Open directory fail

cannot change any parameter on open directory
and cannot create a new user.
an unexpected error of type 14120 occurred, all other settings where saved

Hi
If you browse the discussion forum you should find this:
http://discussions.apple.com/thread.jspa?threadID=1251475&tstart=0
Basically browsing using the Finder or Side Panel does not work well or breaks easily (as far as I can tell it has been like this since 10.2). In an OD environment trying to connect and getting a ticket using that method will probably fail. The workaround - or the 'fix' - is to use 'Connect to Server' from the Go Menu using the Server's IP address. In my experience it does not seem to matter whether AFP is set to Kerberos, Any or Standard for the authentication method. It also does not seem to matter whether the Server is configured in Standard or Advanced.
I've not come across anything yet regarding Workgroup. Probably in that configuration it may not be an issue as this mode - as far as I can see - is ideal for AD-OD integration. In that environment OSX Server would not be the KDC and mac clients will be using the AD for SSO.
Since this has been happening since 10.2 I don't see Apple addressing this anytime soon, however you never know?
Tony

Similar Messages

  • Open directory fails upon set up

    Hi my name is Alan and I'm using a 2012 mac mini running 10.9.2. I was having problems with my open directory service so i made an archive of the master then deleted and tried to restore it. When I try to restore it or create a new open directory master I receive an error stating my server was successfully configured as a directory server, but an error occured. I have tried restarting server and rebooting the device to fix the issue with no luck. I have other services that are working like time machine and caching. Any thoughts? Thanks.

