LDAPv3 problem

Stucked with this message in Server Preferences:
Unable to set node credentials for LDAPv3/127.0.0.1 with the record name
myserver.mydomain.net$.
And I can not remove Push Notifications for myserver.mydomain.net
(I have changed server name)

If the +sudo changeip -checkhostname+ command isn't getting anywhere (at all?), then the operating system configuration looks fairly well stuffed, then. (After the administrative password prompt, It's normal to get some chatter from that command, whether success or failure is detected.)
I'd manually check DNS settings (look at the network controller settings, issue dig and +dig -x+ commands (for host name to IP and IP address to host name translations, respectively), but I'd not hold out much hope that this box is working all that reliably.
Reportedly, 10.6 issues all that you need to change your host name behind the scenes, but it does look like however the host name or IP name change was made here, something went badly wrong.
For purposes of expediency and simplicity, you may well end up reinstalling.

Similar Messages

  • LDAPv3 problem, help!!!

    I've got a G5 with OSX.3 server and 9 emac's running on OSX.3
    We built a network by using 3 ethernetcards building 3 subnets
    10.10.10.0/24
    10.10.11.0/24
    10.10.12.0/24
    We have the following problem.
    DHCP and DNS are correctly setup and working, we've tested it.
    The problem arises with Open directory.
    When we're in a 10.10.10.0 subnet we can identify us to the open directory server, clients can login with there homedirectory on the server.
    When we're in a 10.10.11.0 or 10.10.12.0 subnet we can't do this.
    We tried:
    DSCL localhost
    / > CD LDAPv3 > ls
    server.viscom.abk
    /LDAPv3 > cd server.viscom.abk/
    Here we got invalid directory response
    Any suggestions???

    I am not sure what your problem is...
    Please post your code.

  • Problem with DNS

    Hello,
    I am relatively new to configuring DNS settings in Server Manager. Recently, my Kerberos relm stopped working and I am now getting this error message on the console:
    configured name and reverse DNS name do not match (fileserver.occu-med.com != mail.occu-med.net), various services may not function properly - use changeip to repair and/or correct DNS
    I did, for a short time, try to register the server as a mail server. However, due to the many issues I experienced, this was a short lived endeavor. Right now I am running 10.4.11 on an Xserv. The box is functioning as a Fileserver running AFP and SMB, DHCP server, DNS Server, Firewall and NAT, an AD Server, and a VPN server. I have had no issues with the other services, they are all functioning fine. The only problem with OD is that it cannot Kerborize if the DNS is not functioning properly.
    I believe that the issue with the DNS can be attributed to the server being part of an external DNS relm as well as an internal DNS relm. There is definitely an entry for mail.occu-med.net in our ISP's DNS server, however on the internal network that I am running, occu-med.com, there is no such entry in our DNS records.
    I have tried the changeip command "changeip LDAPv3/127.0.0.1 "externaladdress" 10.0.0.2 mail.occu-med.net fileserver.occu-med.com to no avail.
    When I go into the Server Admin took to look at my network connections, it lists connection en0 (The outside portion of the NAT) as mail.occu-med.net. The connection en1 (the inside portion of the NAT) does not have an assigned DNS name.
    When I go into the Terminal on the Xserv and type in "hostname" I get "Fileserver.occu-med.com." However when I type in "host fileserver.occu-med.com" I get the error "Host fileserver.occu-med.com not found: 3(NXDOMAIN)" When I type in "host externalip" I get "externalip.in-addr.arpa domain name pointer mail.occu-med.net."
    Obviously the server is confused here, but how exactly can I fix the problem?

    DNS was working right before the server was propagated to a mai server. I have set up our internal domain to mirror the external domain by entering all of the ISP specific DNS information into the server so that users can access mail.occu-med.com via the internet. I have also set up specific internal DNS names that are not shared with the outside world, such as fileserver.occu-med.com that I do not want published to the external DNS servers. The problem I cannot get around is where the entry mail.occu-med.net is coming from and why it persists. When I was messing around with the mail functions of OS X Server, I deliberately made two different domains, one for occu-med.net and one for occu-med.com. This was short lived as the confusion on where to connect for certain services was giving even myself a headache, let alone my users. Thats when I started delving into setting up our own internal DNS server to provide FQDN services to internal machines. I deleted all of the old information in the server for the previous DNS Zones, but apparently something has not changed.
    Using a computer on the inside of my network, if I type into the console host mail.occu-med.net it returns "mail.occu-med.net has address 216.251.43.97"
    If I type host 209.234.153.2 I get "2.153.234.209.in-addr.arpa domain name pointer mail.occu-med.net."
    So, the server IS providing the wrong information to the internal clients somehow. The problem is that there is no mail.occu-med.net domain even hosted on the server. When I was original messing around with the server as a mail server, I had the connections reversed, en0 was the inside connection and en1 was the outside. I did have DNS working properly when i did this. Is it possible that somehow, while it may not be displayed in the Server Admin window, the current outside interface is still assigned the FQDN mail.occu-med.net?

  • 10.4.6 update authentication problem

    As I have read there are several who have had AFP problems after the 10.4.6 update. I was unable to access or start AFP after the update nor am I able to login over remote desktop. I tried removing my sharepoints as per the helpful suggestions but when removing my sharepoint which formerly hosted my user folders it asks me to authenticated to LDAPv3/127.0.0.1 as a domain administrator. I tried this to no avail using the proper name and password (I know becase WGM let me in just fine). I decided to demote to standalone using the dropdown in Server Admin then would remove the share but it is still asking me to authenticate. Luckily this is a test server and only had 3 accounts on it but can someone point me in the right direction?
    To recap: AFP will not start or restart, Remote Desktop access gives me an authentication error with working pw, and I cannot remove a sharepoint from a non-existent directory

    Turns out it was bad ram causing some of the trouble and trying to fix it only caused more of a mess.

  • How to create mailboxes under mac os x 10.6.4 either using ldapv3 or windows active directory?

    hi,
    i'm working on the mail server of our company. the plan is to implement the built in mail server feature of mac mini OS X 10.6.4 using either ldapv3 or preferably our existing window active directory users.
    i was able to set the open directory and can view the user accounts from AD. my problem is i do not have any clear documentation or manual on how to create mailboxes using either AD accounts or MAC LDAPv3. i already checked the manual of mac os x mail service administration and have found none pertaining to this case.
    i would really appreciate if someone can give me reference on how to do this. as of now im quite desperate because i have a deadline for this project.
    thank you in advance for your help.

