508, etypes {rep=16 tkt=16 ses=16}, [email protected] for ldap/[email protected]
  Dec 30 18:21:52 myserver.mydomain.private krb5kdc[79](info): TGS_REQ (7 etypes {18 17 16 23 1 3 2}) fe80::216:cbff:fea5:f3ce: ISSUE: authtime 1199060508, etypes {rep=16 tkt=16 ses=16}, [email protected] for ldap/[email protected]
  == slapd.log ==
  Dec 30 18:21:48 myserver slapd[36]: <= bdbsubstringcandidates: (authAuthority) index_param failed (18)
  Dec 30 18:21:52 myserver slapd[36]: SASL [conn=20] Failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No principal in keytab matches desired name)
  == sudo klist -k ==
  Keytab name: FILE:/etc/krb5.keytab
  KVNO Principal
  3 afpserver/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4 D0DDB570D64ED88C5D06A78A34B7167C
  3 afpserver/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4 D0DDB570D64ED88C5D06A78A34B7167C
  3 afpserver/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4 D0DDB570D64ED88C5D06A78A34B7167C
  3 cifs/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4D0DDB 570D64ED88C5D06A78A34B7167C
  3 cifs/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4D0DDB 570D64ED88C5D06A78A34B7167C
  3 cifs/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4D0DDB 570D64ED88C5D06A78A34B7167C
  3 vnc/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4D0DDB5 70D64ED88C5D06A78A34B7167C
  3 vnc/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4D0DDB5 70D64ED88C5D06A78A34B7167C
  3 vnc/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4D0DDB5 70D64ED88C5D06A78A34B7167C
  3 cifs/[email protected]
  3 cifs/[email protected]
  3 cifs/[email protected]
  3 ldap/[email protected]
  3 ldap/[email protected]
  3 ldap/[email protected]
  3 xgrid/[email protected]
  3 xgrid/[email protected]
  3 xgrid/[email protected]
  3 vpn/[email protected]
  3 vpn/[email protected]
  3 vpn/[email protected]
  3 ipp/[email protected]
  3 ipp/[email protected]
  3 ipp/[email protected]
  3 xmpp/[email protected]
  3 xmpp/[email protected]
  3 xmpp/[email protected]
  3 XMPP/[email protected]
  3 XMPP/[email protected]
  3 XMPP/[email protected]
  3 host/[email protected]
  3 host/[email protected]
  3 host/[email protected]
  3 smtp/[email protected]
  3 smtp/[email protected]
  3 smtp/[email protected]
  3 nfs/[email protected]
  3 nfs/[email protected]
  3 nfs/[email protected]
  3 http/[email protected]
  3 http/[email protected]
  3 http/[email protected]
  3 HTTP/[email protected]
  3 HTTP/[email protected]
  3 HTTP/[email protected]
  3 pop/[email protected]
  3 pop/[email protected]
  3 pop/[email protected]
  3 imap/[email protected]
  3 imap/[email protected]
  3 imap/[email protected]
  3 ftp/[email protected]
  3 ftp/[email protected]
  3 ftp/[email protected]
  3 afpserver/[email protected]
  3 afpserver/[email protected]
  3 afpserver/[email protected]

• Open Directory conection for Client inconsistant

  Hi,
  Been working setting up several labs during the summer and have come across a new problem.  When joining the computers to Open Directory the comptuers connect to the Replica and are added to the Open Directory list.  However, at the login screen the signal for the status of the directory connection keeps changing from Green to Yellow and never activates my preferences for the computer. 
  Anybody run into this before or have seen a solution to this?  Have tried to connect to other replicas as well as the master and have run into the same issue.
  Thanks!

  Ok, I got it.
  But what if I want the OD user to have some configuration data on the local client?
  Let me explain that a bit better. The configuration I would like for my network and users is as follows: the server works only as an authentication server, I do not want roaming profiles or homes directory on the server; I just want the server to authenticate users when they log in to several client machines amongst the lan.
  For documents sharing, in fact, I much rather prefer using Dropbox, which allows my users to share on a WAN-instead-of-LAN basis.
  But a home local directory is needed for OD users to keep libraries, preferences files and so on.
  Back to the old Windows server (PDC) time, I used the server as a name server authentication only, still the client created a local profile for the user of the server.
  Does OD works this way too or am I missing something?
  Thank you.

• Reconfigure Open Directory in Yosemite Server

  Is it possible to delete and reconfigure Open Directory in Yosemite server?
  The host name and configuration were modified after Open Directory was activated and I get the message "Unable to load replica list" in the Settings Tab of Open Directory on the Server App (Server 4.0.3 (Build 14S350)). I think the best way would be to start over the automatic configuration.

  Many Open Directory problems can be resolved by taking the following steps. Test after each one, and back up all data before making any changes.
  1. The OD master must have a static IP address on the local network, not a dynamic address. It must not be connected to the same network with more than one interface; e.g., Ethernet and Wi-Fi.
  2. You must have a working DNS service, and the server's hostname must match its fully-qualified domain name. To confirm, select the server by name in the sidebar of the Server application window, then select the Overview tab. Click the Edit button on the Host Name line. On the Accessing your Server sheet, Domain Name should be selected. Change the Host Name, if necessary. The server must have at least a three-level name (e.g. "server.yourdomain.com"), and the name must not be in the ".local" top-level domain, which is reserved for Bonjour.
  3. The primary DNS server used by the server must be itself, unless you're using another server for internal DNS. The only DNS server set on the clients should be the internal one, which they should get from DHCP if applicable.
  4. Only if you're still running Mavericks server, follow these instructions to rebuild the Kerberos configuration on the server.
  5. If you use authenticated binding, check the validity of the master's certificate. The common name must match the hostname and domain name. Deselecting and then reselecting the certificate in Server.app has been reported to have an effect in some cases. Otherwise delete all certificates and create new ones.
  6. Unbind and then rebind the clients in the Users & Groups preference pane. Use the fully-qualified domain name of the master.
  7. Reboot the master and the clients.
  8. Don't log in to the server with a network user's account.
  9. Disable any internal firewalls in use, including third-party "security" software.
  10. If you've created any replica servers, delete them.
  11. If OD has only recently stopped working when it was working before, you may be able to restore it from the automatic backup in /var/db/backups, or from a Time Machine snapshot of that backup.
  12. As a last resort, export all OD users. In the Open Directory pane of Server, delete the OD server. Then recreate it and import the users. Ensure that the UID's are in the 1001+ range.
  If you get this far without solving the problem, then you'll need to examine the logs in the Open Directory section of the log list in the Server app, and also the system log on the clients.