    Hi Alan , same conf as you , and curiously same issue. Can't figure how get this to work , any thoughts of what do they found in logs.
    Here I do  as root
    # slapconfig -destroylapdserver
    Then I remove /var/db/openldap
    But just it seems that I added a bunch of newnproblems to the one that I already have.
    # changeip -checkhostname stats no issues since he got's a primary address and current hotname equals DNS hostname which is by the way my FQDN so names match and dirserv:success = "success"
    But if we fire this one
    penelope:~ root# serveradmin fullstatus dirserv
    dirserv:logPaths:opendirectorydLog = "/var/log/opendirectoryd.log"
    dirserv:logPaths:ldapLog = "/var/log/slapd.log"
    dirserv:logPaths:passwordServiceServerLog = "/Library/Logs/PasswordService/ApplePasswordServer.Server.log"
    dirserv:logPaths:passwordServiceErrorLog = "/Library/Logs/PasswordService/ApplePasswordServer.Error.log"
    dirserv:logPaths:kdcLog = "/var/log/krb5kdc/kdc.log"
    dirserv:logPaths:slapconfigLog = "/Library/Logs/slapconfig.log"
    dirserv:LDAPServerType = "standalone"
    dirserv:state = "STOPPED"
    dirserv:readWriteSettingsVersion = 1
    Then try manual start up from the terminal
    penelope:~ root# serveradmin start dirserv
    2014-05-01 18:55:28.221 serveradmin[53764:507] servermgr_dirserv: received request to start the Directory Server
    2014-05-01 18:55:28.236 serveradmin[53764:507] servermgr_dirserv: an error occurred when starting the Directory Server: Directory Server is not configured - nothing to start
    dirserv:error = "Directory Server is not configured - nothing to start"
    penelope:~ root#
    uh oh ??
    What was logged in /var/log/slapd.log ?
    May  1 19:00:33 penelope.alliancejr.eu slapd[53941]: @(#) $OpenLDAP: slapd 2.4.28 (Nov 12 2013 12:02:47) $
                        [email protected]:/private/var/tmp/OpenLDAP/OpenLDAP-491.1~1/servers/slapd
    May  1 19:00:33 penelope.alliancejr.eu slapd[53941]: daemon: SLAP_SOCK_INIT: dtblsize=8192
    May  1 19:00:33 penelope.alliancejr.eu slapd[53941]: /etc/openldap/slapd_macosxserver.conf: line 229: invalid path: No such file or directory
    May  1 19:00:33 penelope.alliancejr.eu slapd[53941]: slapd stopped.
    So what is this line tells us ?
    227 # The database directory MUST exist prior to running slapd AND
    228 # should only be accessible by the slapd/tools. Mode 700 recommended.
    229 directory       "/var/db/openldap/openldap-data"
    So I guess I will Time MAchine this directory at once and see if it's do the trick
    Get back right after retoring the missing directory ... Get almost a bit farther but ...
    May  1 19:11:50 penelope.alliancejr.eu slapd[54425]: main: Enabling TLS failed; continuing with TLS disabled.
    May  1 19:11:51 penelope.alliancejr.eu slapd[54425]: bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
    May  1 19:11:52 penelope.alliancejr.eu slapd[54425]: slapd starting
    May  1 19:11:52 penelope.alliancejr.eu slapd[54425]: daemon: posting com.apple.slapd.startup notification
    May  1 19:12:04 penelope.alliancejr.eu slapd[54425]: daemon: shutdown requested and initiated.
    May  1 19:12:04 penelope.alliancejr.eu slapd[54425]: slapd shutdown: waiting for 4 operations/tasks to finish
    May  1 19:12:05 penelope.alliancejr.eu slapd[54425]: daemon: posting daemon shutdown notification.
    May  1 19:12:10 penelope.alliancejr.eu slapd[54425]: slapd stopped.
    May  1 19:12:11 penelope.alliancejr.eu slapd[54436]: @(#) $OpenLDAP: slapd 2.4.28 (Nov 12 2013 12:02:47) $
                        [email protected]:/private/var/tmp/OpenLDAP/OpenLDAP-491.1~1/servers/slapd
    May  1 19:12:11 penelope.alliancejr.eu slapd[54436]: daemon: SLAP_SOCK_INIT: dtblsize=8192
    May  1 19:12:11 penelope.alliancejr.eu slapd[54436]: main: Enabling TLS failed; continuing with TLS disabled.
    May  1 19:12:11 penelope.alliancejr.eu slapd[54436]: bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
    May  1 19:12:11 penelope.alliancejr.eu slapd[54436]: slapd starting
    May  1 19:12:11 penelope.alliancejr.eu slapd[54436]: daemon: posting com.apple.slapd.startup notification
    May  1 19:12:14 penelope.alliancejr.eu slapd[54436]: daemon: shutdown requested and initiated.
    May  1 19:12:14 penelope.alliancejr.eu slapd[54436]: slapd shutdown: waiting for 0 operations/tasks to finish
    May  1 19:12:14 penelope.alliancejr.eu slapd[54436]: daemon: posting daemon shutdown notification.
    May  1 19:12:17 penelope.alliancejr.eu slapd[54436]: slapd stopped.
    May  1 19:12:17 penelope.alliancejr.eu slapd[54455]: @(#) $OpenLDAP: slapd 2.4.28 (Nov 12 2013 12:02:47) $
                        [email protected]:/private/var/tmp/OpenLDAP/OpenLDAP-491.1~1/servers/slapd
    May  1 19:12:17 penelope.alliancejr.eu slapd[54455]: daemon: SLAP_SOCK_INIT: dtblsize=8192
    May  1 19:12:17 penelope.alliancejr.eu slapd[54455]: main: Enabling TLS failed; continuing with TLS disabled.
    May  1 19:12:17 penelope.alliancejr.eu slapd[54455]: bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
    May  1 19:12:17 penelope.alliancejr.eu slapd[54455]: slapd starting
    May  1 19:12:17 penelope.alliancejr.eu slapd[54455]: daemon: posting com.apple.slapd.startup notification
    May  1 19:12:18 penelope.alliancejr.eu slapd[54455]: odusers_copy_primarymasterip: Could not locate apple-password-server-location attribute
    May  1 19:12:18 penelope.alliancejr.eu slapd[54455]: odusers_add_aa: could not locate Primary Master's IP address; trying System Configuration
    May  1 19:12:20 penelope.alliancejr.eu slapd[54455]: odusers_response: processing response to add of uid=diradmin,cn=users,dc=penelope,dc=alliancejr,dc=eu
    May  1 19:12:20 penelope.alliancejr.eu slapd[54455]: odusers_response: entryUUID 80ec9b6c-dcf6-4d9c-977c-079ec4727a0b
    May  1 19:12:20 penelope.alliancejr.eu slapd[54455]: odusers_response: Found uuid: c01067c2-d153-11e3-bd19-406c8f0281a2
    May  1 19:12:20 penelope.alliancejr.eu slapd[54455]: passwd_extop: (null) changed password for uid=diradmin,cn=users,dc=penelope,dc=alliancejr,dc=eu
    May  1 19:12:20 penelope.alliancejr.eu slapd[54455]: => bdb_idl_insert_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
    May  1 19:12:20 penelope.alliancejr.eu slapd[54455]: conn=1003 op=8: attribute "entryCSN" index add failure
    May  1 19:12:20 penelope.alliancejr.eu slapd[54455]: odusers_copy_primarymasterip: Could not locate apple-password-server-location attribute
    May  1 19:12:20 penelope.alliancejr.eu slapd[54455]: odusers_add_aa: could not locate Primary Master's IP address; trying System Configuration
    May  1 19:12:21 penelope.alliancejr.eu slapd[54455]: odusers_response: processing response to add of cn=penelope.alliancejr.eu$,cn=computers,dc=penelope,dc=alliancejr,dc=eu
    May  1 19:12:21 penelope.alliancejr.eu slapd[54455]: odusers_response: entryUUID 49fbd148-ca73-4d0d-9772-ae20a5f0de6a
    May  1 19:12:21 penelope.alliancejr.eu slapd[54455]: odusers_response: Found uuid: c16239f2-d153-11e3-bd19-406c8f0281a2
    May  1 19:12:21 penelope.alliancejr.eu slapd[54455]: passwd_extop: (null) changed password for cn=penelope.alliancejr.eu$,cn=computers,dc=penelope,dc=alliancejr,dc=eu
    May  1 19:12:21 penelope.alliancejr.eu slapd[54455]: conn=1004 op=0 do_extended: unsupported operation "1.3.6.1.4.1.1466.20037"
    May  1 19:12:23 penelope.alliancejr.eu slapd[54455]: daemon: shutdown requested and initiated.
    May  1 19:12:23 penelope.alliancejr.eu slapd[54455]: slapd shutdown: waiting for 0 operations/tasks to finish
    May  1 19:12:23 penelope.alliancejr.eu slapd[54455]: daemon: posting daemon shutdown notification.
    May  1 19:12:27 penelope.alliancejr.eu slapd[54455]: slapd stopped.
    Still stuck ...
    Message was edited by: Stephane JOUVE

  • Open Directory startup error

    Hi,
    10.8.2 / Server 2.2
    Attempting to turn Open Directory fails with the message:
    An error occurred on the server while processing a command.
    The error occurred while processing a command of type 'setState' in plug-in 'servermgr_dirserv'
    How can I resolve this?
    Thanks.