    You said, "A 2014 iMac can't run either Snow Leopard or Lion." I know that. What I want to know is how I can install Lion or Snow Leopard on a peripheral hard drive, NOT on my iMac.
    – Larry

  • OSX 10.4.7 Workgroup Admin problem from remote computer

    I've set up for test a 10.4 server on a private network.
    On this server, I've created with Workgroup Admin some accounts for files, mail and web. I've no problem to access nd modify these accounts with the tools installe on the server, but when I try to do the same thing from a remote Workgroup Admin, I've an empty list for users and group, except the admin user.
    The fact is that i've changed the DNS setup from a dyndns account to a classical dns entry.
    Is there any correlation between the DNS changement entry and the fact that I cannot retreive my users entries in Workgroup and how restore a normal usage.
    Thanks for help !

    Are you looking in the correct domain from the remote machine?
    You may just be looking in the local netinfo domain of the server, and you need to be looking in the OD domain.
    Open WorkGroup Manager and in the top left under the 'Admin' globe you will see another small globe. Click on this and use th pulldown menu to check you are looking at the /LDAPv3/127.0.0.1 domain.
    hth,
    b.

  • LDAPv3 not working with Workgroup Manager

    Hello,
    I recently started at a new job, and it appears the previous guy did not know how to set things up properly so I have been fixing all of his mistakes. But this one has me pulling out my hair.
    Anytime I try to set the Workgroup local directory to LDAPv3 I get this message in the console
    10/09/08 9:00:40 AM Workgroup Manager[219] Got unexpected error of type ePlugInNotActive (-14278) on line 3873 of /SourceCache/WorkgroupManager/WorkgroupManager-319/PMMUGMainView.mm
    10/09/08 9:00:40 AM [0x0-0x23023].com.apple.WorkgroupManager[219] dsOpenDirNode failed with error of type -14278
    I know there is a problem but just can't find it, and I can't find any information on resolving the ePlugInNotActive -14278 error
    Can anyone help or steer me in the right direction.
    Thank you,
    Any other info you need just ask
    Message was edited by: SoMuchSoul

    No There isn't a page that would show that it was turned off other than the services list. But my point in all that was this is their device, and the guy knew that it used a dial up connection. So, knowing how your hardware works, you would assume that they would check to make sure it is running. Considering that most "Optimization" programs turn this off because no one uses a dial up connection anymore. I would think this just falls under the trouble shooting diagnosis train of thought. And I'm not saying that they guy didn't try, nor that he wasn't nice on the phone. I was just frustrated that something so simple seems to have a lot of people saying that verizon isn't thinking any more. LIKE MY INCREDIBLE THAT STILL ISN'T HERE. But don't get me started on that rant. I mean how can you finally advertise that you have a phone that is better than apple, and not know there is going to be a rush on the bank so to speak?

  • Problems with the Xserver Bus error

    I think this problem started when I updated to 10.4.10, but I'm not entirely sure.
    All of the sudden, I lost the Windows Login, the first problem I found was that the "crashreport" couldn't write on file and exited with signal 1 and 10.
    Following up on the system.log the application crashing was Spotlight damon.
    I remove it from the boot process and now it's not crashing (because is not running )
    But I still cannot login, when I restart the server, the screen stays on the part where the "bar" estimate the time to boot, although some of the services are up.
    Like LDAP, AFP, DHCP, etc.
    I cannot connect with the "Server Admin" remotely, although the "Workgroup Mannager" DOES connect.
    I CAN login ssh, but if I try any privileged commands, like "systemsetup", "networksetup", "softwareupdate", I get "Bus error" and there's nothing I can do.
    From the system.log I get
    Jul 10 21:20:34 imerserver /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
    Jul 10 21:20:34 imerserver /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
    Jul 10 21:20:35 imerserver /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
    Jul 10 21:20:35 imerserver launchd: getty repeating too quickly on port /dev/console, sleeping
    Jul 10 21:21:05 imerserver /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
    "ps xl" gives me this:
    UID PID PPID CPU PRI NI VSZ RSS WCHAN STAT TT TIME COMMAND
    0 1 0 0 32 -1 28348 212 - S<s ?? 0:47.20 /sbin/launchd
    0 27 1 0 63 0 27264 108 - Ss ?? 0:00.00 /sbin/dynamic_pager -F /private/var/vm/swapfil
    0 31 1 0 31 0 28216 940 - Ss ?? 0:01.20 kextd
    0 35 1 0 31 0 27752 568 - Ss ?? 0:05.62 /usr/sbin/kdcmond -n -a
    0 36 1 0 31 0 27844 400 - Ss ?? 0:00.03 /usr/sbin/KernelEventAgent
    0 37 1 0 31 0 28612 984 - Ss ?? 0:04.22 /usr/sbin/mDNSResponder -launchdaemon
    0 38 1 0 31 0 27592 412 - Ss ?? 0:06.12 /usr/sbin/netinfod -s local
    0 39 1 0 31 0 34464 2380 - Ss ?? 0:11.64 /usr/sbin/PasswordService -n
    0 41 1 0 31 0 27772 620 - Ss ?? 0:00.02 vpnd -x -i com.apple.ppp.pptp
    0 43 1 0 31 0 27284 236 - Ss ?? 0:22.46 /usr/sbin/syslogd
    0 45 1 0 31 0 28580 920 - Ss ?? 0:00.26 /usr/sbin/kadmind -passwordserver -nofork
    0 46 1 0 31 0 86292 3112 - Ss ?? 0:17.80 /usr/sbin/named -f
    0 49 1 0 31 0 118008 3584 - Ss ?? 1:18.70 /usr/libexec/slapd -d 0 -h ldap:/// ldapi://%2
    0 50 1 0 31 0 27348 460 - Ss ?? 0:01.59 master
    0 52 1 0 31 0 28872 756 - Ss ?? 0:00.25 /usr/sbin/coreaudiod
    0 53 1 0 31 0 27780 820 - Ss ?? 0:46.80 /usr/sbin/diskarbitrationd
    0 54 1 0 31 0 28340 520 - Ss ?? 0:00.58 /usr/sbin/memberd -x
    0 55 1 0 31 0 30368 2856 - Ss ?? 0:22.12 /usr/sbin/securityd
    0 57 1 0 31 0 27864 308 - Ss ?? 0:33.99 /usr/sbin/notifyd
    0 63 1 0 31 0 27672 520 - Ss ?? 0:06.20 /usr/sbin/distnoted
    0 64 1 0 31 0 34644 3616 - Ss ?? 0:10.24 /usr/sbin/DirectoryService
    0 66 1 0 31 0 27248 168 - Ss ?? 0:58.58 /usr/sbin/update
    0 81 1 0 31 0 29896 1052 - Ss ?? 0:28.71 /System/Library/CoreServices/coreservicesd
    0 130 1 0 31 0 27768 212 - Ss ?? 1:41.87 /usr/libexec/crashreporterd
    0 177 1 0 31 0 28992 1016 - Ss ?? 0:01.44 /usr/sbin/serialnumberd
    0 179 1 0 31 0 28512 1264 - Ss ?? 0:01.66 /usr/sbin/cupsd -L
    0 180 1 0 31 0 29308 128 - Ss ?? 0:00.00 nfsiod -n 4
    0 191 1 0 31 0 29080 160 - Ss ?? 0:00.00 /usr/sbin/AppleFileServer
    0 192 191 0 31 0 81588 9656 - S ?? 2:54.72 /usr/sbin/AppleFileServer
    0 193 1 0 31 0 27812 504 - S ?? 0:00.04 /bin/sh ./bin/mysqld_safe --datadir=/usr/local
    0 199 1 0 31 0 30224 528 - Ss ?? 0:00.41 /usr/sbin/smbd -D
    0 202 199 0 31 0 30224 208 - S ?? 0:00.00 /usr/sbin/smbd -D
    0 204 1 0 31 0 27308 128 - Ss ?? 0:00.00 rpc.lockd -w
    0 207 1 0 31 0 29716 904 - Ss ?? 0:00.06 /usr/sbin/automount -f -m /Network -nsl -mnt /
    0 209 1 0 31 0 28456 688 - Ss ?? 0:11.09 /usr/sbin/nmbd -D
    0 210 209 0 31 0 28440 172 - S ?? 0:00.01 /usr/sbin/nmbd -D
    0 213 1 0 31 0 29420 868 - Ss ?? 0:00.06 /usr/sbin/automount -f -m /automount/Servers -
    0 216 35 0 31 0 28848 1592 - S ?? 0:12.35 /usr/sbin/krb5kdc -n -a
    0 219 1 0 31 0 27508 316 - Ss ?? 0:08.14 ntpd -f /var/run/ntp.drift -p /var/run/ntpd.pi
    0 348 1 0 31 0 30936 772 - Ss ?? 0:00.46 slpd -f /etc/slpsa.conf
    0 402 1 0 31 0 27328 76 - Ss ?? 0:00.00 /usr/sbin/webperfcache
    0 19558 1 0 31 0 30292 1064 - S ?? 0:00.36 /usr/sbin/sshd -i
    0 23027 1 0 31 0 27844 904 - Ss ?? 0:00.05 /usr/libexec/bootpd -q
    0 23341 1 0 32 -1 28352 232 - S< ?? 0:00.00 /sbin/launchd
    0 26365 1 0 31 0 29928 1508 - Ss ?? 0:31.98 /usr/sbin/configd
    0 26375 1 0 31 0 30268 1056 - Ss ?? 0:06.97 /usr/sbin/lookupd
    0 19562 19558 0 31 0 27812 864 - Ss p0 0:00.25 -sh
    0 23342 19562 0 31 0 27288 396 - R+ p0 0:00.01 ps xl
    G5   Mac OS X (10.4.9)   2 512Gb Mirror Disks