    Thanks for replying. It's a new install, and it worked for about 2 days before it stopped working. I'm not sure what changes I made to break OD.
    I'm probably not knowlegable enough to understand the log file, even if I knew where to look. Apple did position this as "server for the rest of us" with a low price, so I'm using it to learn. And since I'm using this to learn, I don't mind starting over. But as far as I can see I see no option of creating a new master database, only a replicate record.
    Again, thanks for replying.

  • Unable to replicate Open Directory server

    I have a Master OD server that is currently being replicated to an offsite OD.
    But im looking to run a dedicated Mini for the offsite, but i cannot get the new mini to replicate.
    The slapconf log says the credentials are invalid. and exits with error code=69
    I have reset the directory admin password. made sure the network settings were all correct and the hostname and DNS name are correct.
    the OS and server versions are identical between the 2 servers.
    Anyone have any thoughts???

    Can't Create Replica in Open Directory
    Failed to setup Open Directory Replica.
    Still not possible to create OD Replic under Lion Server

  • Creating Open Directory Replica fails with Server Admin Error Value 1127

    Hallo,
    I have seen a lot of similar threads here and they were helpful up to a certain point, but in the end, they did not solve my problem.
    Currently, it comes down to this. The Server Admin Error message ist really meaningless and I could not find a single for the error value on the whole wide web. As such, I switched to the command line versions of the tools involved to geht more meaningful results. It worked. Specifically, creating a replica of an openldap master means using slapconfig.
    When executing
    slapconfig -createreplica master.ourdomain.com diradmin
    as root on the prospective replica machine, I get the following error message:
    ssh command failed with status 127
    That command is not allowed with the root account via public key authentication.
    That makes perfect sense to me, but how is it meant to work then?
    Executing slapconfig as admin tells me that this tool is to be executed as root. On the other hand, root login via ssh is not allowed in Mac OS X by default, which seems fine to me. I even changed /etc/sshd_config on the Open Directory Master machine to "PermitRootLogin yes". However, neither reloading ssh using launchctl nor restarting the whole server made this setting operational. Trying to login from command line as root still tells me:
    root login is not permitted to this machine via public key authentication.
    While this is the current state where I need help urgently, I changed some other things before. I tell about to exclude these issues as possible reason of failure. I got this message for quite a while:
    Replica Setup failed : This machine does not have a valid computer name
    I was sure, this machine meant the target machine, the open directory master, because the domain had changed there once before I had taken over responsibility as an admin in this environment. And in fact, changeip disguised an issue there. The command proposed by changeip to fix the situation did not seem appropriate because this machine is multihomed with a public and a private IP adress. Proper name resolution is available for both interfaces including reverse lookup. I dont like this setup, but it was the only way to get mail service running smoothly. Running changeip on the machine itself using these arguments
    changeip /LDAPv3/127.0.0.1 internalIP internalIP old.ours.com current.ours.com
    reported success in updating password server, open directory, both interfaces, hostconfig (which in fact did not change) and samba. It reported an issue with kadmin which is related to Kerberos (we dont use Kerberos yet).
    Changing the hostname of the server using changeip did not solve the issue. I then found the hint to check with scutil. This showed that the Hostname was not set on the prospective replica machine. (A question aside: in how many place is the hostname stored? The traditional /etc/hostname has gone, but seems to be replaces with several other configuration files and databases. I cant see this as an advantage). Setting the hostname using scutil worked fine. However, it did not solve the problem either. At least, slapconfig now started to complain about not being able to log in as root instead of failing from the start.
    I also checked all log files on bboth machines that might have to do with openldap, as there are /var/log/slapd.log, /var/log/system.log and /Library/Log/slapconfig.log. I also checked the log of th layer on top of openldap which is /Library/Log/DirectoryService.server.log. None of them revealed anything noticeable beside a lot of of entries that I have googled in the last few hours and which all dont seem to be associated with the problem in question.
    I will take a break now, but I have to fix this until tomorrow and I hope to get the ultimate hint from you, dear reader.
    Thanks and bye, Christian Völker