    OK, I put the things back before my changes.
    I run the "privilages", install the Combo package, but everithing stays the same.
    Here's the system.log
    Jul 11 16:31:30 localhost kernel[0]: standard timeslicing quantum is 10000 us
    Jul 11 16:31:27 localhost mDNSResponder-108.5 (May 9 2007 16: 57:18)[37]: starting
    Jul 11 16:31:30 localhost kernel[0]: vmpagebootstrap: 124261 free pages
    Jul 11 16:31:27 localhost memberd[50]: memberd starting up
    Jul 11 16:31:30 localhost kernel[0]: migtable_maxdispl = 70
    Jul 11 16:31:28 localhost named[44]: starting BIND 9.3.4 -f
    Jul 11 16:31:31 localhost kernel[0]: 91 prelinked modules
    Jul 11 16:31:29 localhost lookupd[54]: lookupd (version 369.5) starting - Wed Jul 11 16:31:29 2007
    Jul 11 16:31:31 localhost kernel[0]: Copyright (c) 1982, 1986, 1989, 1991, 1993
    Jul 11 16:31:31 localhost kernel[0]: The Regents of the University of California. All rights reserved.
    Jul 11 16:31:31 localhost kernel[0]: using 1310 buffer headers and 1310 cluster IO buffer headers
    Jul 11 16:31:31 localhost kernel[0]: AppleKauaiATA shasta-ata features enabled
    Jul 11 16:31:31 localhost kernel[0]: DART enabled
    Jul 11 16:31:31 localhost kernel[0]: FireWire (OHCI) Apple ID 52 built-in now active, GUID 001451ff fe42198e; max speed s800.
    Jul 11 16:31:31 localhost kernel[0]: Security auditing service present
    Jul 11 16:31:31 localhost kernel[0]: BSM auditing present
    Jul 11 16:31:31 localhost kernel[0]: disabled
    Jul 11 16:31:31 localhost kernel[0]: rooting via boot-uuid from /chosen: 1FFA9A97-D6DE-3E6F-8EAD-9C7D29C054DB
    Jul 11 16:31:31 localhost kernel[0]: Waiting on <dict ID="0"><key>IOProviderClass</key><string ID="1">IOResources</string><key>IOResourceMatch</key><string ID="2">boot-uuid-media</string></dict>
    Jul 11 16:31:31 localhost kernel[0]: AppleSMU -- shutdown cause = 2
    Jul 11 16:31:31 localhost kernel[0]: Got boot device = IOService:/MacRISC4PE/ht@0,f2000000/AppleMacRiscHT/pci@9/IOPCI2PCIBridge/k2-sat a-root@C/AppleK2SATARoot/k2-sata@0/AppleK2SATA/ATADeviceNub@0/IOATABlockStorageD river/IOATABlockStorageDevice/IOBlockStorageDriver/ST3500630AS Media/IOApplePartitionScheme/AppleRAID_OfflineV2_Untitled2@3/AppleRAIDMember/AppleRAIDMirrorSet/IMER Server Disk@0
    Jul 11 16:31:31 localhost kernel[0]: BSD root: disk2, major 14, minor 8
    Jul 11 16:31:31 localhost kernel[0]: AppleSMU::PMU vers = 0x000d00a0, SPU vers = 0x69, SDB vers = 0x01,
    Jul 11 16:31:31 localhost kernel[0]: Jettisoning kernel linker.
    Jul 11 16:31:31 localhost kernel[0]: Resetting IOCatalogue.
    Jul 11 16:31:31 localhost kernel[0]: Matching service count = 1
    Jul 11 16:31:31 localhost kernel[0]: Matching service count = 3
    Jul 11 16:31:31 localhost kernel[0]: Matching service count = 3
    Jul 11 16:31:31 localhost kernel[0]: Matching service count = 3
    Jul 11 16:31:31 localhost kernel[0]: Matching service count = 3
    Jul 11 16:31:31 localhost kernel[0]: Matching service count = 3
    Jul 11 16:31:31 localhost kernel[0]: NVDANV40HAL loaded and registered.
    Jul 11 16:31:31 localhost kernel[0]: PowerMac112ThermalProfile::start 1
    Jul 11 16:31:31 localhost kernel[0]: PowerMac112ThermalProfile::end 1
    Jul 11 16:31:31 localhost kernel[0]: SMUNeo2PlatformPlugin::initThermalProfile - entry
    Jul 11 16:31:31 localhost kernel[0]: SMUNeo2PlatformPlugin::initThermalProfile - calling adjust
    Jul 11 16:31:31 localhost kernel[0]: PowerMac112ThermalProfile::adjustThermalProfile start
    Jul 11 16:31:31 localhost named[44]: command channel listening on 127.0.0.1#54
    Jul 11 16:31:33 localhost diskarbitrationd[49]: disk2 hfs 1FFA9A97-D6DE-3E6F-8EAD-9C7D29C054DB IMER Server Disk /
    Jul 11 16:31:33 localhost DirectoryService[58]: Launched version 2.1 (v353.6)
    Jul 11 16:31:34 localhost launchd: com.apple.servermgrd: exited abnormally: Bus error
    Jul 11 16:31:34 localhost launchd: com.apple.servermgrd: respawning too quickly! throttling
    Jul 11 16:31:34 localhost launchd: com.apple.servermgrd: 9 more failures without living at least 60 seconds will cause job removal
    Jul 11 16:31:34 localhost launchd: com.apple.servermgrd: will restart in 10 seconds
    Jul 11 16:31:35 localhost kernel[0]: BCM5701Enet: Ethernet address 00:16:cb:3a:f0:88
    Jul 11 16:31:35 localhost launchd: Server 351b in bootstrap 1103 uid 0: "/usr/sbin/lookupd"[54]: exited abnormally: Hangup
    Jul 11 16:31:35 localhost kernel[0]: BCM5701Enet: Ethernet address 00:16:cb:3a:f0:89
    Jul 11 16:31:36 localhost lookupd[73]: lookupd (version 369.5) starting - Wed Jul 11 16:31:36 2007
    Jul 11 16:31:36 localhost mDNSResponder: Adding browse domain local.
    Jul 11 16:31:37 imerserver configd[47]: setting hostname to "imerserver.intranet.imeronline.com"
    Jul 11 16:31:40 imerserver kernel[0]: NVDA,Display-B: vram [98020000:08000000]
    Jul 11 16:31:40 imerserver kernel[0]: NVDA,Display-A: vram [00000000:01000000]
    Jul 11 16:31:40 imerserver kernel[0]: AppleBCM5701Ethernet - en0 link active, 1000-Mbit, full duplex, symmetric flow control enabled
    Jul 11 16:31:40 imerserver configd[47]: AppleTalk startup
    Jul 11 16:31:42 imerserver configd[47]: executing /System/Library/SystemConfiguration/Kicker.bundle/Contents/Resources/enable-net work
    Jul 11 16:31:42 imerserver configd[47]: posting notification com.apple.system.config.network_change
    Jul 11 16:31:42 imerserver lookupd[81]: lookupd (version 369.5) starting - Wed Jul 11 16:31:42 2007
    Jul 11 16:31:44 imerserver configd[47]: AppleTalk startup complete
    Jul 11 16:31:48 imerserver DirectoryService[58]: LDAPv3: [127.0.0.1] Updated Security Policies from Directory.
    Jul 11 16:31:52 imerserver kernel[0]: nmbd[207] uses send/recv on a pipe
    Jul 11 16:31:52 imerserver /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
    Jul 11 16:31:52 imerserver launchd: com.apple.servermgrd: exited abnormally: Bus error
    Jul 11 16:31:52 imerserver launchd: com.apple.servermgrd: respawning too quickly! throttling
    Jul 11 16:31:52 imerserver launchd: com.apple.servermgrd: 8 more failures without living at least 60 seconds will cause job removal
    Jul 11 16:31:52 imerserver launchd: com.apple.servermgrd: will restart in 10 seconds
    Jul 11 16:31:53 imerserver /usr/sbin/serialnumberd[179]: serialnumberd: Firewall rule #1 added to allow port 626.
    Jul 11 16:31:55 imerserver automount[192]: Failed request for Finder notification; result = -1.
    Jul 11 16:31:55 imerserver automount[192]: Failed request for Finder notification; result = -1.
    Jul 11 16:31:55 imerserver ntpdate[94]: getnetnum: "time.apple.com" invalid host number, line ignored
    Jul 11 16:31:55 imerserver ntpdate[94]: no servers can be used, exiting
    Jul 11 16:31:55 imerserver configd[47]: target=enable-network: disabled
    Jul 11 16:31:56 imerserver automount[192]: Failed request for Finder notification; result = -1.
    Jul 11 16:31:56 imerserver automount[192]: Failed request for Finder notification; result = -1.
    Jul 11 16:31:56 imerserver automount[192]: Failed request for Finder notification; result = -1.
    Jul 11 16:31:56 imerserver automount[192]: Failed request for Finder notification; result = -1.
    Jul 11 16:31:57 imerserver ntpd_initres[258]: couldn't resolve `time.apple.com', giving up on it
    Jul 11 16:32:01 imerserver /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
    Jul 11 16:32:01 imerserver launchd: getty repeating too quickly on port /dev/console, sleeping
    Jul 11 16:32:02 imerserver netinfod local[38]: cannot lookup child
    Jul 11 16:32:02 imerserver netinfod local[38]: cannot lookup child
    Jul 11 16:32:02 imerserver netinfod local[38]: cannot lookup child
    Jul 11 16:32:02 imerserver netinfod local[38]: cannot lookup child
    Jul 11 16:32:03 imerserver launchd: com.apple.servermgrd: exited abnormally: Bus error
    Jul 11 16:32:03 imerserver launchd: com.apple.servermgrd: respawning too quickly! throttling
    Jul 11 16:32:03 imerserver launchd: com.apple.servermgrd: 7 more failures without living at least 60 seconds will cause job removal
    Jul 11 16:32:03 imerserver launchd: com.apple.servermgrd: will restart in 10 seconds
    Jul 11 16:32:05 imerserver mDNSResponder: Update kerberos.udp.IMERSERVER.INTRANET.IMERONLINE.COM. refused
    Jul 11 16:32:05 imerserver mDNSResponder: Registration of record kerberos.udp.IMERSERVER.INTRANET.IMERONLINE.COM. type 33 failed with error -65553
    Jul 11 16:32:05 imerserver mDNSResponder: ERROR: hndlLookupSOA - recursed to root label of _kerberos.imerserver. without finding SOA
    Jul 11 16:32:05 imerserver mDNSResponder: RecordRegistrationCallback: error -65537
    Jul 11 16:32:05 imerserver mDNSResponder: Update kerberos.tcp.IMERSERVER.INTRANET.IMERONLINE.COM. refused
    Jul 11 16:32:05 imerserver mDNSResponder: Registration of record kerberos.tcp.IMERSERVER.INTRANET.IMERONLINE.COM. type 33 failed with error -65553
    Jul 11 16:32:13 imerserver launchd: com.apple.servermgrd: exited abnormally: Bus error
    Jul 11 16:32:13 imerserver launchd: com.apple.servermgrd: respawning too quickly! throttling
    Jul 11 16:32:13 imerserver launchd: com.apple.servermgrd: 6 more failures without living at least 60 seconds will cause job removal
    Jul 11 16:32:13 imerserver launchd: com.apple.servermgrd: will restart in 10 seconds
    Jul 11 16:32:24 imerserver launchd: com.apple.servermgrd: exited abnormally: Bus error
    Jul 11 16:32:24 imerserver launchd: com.apple.servermgrd: respawning too quickly! throttling
    Jul 11 16:32:24 imerserver launchd: com.apple.servermgrd: 5 more failures without living at least 60 seconds will cause job removal
    Jul 11 16:32:24 imerserver launchd: com.apple.servermgrd: will restart in 10 seconds
    Jul 11 16:32:31 imerserver /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
    Jul 11 16:32:31 imerserver /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
    Jul 11 16:32:31 imerserver /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
    Jul 11 16:32:32 imerserver launchd: getty repeating too quickly on port /dev/console, sleeping
    Jul 11 16:32:34 imerserver launchd: com.apple.servermgrd: exited abnormally: Bus error
    Jul 11 16:32:34 imerserver launchd: com.apple.servermgrd: respawning too quickly! throttling
    Jul 11 16:32:34 imerserver launchd: com.apple.servermgrd: 4 more failures without living at least 60 seconds will cause job removal
    Jul 11 16:32:34 imerserver launchd: com.apple.servermgrd: will restart in 10 seconds
    Jul 11 16:32:44 imerserver launchd: com.apple.servermgrd: exited abnormally: Bus error
    Jul 11 16:32:44 imerserver launchd: com.apple.servermgrd: respawning too quickly! throttling
    Jul 11 16:32:44 imerserver launchd: com.apple.servermgrd: 3 more failures without living at least 60 seconds will cause job removal
    Jul 11 16:32:44 imerserver launchd: com.apple.servermgrd: will restart in 10 seconds
    Jul 11 16:32:55 imerserver launchd: com.apple.servermgrd: exited abnormally: Bus error
    Jul 11 16:32:55 imerserver launchd: com.apple.servermgrd: respawning too quickly! throttling
    Jul 11 16:32:55 imerserver launchd: com.apple.servermgrd: 2 more failures without living at least 60 seconds will cause job removal
    Jul 11 16:32:55 imerserver launchd: com.apple.servermgrd: will restart in 10 seconds
    Jul 11 16:33:02 imerserver /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
    Jul 11 16:33:02 imerserver /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
    Jul 11 16:33:02 imerserver /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
    Jul 11 16:33:02 imerserver /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
    Jul 11 16:33:03 imerserver launchd: getty repeating too quickly on port /dev/console, sleeping
    Jul 11 16:33:05 imerserver launchd: com.apple.servermgrd: exited abnormally: Bus error
    Jul 11 16:33:05 imerserver launchd: com.apple.servermgrd: respawning too quickly! throttling
    Jul 11 16:33:05 imerserver launchd: com.apple.servermgrd: 1 more failure without living at least 60 seconds will cause job removal
    Jul 11 16:33:05 imerserver launchd: com.apple.servermgrd: will restart in 10 seconds
    Jul 11 16:33:15 imerserver launchd: com.apple.servermgrd: exited abnormally: Bus error
    Jul 11 16:33:15 imerserver launchd: com.apple.servermgrd: respawning too quickly! throttling
    Jul 11 16:33:15 imerserver launchd: com.apple.servermgrd: too many failures in succession
    Jul 11 16:33:33 imerserver /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
    Jul 11 16:33:33 imerserver /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
    Jul 11 16:33:33 imerserver /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
    Jul 11 16:33:33 imerserver /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
    Jul 11 16:33:34 imerserver launchd: getty repeating too quickly on port /dev/console, sleeping
    Jul 11 16:34:04 imerserver /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
    Jul 11 16:34:04 imerserver /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
    Jul 11 16:34:04 imerserver /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
    Jul 11 16:34:04 imerserver /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
    Jul 11 16:34:05 imerserver launchd: getty repeating too quickly on port /dev/console, sleeping
    Jul 11 16:34:35 imerserver /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
    Jul 11 16:34:35 imerserver /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
    Jul 11 16:34:35 imerserver /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
    Jul 11 16:34:35 imerserver /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
    Jul 11 16:34:36 imerserver launchd: getty repeating too quickly on port /dev/console, sleeping
    Jul 11 16:35:06 imerserver /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
    Jul 11 16:35:06 imerserver /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
    Jul 11 16:35:06 imerserver /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
    Jul 11 16:35:06 imerserver /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
    Jul 11 16:35:07 imerserver launchd: getty repeating too quickly on port /dev/console, sleeping
    Jul 11 16:35:37 imerserver /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
    Jul 11 16:35:37 imerserver /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
    Jul 11 16:35:37 imerserver /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
    Jul 11 16:35:37 imerserver /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started