    ssh command failed with status 127
    That command is not allowed with the root account via public key authentication.
    Initial OD replication takes place via 'ssh'. If you have 'sshd' configured on the OD Master to authenticate with public keys then the OD replica will not be able to communicate with the OD Master via 'ssh'. You must configure the OD Master to use 'ssh' with password authentication and root login enabled.
    Demote the replica back to standalone. Stop any services that you may have running on the primary network interface. Then stop any services that you may have running on the secondary network interface. In the 'Network' System Prefpane remove the IP number from the secondary interface then deactivate the secondary network interface.
    Assign the private IP address and hostname that you wish to use for the replica to the primary network interface. Assign the 'public' IP number to the secondary interface. Check the DNS to see that the IP address and hostname for the primary network interface resolve both forward and reverse for the hostname of the replica that you have chosen. If it does not, fix your DNS before proceeding.
    In the 'Sharing' System Prefpane, change the name of the machine to the hostname (server.domain.tld) of the replica that you have chosen. Then use 'changeip -checkhostname' to see if the IP/hostname matches. Fix it if it doesn't.
    Then configure the /etc/sshd_config file on the OD master like this:
    \# Authentication:
    PermitRootLogin yes
    PasswordAuthentication yes
    PubkeyAuthentication no
    and the /etc/ssh_config file on the OD replica like this:
    PasswordAuthentication yes
    PubkeyAuthentication no
    Then from the OD replica as the 'root' user issue:
    slapconfig -createreplica <ODMasterIPorFQDN> <diradmin user>
    Make sure that the 'diradmin' user's password contains only alpha-numeric characters -no 'option-characters' or symbols, change it first if it does. Once the process completes, reactivate the secondary interface for the 'public' IP and check the configuration of services that will be using that IP, then start your other services. Secure the 'ssh' service on both machines to disable password authentication and 'root' logins.

  • Open Directory and connection to shared folders fail

    Hi,
    For testing i've setup an Open Directory Master (Leopard server 10.5.2) with shared folders and portable home directories.
    Login and synhronizing works as it should. But once logged in, when i click on the server in finder i just get connection failed. When i choose "connect as" and log in as the same user and password as authenticated at the login to the computer (authenticated to OD) it works.
    I thought it should work like a single sign on?
    Any clues?

    Hi
    If you browse the discussion forum you should find this:
    http://discussions.apple.com/thread.jspa?threadID=1251475&tstart=0
    Basically browsing using the Finder or Side Panel does not work well or breaks easily (as far as I can tell it has been like this since 10.2). In an OD environment trying to connect and getting a ticket using that method will probably fail. The workaround - or the 'fix' - is to use 'Connect to Server' from the Go Menu using the Server's IP address. In my experience it does not seem to matter whether AFP is set to Kerberos, Any or Standard for the authentication method. It also does not seem to matter whether the Server is configured in Standard or Advanced.
    I've not come across anything yet regarding Workgroup. Probably in that configuration it may not be an issue as this mode - as far as I can see - is ideal for AD-OD integration. In that environment OSX Server would not be the KDC and mac clients will be using the AD for SSO.
    Since this has been happening since 10.2 I don't see Apple addressing this anytime soon, however you never know?
    Tony

  • Adobe Premiere CS5 and Open Directory users - Premiere fails to start

    We have several class rooms with desktops that are configured for Open Directory.
    When a student logs in he's actually working in his home folder on the server and his user is also managed by the server.
    This works fine for all the applications that we're using except for Adobe Premiere CS5 and Adobe After Effects CS5. Whenever a student tries to start one of them the application will hang and only a force quit can stop it. It is impossible to start these applications.
    However, it is possible to use Premiere and After Effects using a local standard on the desktops. But I don't want to go that route. I want the managed users to be able to use those applications.
    Has anyone found a solution for this?
    Are you able to use this applications in a same environment?
    I've played a lot with the permissions on the library, system and Adobe folders, but the problem doesn't seem to be related to them.
    Setup:
    AFP Server: Xserve intel running Mac OS X Server 10.6.5
    OD Servers: Mac Mini Servers running Mac OS X Server 10.6.5
    Clients: iMacs intel running Mac OS X 10.6.6

    Safe Mode disables a lot of drivers and services, like networking.  That would seem to indicate that something is running on your system that interferes somehow.
    I'm just not sure how you'd go about tracking that down.

  • Application launches fail after wake up from sleep when switching from one open directory to another

    I take my MacBook Pro back and forth from home to work.  Open Directory is set up at both locations running on Snow Leopard server.  These two locations are entirely separate domains and IP networks.  The only thing that is the same is my username and password, which is the same in both locations.
    If I put my machine to sleep in one location and move to the other location and wake it up, I can usually launch one application, then no other applications launch and the machine is pretty much frozen up except for mouse cursor movement.  Using command-shift-escape and relaunching the finder doesn't help.
    It is as if the launch daemon has been made inoperative.  Apps just sit and bounce.
    Should one be able to log in one one network with open directory. Close all applications, move to an entirely different network, and wake up from sleep and continue working?  The login/password is identical on both open directory setups.
    Both home and work are set up so the users can "travel" and the machines are not "bound" to the open directory server.
    I've started using the "other" login box to login in which I think keeps the machine more independent of open directory and that seems to work better for moving between networks.
    Any ideas and/or comment welcome.
    (my DNS seems fine in both environments.  running changeip gets "success" in both places)

    After reading another post that popped up under "More Like This" after I posted this I may have found at least a temporary fix.  Unplugging and reseating the MDP adapter in the MacPro didn't accomplish anything but unplugging/reseating the HDMI plug in the Viewsonic brought it back to life.
    I guess I can live with this but it would be nice knowing that there's a more permanent fix for this.

  • Open Directory: "Unable to load replica list"

    I'm currently running Mavericks Server 3.1 on my Mac Mini at the home network. I had some issues with the client logins and went for local accounts on the clients instead. Today I finally wanted to fix the problem and go all Open Directory. But the Open Directory service was shut off when I opened the server software. I tried to turn it on but got a message saying "Unable to load replica list". I updated the software to the latest 3.1 but are still having the same issue. I never had any replica list, I only had a standard one from the start, but it seems I can't do anyhing there now.
    LDAP log:
    Mar 21 22:48:38 xxYY.com slapd[172]: @(#) $OpenLDAP: slapd 2.4.28 (Nov 12 2013 12:02:47) $
    [email protected]:/private/var/tmp/OpenLDAP/OpenLDAP-491.1~1/servers/slapd
    Mar 21 22:48:38 xxYY.com.com slapd[172]: daemon: SLAP_SOCK_INIT: dtblsize=8192
    Mar 21 22:48:39 xxYY.com.com slapd[172]: TLS: found identity in keychain using identity preference.
    Mar 21 22:48:42 xxYY.com.com slapd[172]: slap_add_listener: opened additional listener 'ldaps:///'
    Mar 21 22:48:42 xxYY.com.com slapd[172]: bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
    Mar 21 22:48:44 xxYY.com.com slapd[172]: slapd starting
    Mar 21 22:48:44 xxYY.com.com slapd[172]: daemon: posting com.apple.slapd.startup notification
    Mar 21 22:48:54 xxYY.com.com slapd[172]: => bdb_idl_delete_key: c_del id failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
    Mar 21 22:48:54 xxYY.com.com slapd[172]: conn=1022 op=3: attribute "entryCSN" index delete failure
    Mar 21 22:50:02 xxYY.com.com slapd[172]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
    Mar 21 22:50:02 xxYY.com.com slapd[172]: conn=1042 op=3: attribute "entryCSN" index delete failure
    I don't understand any of this other than the obvious failure words. Can anyone understand this and help me here?

    This procedure is a diagnostic test. It makes no changes to your data. If you have more than one user account, you must be logged in as an administrator to carry out these instructions.
    Please triple-click anywhere in the line below on this page to select it:
    sudo /usr/libexec/slapd -Tt | pbcopy
    Copy the selected text to the Clipboard by pressing the key combination command-C.
    Launch the built-in Terminal application in any of the following ways:
    ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
    ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
    ☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.
    Paste into the Terminal window by pressing the key combination command-V. I've tested these instructions only with the Safari web browser. If you use another browser, you may have to press the return key after pasting. You'll be prompted for your login password. Nothing will be displayed when you type it. If you don’t have a login password, you’ll need to set one before you can run the command. You may get a one-time warning to be careful. Confirm. You don't need to post the warning.
    If you see a message that your username "is not in the sudoers file," then you're not logged in as an administrator. Log in as one and start over.
    Wait for a new line ending in a dollar sign ($) to appear below what you entered.
    The output of the command will be automatically copied to the Clipboard. If the command produced no output, the Clipboard will be empty. Paste into a reply to this message.
    The Terminal window doesn't show the output. Please don't copy anything from there.

  • Open wallet failed error when running DBCA

    Hi,
    running 9i on AIX 5.3
    By starting dbca, get the Error Message 'Open wallet failed'
    The dbca GUI comes up and runs fine.
    Anyway in case anyone has the problem please let me know...
    The wallet entry is in the sqlnet.ora
    WALLET_LOCATION =
    (SOURCE =
    (METHOD = FILE)
    (METHOD_DATA =
    (DIRECTORY =/ora01/admin/DB_01/wallet)
    Thanks in advance

    See Note:369562.1 ERROR: Open Wallet Failed when starting NETMANAGER/NET CONFIGURATION, it states that the message can be ignored (the Note mentions DBCA too).
    HTH
    Enrique

  • DNS Server Having Intermittent Issues with Open Directory

    I work for a school and we're undertaking the large task of moving from Xserves running 10.6.8 to Mac Minis running 10.9. I have a lot of experience with OS X Server (I held ACSA up until they ditched it, and ACTC through the current OS) but I've hit a fairly large snag in configuring our DNS server. We currently run DNS via an AD server that is being retired at the end of the summer, so this is the first time our DNS will be Mac-based. That said, our network is ridiculously simple as we are a very small school. For the most part it's a flat network using the same IP range for our wired and wireless internal clients (we do have a vlan for guests but that's through Aerohive). I configured the DNS by hand, recreating the entries in our AD server (there were only about a dozen) and then adding in things that should have been there in the first place (e.g. printers and some other devices with static IPs that I'd like FQDNs for). Everything seemed to be working fine...until trying to log into Open Directory accounts.
    For some background, the DNS server running 10.9 was the first server we upgraded and it was a completely clean install. We run DHCP on another Mac Server currently running 10.6.8 and it does have the proper OD server listed. All DNS entries for the OD server match our current DNS server. The issue is that it's taking some users 5-6 tries to log in with their network accounts. The errors they receive range from the login window shaking to it stating the user cannot log in at this time. This seems to be worse on client machines running 10.9. but it's appearing on machines running 10.6.8-10.9.3.
    In my troubleshooting, I found that if I log in as a local user to one of those machines and do a dig for the OD server the results vary, this is where it gets weird. For example, if I dig ourodserver.ourdomain.org it will sometimes return host not found or it will sometimes resolve. If I ping the same thing it will sometimes work (even after stating it cannot resolve the host) and it will sometimes fail. If I then try a dig for the .local (e.g. ourodserver.local) it also yields the same varied results. However, on every machine that I've tested if I then open a Finder window and navigate to the server via the "Shared" menu and connect I have no trouble connecting and then magically my digs and pings in terminal work. If I revert DNS back to point to our old Windows server the issue goes away. I have meticulously combed through that server many many times now and am not seeing any missed entries. Any idea what could be causing this?