  • Open Directory, third party LDAP search path problem on Snow Leopard

    Happy new year folks,
    I ran into an interesting problem this past week in regards to a third party LDAP directory in the Search path (which used to work on previous versions). The issue brings the server to its knees eventually. I'm still digging through the logs, but here's the general breakdown...
    1. Add third-party LDAP to the OD node list. This has always worked on previous versions, and appears to still work at the most basic level. I can navigate the node with DSCL, read records, etc.
    1. Add third-party LDAP to the OD search path.
    2. Wait a few minutes....
    3. The server begins to slow down. Apache, SSH, ServerAdmin service stop responding. I'm able to run "top" briefly, which shows an increase of threads.
    4. Restart the server and quickly remove the directory from the OD search path
    5. Server goes back to being rock solid with very nice response times for Apache, SSH, ServerAdmin, etc.
    If anyone has any debugging suggestions, or has seen this before, let me know.
    Jaime
    --- Below is some console output leading up to the chaos. Before adding to search path, everything looks good --------------------
    bash-3.2# dscl
    Entering interactive mode... (type "help" for commands)
    read /LDAPv3/ldap.itd.umich.edu/Users/jaimelm cn
    dsAttrTypeNative:cn:
    Jaime Magiera
    Jaime L Magiera 1
    Jaime L Magiera
    --- Add to Search Path, which hangs ------------------------------------------------------------------------------
    bash-3.2# dscl /Search -append / CSPSearchPath /LDAPv3/ldap.itd.umich.edu
    --- DSCL in debug mode contains the following ----------------------------------------------
    2010-01-01 19:26:25 EST - T[0x00000001037A5000] - Client: ipfw, PID: 1097, API: libinfo, Server Used : libinfomig DAR : Procedure = getprotobynumber (13) : Result code = 0
    2010-01-01 19:26:25 EST - T[0x00000001037A5000] - Client: sso_util, PID: 1103, API: dsFindDirNodes(), Server Used : DAR : 1 : Dir Ref = 16779669 : Requested nodename = /Search
    2010-01-01 19:26:25 EST - T[0x00000001037A5000] - Plug-in call "dsDoPlugInCustomCall()" failed with error = -14292.
    2010-01-01 19:26:25 EST - T[0x00000001037A5000] - Port: 27151 Call: dsDoPlugInCustomCall() == -14292
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsFindDirNodes(), Server Used : DAR : 1 : Dir Ref = 16779
    707 : Requested nodename = /LDAPv3/ldap.itd.umich.edu
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsFindDirNodes(), Server Used : DAR : 2 : Dir Ref = 16779707 : Result code = 0
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsVerifyDirRefNum(), Server Used : DAC : Dir Ref 167797072010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsVerifyDirRefNum(), Server Used : DAR : Dir Ref 16779707
    : Result code = 0
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsFindDirNodes(), Server Used : DAC : Dir Ref 16779707 :
    Data buffer size = 1282010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsFindDirNodes(), Server Used : DAR : 1 : Dir Ref = 16779
    707 : Requested nodename = ConfigNode2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsFindDirNodes(), Server Used : DAR : 2 : Dir Ref = 16779
    707 : Result code = 0
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: Requesting dsOpenDirNode with PID = 1114, UID = 0, and EUID = 0
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsOpenDirNode(), Configure Used : DAC : Dir Ref = 16779707 : Node Name = /Configure
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsOpenDirNode(), Configure Used : DAR : Dir Ref = 1677970
    7 : Node Ref = 33556926 : Result code = 0
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsVerifyDirRefNum(), Server Used : DAC : Dir Ref 16779707
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsVerifyDirRefNum(), Server Used : DAR : Dir Ref 16779707 : Result code = 0
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsGetDirNodeInfo(), Configure Used : DAC : Node Ref = 33556926 : Requested Attrs = dsAttrTypeStandard:OperatingSystemVersion : Attr Type Only Flag = 0
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsGetDirNodeInfo(), Configure Used : DAR : Node Ref = 33556926 : Result code = 0
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsGetDirNodeInfo(), Search Used : DAC : Node Ref = 33556924 : Requested Attrs = dsAttrTypeStandard:LSPSearchPath : Attr Type Only Flag = 0
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsGetDirNodeInfo(), Search Used : DAR : Node Ref = 33556924 : Result code = 0
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Client: dscl, PID: 1114, API: dsDoPlugInCustomCall(), Search Used : DAC : Node Ref = 33556924 : Request Code = 444
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Checking for Search Node XML config file:
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - /Library/Preferences/DirectoryService/SearchNodeConfig.plist
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Have written the Search Node XML config file:
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - /Library/Preferences/DirectoryService/SearchNodeConfigBackup.plist
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - Setting search policy to Custom search
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - CSearchPlugin::SwitchSearchPolicy: switch - reachability of node </LDAPv3/127.0.0.1> retained as <true>
    2010-01-01 19:26:36 EST - T[0x000000010070A000] - CSearchPlugin::CheckNodes: checking network node reachability on search policy 0x0000000000002201
    2010-01-01 19:26:36 EST - T[0x00000001037A5000] - CCachePlugin::EmptyCacheEntryType - Request to empty all types - Flushing the cache
    2010-01-01 19:26:36 EST - T[0x000000010070A000] - Client: Requesting dsOpenDirNode with PID = 0, UID = 0, and EUID = 0
    2010-01-01 19:26:36 EST - T[0x000000010070A000] - Internal Dispatch, API: dsOpenDirNode(), LDAPv3 Used : DAC : Dir Ref = 16777216 : Node Name = /LDAPv3/127.0.0.1
    2010-01-01 19:26:36 EST - T[0x000000010070A000] - Internal Dispatch, API: dsOpenDirNode(), LDAPv3 Used : DAR : Dir Ref = 16777216 : Node Ref = 33556929 : Result code = 0
    2010-01-01 19:26:36 EST - T[0x000000010070A000] - CSearchPlugin::CheckNodes: calling dsOpenDirNode succeeded on node </LDAPv3/127.0.0.1>
    2010-01-01 19:26:36 EST - T[0x000000010070A000] - Internal Dispatch, API: dsCloseDirNode(), LDAPv3 Used : DAC : Node Ref = 33556929
    2010-01-01 19:26:36 EST - T[0x000000010070A000] - Internal Dispatch, API: dsCloseDirNode(), LDAPv3 Used : DAR : Node Ref = 33556929 : Result code = 0
    2010-01-01 19:26:36 EST - T[0x0000000103181000] - mbr_mig - dsFlushMembershipCache - force cache flush (internally initiated)
    2010-01-01 19:26:36 EST - T[0x000000010070A000] - Client: Requesting dsOpenDirNode with PID = 0, UID = 0, and EUID = 0
    2010-01-01 19:26:36 EST - T[0x0000000103181000] - Membership - dsNodeStateChangeOccurred - flagging all entries as expired
    2010-01-01 19:26:36 EST - T[0x000000010070A000] - Internal Dispatch, API: dsOpenDirNode(), LDAPv3 Used : DAC : Dir Ref = 16777216 : Node Name = /LDAPv3/ldap.itd.umich.edu
    2010-01-01 19:26:36 EST - T[0x000000010070A000] - CLDAPNodeConfig::InternalEstablishConnection - Node ldap.itd.umich.edu - Connection requested for read
    2010-01-01 19:26:36 EST - T[0x000000010070A000] - CLDAPNodeConfig::FindSuitableReplica - Node ldap.itd.umich.edu - Attempting Replica connect to 141.211.93.133 for read
    2010-01-01 19:26:36 EST - T[0x0000000102481000] - CCachePlugin::SearchPolicyChange - search policy change notification, looking for NIS
    2010-01-01 19:26:36 EST - T[0x0000000102481000] - Internal Dispatch, API: dsGetDirNodeInfo(), Search Used : DAC : Node Ref = 33554436 : Requested Attrs = dsAttrTypeStandard:SearchPath : Attr Type Only Flag = 0
    ------- From another screen, I do "id jaimelm", which hangs ------------------------------------------------------------------------
    : Requested Rec Names = jaimelm : Rec Name Pattern Match:8449 = eDSiExact : Requested Rec Types = dsRecTypeStandard:Users
    2010-01-01 19:36:55 EST - T[0x00000001082A2000] - Internal Dispatch, API: dsGetRecordList(), Search Used : DAC : 2 : Node Ref = 33554436 : Requested Attrs = dsAttrTypeStandard:AppleMetaNodeLocation;dsAttrTypeStandard:RecordName;dsAttrTy peStandard:Password;dsAttrTypeStandard:UniqueID;dsAttrTypeStandard:GeneratedUID; dsAttrTypeStandard:PrimaryGroupID;dsAttrTypeStandard:NFSHomeDirectory;dsAttrType Standard:UserShell;dsAttrTypeStandard:RealName;dsAttrTypeStandard:Keywords : Attr Type Only Flag = 0 : Record Count Limit = 1 : Continue Data = 0
    2010-01-01 19:37:03 EST - T[0x0000000108325000] - Client: httpd, PID: 157, API: mbr_syscall, Server Used : process kauth result 0x0000000102022B30
    2010-01-01 19:37:03 EST - T[0x00000001083A8000] - Client: httpd, PID: 151, API: mbr_syscall, Server Used : process kauth result 0x0000000102022C50
    2010-01-01 19:37:05 EST - T[0x000000010842B000] - Client: httpd, PID: 203, API: mbr_syscall, Server Used : process kauth result 0x0000000102022D70
    2010-01-01 19:37:15 EST - T[0x00000001084AE000] - Client: httpd, PID: 994, API: mbr_syscall, Server Used : process kauth result 0x0000000102023890
    2010-01-01 19:37:26 EST - T[0x0000000108531000] - Client: httpd, PID: 198, API: mbr_syscall, Server Used : process kauth result 0x0000000102023980
    2010-01-01 19:37:31 EST - T[0x00000001085B4000] - Client: httpd, PID: 161, API: mbr_syscall, Server Used : process kauth result 0x0000000~