    You must have a working DNS service, and the server's hostname must match its fully-qualified domain name. To confirm, select the server by name in the sidebar of the Server application window, then select the Overview tab. Click the Edit button on the Host Name line. On the Accessing your Server sheet, Domain Name should be selected. Change the Host Name, if necessary. The server must have at least a three-level name (e.g. "server.yourdomain.com"), and the name must not be in the ".local" top-level domain, which is reserved for Bonjour.
    The primary DNS server used by the server must be 127.0.0.1 (that is, itself) unless you're using another server for internal DNS. The only DNS server set on the clients should be the internal one, which they should get from DHCP if applicable.

  • Open directory unable to start up after crash

    Hi everyone,
    Our OS X Server 10.8.4 crashed. After booting up again open directory doesn't want to start up so LDAP isn't running which means nobody can access their mails or do anything.
    When trying to start the Open Directory service in the "Server" app it just says "Unable to load replica list"
    Looking at the Open Directory Log after trying to switch it on this is what I get :
    2013-06-28 15:22:53.830872 SAST - 43.7184, Module: AppleODClientLDAP - unable to create LDAP connection context - no server specified
    2013-06-28 15:22:53.830888 SAST - 43.7184 - Client: opendirectoryd, UID: 0, EUID: 0, GID: 0, EGID: 0
    2013-06-28 15:22:53.830888 SAST - 43.7184, Module: AppleODClientLDAP - unable to open connection to LDAP server - unable to create connection context
    2013-06-28 15:23:23.832473 SAST - 43.7189 - Client: opendirectoryd, UID: 0, EUID: 0, GID: 0, EGID: 0
    2013-06-28 15:23:23.832473 SAST - 43.7189, Module: AppleODClientLDAP - unable to create LDAP connection context - no server specified
    2013-06-28 15:23:23.832488 SAST - 43.7189 - Client: opendirectoryd, UID: 0, EUID: 0, GID: 0, EGID: 0
    2013-06-28 15:23:23.832488 SAST - 43.7189, Module: AppleODClientLDAP - unable to open connection to LDAP server - unable to create connection context
    Does anyone have any advice on how to get it up and running again? I'd hate to lose all my users emails and do the server over. I have a time machine backup of a week ago as well which I guess is the second-to-last resort to restore the entire server from there?
    Please help, I'm desperate here
    Thanks
    J

    I was able to restore the existing server with the automatic OD backup that Server.app creates. When my OD fails to start after a crash and db_recover commands don't work, it's always worked for me to restore the odmaster from a backup using the command:
    sudo slapconfig -restoredb /private/var/backups/ServerBackup_OpenDirectoryMaster.sparseimage
    I'm careful to keep an independent OD backup with Carbon Copy Cloner and this preflight script.
    You can also grab an earlier version of the sparse image ServerBackup_OpenDirectoryMaster.sparseimage from a Time Machine backup. It's also possible to rsync the database files directory from a Time Machine backup.

  • After Updating to Server 4.1 Open directory and LPAD gone

    Hello,
    two days ago I discovered that Open directory was not working on our Server (Mac Mini 2012). I suspect it stopped working after updating to 10.10.3 and OS-X Server 4.1. When I try to start Open directory in the Server App the Server App prompts: Unable to load Replica List. When I try to recreate my Open directory Server I Get: OD Server already exists.
    I get the following log entries:
    LDAP Log
    Apr 11 22:03:02 server.seju.eu slapd[925]: @(#) $OpenLDAP: slapd 2.4.28 (Feb 24 2015 21:45:59) $
      [email protected]:/BinaryCache/OpenLDAP/OpenLDAP-499.32.4~1/Objects/servers/slapd
    Apr 11 22:03:02 server.seju.eu slapd[925]: daemon: SLAP_SOCK_INIT: dtblsize=8192
    Apr 11 22:03:02 server.seju.eu slapd[925]: TLS: OPENDIRECTORY_SSL_IDENTITY identity preference overrode configured olcTLSIdentity "APPLE:server.seju.eu"
    Apr 11 22:03:02 server.seju.eu slapd[925]: slap_add_listener: opened additional listener 'ldaps:///'
    Apr 11 22:03:02 server.seju.eu slapd[925]: bdb(dc=server,dc=seju,dc=eu): unable to allocate memory for mutex; resize mutex region
    Apr 11 22:03:02 server.seju.eu slapd[925]: bdb_db_open: database "dc=server,dc=seju,dc=eu" cannot be opened, err 12. Restore from backup!
    Apr 11 22:03:02 server.seju.eu slapd[925]: bdb(dc=server,dc=seju,dc=eu): txn_checkpoint interface requires an environment configured for the transaction subsystem
    Apr 11 22:03:02 server.seju.eu slapd[925]: bdb_db_close: database "dc=server,dc=seju,dc=eu": txn_checkpoint failed: Invalid argument (22).
    Apr 11 22:03:02 server.seju.eu slapd[925]: backend_startup_one (type=bdb, suffix="dc=server,dc=seju,dc=eu"): bi_db_open failed! (12)
    Apr 11 22:03:02 server.seju.eu slapd[925]: bdb_db_close: database "dc=server,dc=seju,dc=eu": alock_close failed
    Apr 11 22:03:02 server.seju.eu slapd[925]: slapd stopped.
    Open Directory Log
    2015-04-11 21:57:10.624284 CEST - AID: 0x0000000000000000 - opendirectoryd (build 382.20.2) launched...
    2015-04-11 21:57:10.752590 CEST - AID: 0x0000000000000000 - Logging level limit changed to 'error'
    2015-04-11 21:57:10.916732 CEST - AID: 0x0000000000000000 - Initialize trigger support
    2015-04-11 21:57:10.951833 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/SystemCache.bundle'
    2015-04-11 21:57:10.958469 CEST - AID: 0x0000000000000000 - Module: SystemCache - failed to load persistent state - Input/output error
    2015-04-11 21:57:10.962533 CEST - AID: 0x0000000000000000 - Registered node with name '/Active Directory' as hidden
    2015-04-11 21:57:10.962833 CEST - AID: 0x0000000000000000 - Registered node with name '/Configure' as hidden
    2015-04-11 21:57:10.963182 CEST - AID: 0x0000000000000000 - Discovered configuration for node name '/Contacts' at path '/Library/Preferences/OpenDirectory/Configurations//Contacts.plist'
    2015-04-11 21:57:10.963194 CEST - AID: 0x0000000000000000 - Registered node with name '/Contacts'
    2015-04-11 21:57:10.963438 CEST - AID: 0x0000000000000000 - Registered node with name '/LDAPv3' as hidden
    2015-04-11 21:57:10.966901 CEST - AID: 0x0000000000000000 - Registered node with name '/Local' as hidden
    2015-04-11 21:57:10.968600 CEST - AID: 0x0000000000000000 - Registered node with name '/NIS' as hidden
    2015-04-11 21:57:11.031990 CEST - AID: 0x0000000000000000 - Discovered configuration for node name '/Search' at path '/Library/Preferences/OpenDirectory/Configurations//Search.plist'
    2015-04-11 21:57:11.032007 CEST - AID: 0x0000000000000000 - Registered node with name '/Search'
    2015-04-11 21:57:12.343838 CEST - AID: 0x0000000000000000 - Discovered configuration for node name '/LDAPv3/127.0.0.1' at path '/Library/Preferences/OpenDirectory/Configurations/LDAPv3/127.0.0.1.plist'
    2015-04-11 21:57:12.343888 CEST - AID: 0x0000000000000000 - Registered subnode with name '/LDAPv3/127.0.0.1'
    2015-04-11 21:57:13.549377 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/legacy.bundle'
    2015-04-11 21:57:13.551131 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/search.bundle'
    2015-04-11 21:57:13.554053 CEST - AID: 0x0000000000000000 - '/Search' has registered, loading additional services
    2015-04-11 21:57:13.554064 CEST - AID: 0x0000000000000000 - Initialize augmentation support
    2015-04-11 21:57:13.557920 CEST - AID: 0x0000000000000000 - Successfully registered for Kernel identity service requests
    2015-04-11 21:57:13.557940 CEST - AID: 0x0000000000000000 - Adjusting kernel ID cache (100 -> 250) and membership cache (100 -> 500)
    2015-04-11 21:57:13.575235 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/PlistFile.bundle'
    2015-04-11 21:57:13.578418 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/FDESupport.bundle'
    2015-04-11 21:57:13.583810 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/AppleID.bundle'
    2015-04-11 21:57:13.615788 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/ConfigurationProfiles.bundle'
    2015-04-11 21:57:13.619666 CEST - AID: 0x0000000000000000 - Registered subnode with name '/Local/Default'
    2015-04-11 21:57:13.632498 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/ldap.bundle'
    2015-04-11 21:57:13.845588 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/AppleODClientLDAP.bundle'
    2015-04-11 21:57:13.849664 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/AppleODClientPWS.bundle'