    Hi
    I'm in agreement with harry here but what I'm struggling to understand is why you are seeing this as a problem? I'm also struggling to see this as being a possibility in a single server environment if I understand your post correctly?
    Promotion to OD Master with all that entails absolutely rests on a properly configured and tested internal DNS Service. The Kerberos Realm's foundation (and with that the ability of the server to perform its function as KDC and offer LDAP services) entirely depends on what is configured in the DNS Service. This will include the server name, domain name and tld. The Kerberos Realm automatically configures itself using that information. Likewise the searchbase.
    Its more than possible to change the Realm name and with it the LDAP search base (in certain circumstances) and have an OD Master, however Kerberos won't start it won't need to as the KDC will be elsewhere. You generally see this when augmenting Windows AD with MCX. In that situation Realm name and search base will reflect what is set on the Active Directory. Client computers will use what is set there for contact and authentication information before looking at the OD Master for anything else.
    Does this help? Tony

  • LDAPv3 Authentication at Login Window in Leopard (10.5.2)

    Hi. I'm having a problem with LDAP authentication in Leopard (10.5.2). I'm using an identical configuration to my Tiger set up, but it simply fails at Login Window. So far, I've done the following:
    1) Changed the TLS_REQCERT entry in '/etc/openldap/ldap.conf' to never.
    2) Tried to browse the directory using 'dscl'. I can browse to localhost->LDAPv3->server.domain->Users->my user... so it seems as though the directory is set up fine.
    3) Tried logging in using 'login' in terminal. If i use that command, and log in using my LDAP credentials, I can authenticate just fine.
    I also decided to run the 'id' command on a domain user and, as expected, it worked. An example would be:
    dev-mac01:~ cssd$ id blp25
    uid=502(BLP25) gid=20(staff) groups=20(staff),98(lpadmin),81(_appserveradm),101(com.apple.sharepoint.group.1),102(com.apple.share point.group.2),79(appserverusr),80(admin)
    Finally, I just deleted the /Library/Preferences/DirectoryService directory. Rebooted. Recreated the config. Rebooted. I can log in using the login command in terminal just as before, but I cannot log in at Login Window (it shakes its window at me). The option in the Accounts System Preferences panel to allow network account logins is CHECKED.
    Any help is much appreciated.