    I had a similar problem. A couple days after upgrading, I encountered OD's "Unable to load replica" problem and had my server's certificate deleted from my system keychain!
    Server.app + OD + LDAP are all extremely fragile and I just don't trust them during transitions, so I always keep an independent bootable backup with Carbon Copy Cloner and this preflight script. I'll post my notes for recovering OD below, but in my case, nothing worked this time, and I couldn't start OD robustly across reboots. Fortunately for me, my 12 hour old bootable backup was working, so I just used CCC to copy my bootable backup back. Not sure what I would have done had that not worked short of rebuilding everything from scratch.
    Pre-steps:
    0. Bootable backups, Time Machine backups, and dirserv backups of everything.
    1. Disk Utility: Fix disk permissions, Fix disk
    2. PRAM reset, Command-Option-P-R at boot
    3. DiskWarrior to rebuild the disk directory
    Possible steps to fix OD:
    # Fix Open Directory "Unable to load replica"
    # Try this first:
    # https://support.apple.com/en-us/HT200018
    # Quit Server.app
    sudo mkdir /var/db/openldap/migration/
    sudo touch /var/db/openldap/migration/.rekerberize
    sudo killall PasswordService
    # Open Server.app
    # Try this second:
    # http://apple.stackexchange.com/questions/79141/how-to-fix-failing-open-directory -database-cn-authdata-cannot-be-opened-err
    sudo serveradmin stop dirserv
    sudo launchctl unload -w /System/Library/LaunchDaemons/org.openldap.slapd.plist
    sudo db_recover -h /var/db/openldap/authdata/
    sudo /usr/libexec/slapd -Tt
    sudo launchctl load -w /System/Library/LaunchDaemons/org.openldap.slapd.plist
    sudo serveradmin start dirserv
    # Try this third:
    # https://discussions.apple.com/thread/6018956
    sudo serveradmin stop dirserv
    sudo slapconfig -restoredb /private/var/backups/ServerBackup_OpenDirectoryMaster.sparseimage
    sudo serveradmin start dirserv
    # Try this fourth (assuming ccc_preflight od backup):
    # https://discussions.apple.com/thread/6018956
    sudo serveradmin stop dirserv
    sudo slapconfig -restoredb /private/var/backups/odbackup/od_2015-04-11.sparseimage
    sudo serveradmin start dirserv
    # Try this last:
    sudo rsync -va /your-backup-drive-possibly-TM/private/var/db/openldap/authdata/ /private/var/db/openldap/authdata/
    If your server cert gets deleted from the System keychain, you'll need to boot into the bootable backup and export the certificate+key that looks like hostname.domainname.tld, signed by IntermediateCA_HOSTNAME.DOMAINNAME.TLD_1, copy this to the server drive, import back into the System keychain. The cert should then appear within Server.app again. See here for how to do this if all you have is the System keychain file.
    If anyone has reliable advice how to fix a corrupt OD that would be a huge help.

  • Open Directory setState error

    Hi,
    I had an Open Directory system working fine, rebooted my (Mac Mini 2011) server and now it refuses to start. I get:
    "An error occurred on the server while processing a command. The error occurred while processing a command of type 'setState' in plug-in 'servermgr_dirserv'"
    I had this error before on an old installation of OS X which I have since reinstalled.
    What's going on? Open Directory seems to me to be completely and utterly unstable, and not fit for purpose. All of a sudden it's stopped working and therefore I can't login using my normal username and password. What gives?!

    Looking at the logs I'm getting these errors:
    [email protected]:/private/var/tmp/OpenLDAP/OpenLDAP-208.1~6/servers/slapd
    Sep 30 19:48:32 woz.private slapd[1629]: slap_add_listener: opened additional listener 'ldaps:///'
    Sep 30 19:48:32 woz.private slapd[1629]: bdb(dc=woz,dc=private): file id2entry.bdb has LSN 1/1837404, past end of log at 1/1693634
    Sep 30 19:48:32 woz.private slapd[1629]: bdb(dc=woz,dc=private): Commonly caused by moving a database from one database environment
    Sep 30 19:48:32 woz.private slapd[1629]: bdb(dc=woz,dc=private): to another without clearing the database LSNs, or by removing all of
    Sep 30 19:48:32 woz.private slapd[1629]: bdb(dc=woz,dc=private): the log files from a database environment
    Sep 30 19:48:32 woz.private slapd[1629]: bdb(dc=woz,dc=private): /var/db/openldap/openldap-data/id2entry.bdb: unexpected file type or format
    Sep 30 19:48:32 woz.private slapd[1629]: bdb_db_open: database "dc=woz,dc=private": db_open(/var/db/openldap/openldap-data/id2entry.bdb) failed: Invalid argument (22).
    Sep 30 19:48:32 woz.private slapd[1629]: backend_startup_one (type=bdb, suffix="dc=woz,dc=private"): bi_db_open failed! (22)
    Sep 30 19:48:32 woz.private slapd[1629]: bdb_db_close: database "dc=woz,dc=private": alock_close failed
    Sep 30 19:48:32 woz.private slapd[1629]: slapd stopped.

  • Discoverer Desktop (4)- Receiving error Attempt to Open Workbook Failed

    Hi,
    The reason for this error is multiple people are opening same workbook. This has never been a problem before as the user would receive message: "Open Workbook as Read Only..."
    Now they only get the message: "Attempt to Open Workbook Failed."
    We have tested here and have determined it is not a generell issue because we have the problem only on two workstations.
    I check the registry HKEY_CURRENT_USER for diffenerence between the workstations but without any success.
    There is no file access problem
    Any idea?
    Thx
    Arnd

    Hi all,
    We are having exactly the same problem. I've come to the point that there's a problem between Discoverer Desktop 4i and XP SP3.
    The scenario we have is:
    a) If an user with SP2 creates a workbook and saves it into the network shared folder,
    a.1) It can be opened by users with SP2 as many times as the want. They just receive the "Open Workbook as Read Only" warning message.
    a.2) Users with SP3 can open it only if the workbook is not open by any other user. After that all users receive the "Attempt to Open..." error message.
    a.3) If a user with SP3 makes any change to the workbook and saves it, it doesn't matter which SP version you have, the file becomes "corrupt" and only one user can open it at the same time.
    b) If an user with SP3 creates a workbook and saves it into the network shared folder it can only be opened by one user at the same time
    I've also made tests and the same error occurs if the .dis file is located in a local directory (c:\My Documents for example). I can not open it twice in my computer in two different discoverer desktop instances, and I have SP3, while another user with SP2 can.
    Any ideas? Our Discoverer Desktop version is 4.1.48.06.00
    Regards.

Maybe you are looking for