    I'm not using AD binding. I'm using the LDAPv3 plug-in. I choose to do it this way, partially because I can do more specific mapping between domain attributes and local attribtues, and partially because I don't want to have each computer have a computer account in the domain.
    What the 'id' output is showing is that I'm able to search for a domain user (with no actual account on the local machine). In the LDAP plugin, the UniqueID and PrimaryGroupID attributes are mapped to local ones (for the sake of making the network user appear as a specific local user).. specifically UID 502 (represented as #502 in the configuration) and GID 20 (represented as #20 in the configuration).
    As I said, this identical configuration worked perfectly in 10.4.x and 10.3.x.. but does not work in 10.5.x. If I DO use AD binding, everything works as expected, but it introduces other issues I don't want to deal with. Thanks for the reply.
    UPDATE: One final note.. there are only two local accounts on the computer... so none of the domain users I'd be attempting to authenticate as would conflict. On and one more final note (because having multiple final notes is fun), the actual authentication mechanism is clearly working since I can use 'login' to authenticate. LoginWindow seems simply not willing to authenticate against LDAP as 'login' is.
    Message was edited by: brandonlp

  • New certificate installed, /LDAPv3/127.0.0.1 unavailable, 10.6.5 Help?

    I am seriously worried. I used to have the following setup:
    - GoDaddy signed cert for several services on domain name cert.bar.nl, used for mail authentication etc.
    - self-signed cert for Open DIrectory on domain name main.bar.nl
    I have done the following:
    1. Created a new self-signed cert for main.bar.nl in order for it to be signed (I could not use the old one as it had insufficient bits)
    2. Had this signed succesfully
    3. Installed this as the signed cert in Server Admin
    4. Tested it by using it for secure https, worked fine
    5. Then removed the old self-signed cert and selected the new signed cert as cert for Open Directory
    Result: clients cannot mount their afp: directories for home syncing and what is more important, I cannot get to the /LDAPv3/127.0.0.1 directory with all the network users anymore. If I open Workspace Manager, I get Local/Default, but trying to move to my network directory fails. WM says: "Unable to open the requested mode" followed by "The node /LDAPv3/127.0.0.1 couldn’t be opened because an unexpected error of type -14002 occurred."
    Help? How do I restablish a connection to my network directory? On client computers, I can still log in, but probably because stuff has been cached and I am deadly afraid I will lose login of network accounts (all acocunts are mobile accounts with synced portable home directories).

    By restoring /private/etc/certificates and /private/etc/openldap from my CrashPlan backup, I have been able to restore working access to my /LDAPv3/127.0.0.1 directory (network users). I have two problems left:
    - Server Admin shows the new certificate for main.bar.nl and in Open DIrectory, Server Admin shows Use SSL, but does not show a selected certificate. Where does Server Admin keep its knowledge about certificates? Or how do I repair Server Admin's knowledge about certificates?
    - Selecting the newly signed certificate for use in Open DIrectory recreates the problem. So, I have a nicely signed certificate for main.bar.nl, but as soon as I use it, access to /LDAPv3/127.0.0.1 is lost. What next?

  • LDAP problems after IP change

    I changed my IP address for the LDAP server in accordance to the advice given here:
    http://discussions.apple.com/thread.jspa?messageID=1983263&#1983263
    [using command:
    sudo changeip /LDAPv3/127.0.0.1 212.212.123.45 212.212.35.5 ldap.example.com ldap.example.com
    However, LDAP still does not work. [when attempting to authenticate, I just get the shaking Login screen]. The logs do not indicate anything useful to diagnose this problem.
    As well, iChat (on another server) can not authenticate users to the OD Server (assuming the problem is the same for LDAP and authentication problems).
    Can someone help me out as to where I went wrong and how to correct it?

    I want to thank the guys at this post:
    http://discussions.apple.com/thread.jspa?messageID=2404645&#2404645
    Following these instructions (while a bit bumpy in my situation) fixed my LDAP. As such, I am marking this problem as solved... although, another problem crept up as a result... MD5 mail authentication now fails (Password works)... so, I will open a new thread in Mail section and mark this as answered.

  • Has anyone encounter this "unable to set node credentials for /LDAPv3"?

    Install and updated the Macmini server to 10.6.5. It working fine until try to access the Server Preferences and error message "unable to set node credentials for /LDAPv3/127.0.0.1 with the record name **." Looking at the logs and has servermgr_accounts got error 5203 trying to auth to local LDAP node. Has anyone found solution for this problem?
    Thanks
    Luis

    Thank you for responding. This is what we are using in a small company a Cisco Switcher, and don't have a router.
    If you're getting connections off of the network out to the Internet, then yes, there is a router involved. Somewhere.
    MacMini server I have an IP address of 169.254.xxx.xx, before IP address was 192.254.xxx.xx.
    That IP address implies that the box isn't getting an IP address from a DHCP server; that's the self-assigned block. (Officially, these addresses are in the Automatic Private Address Configuration Automatic Private IP Addressing (APIPA) IANA reserved range.)
    Which implies that at least two problems lurk.
    Mac OS X Server must have a static IP address. Not DHCP-assigned dynamic addresses.
    And a DHCP server isn't answering the IP address requests. (Well, not unless the DHCP server is passing out addresses in the self-assigned block, and that wouldn't likely be considered best-practice. More likely an IP address from a DHCP address pool allocated within a subnet somewhere in the 10.0.0.0/8 or 172.16.0.0/12 or (less desirably) 192.168.0.0/16 private blocks.
    The Firewall is not turned on. Its purpose is for guest to access files, without deleting or modifying it.
    When you're debugging problems, simplify. Divide the problem. With network services, test the lowest levels of the stack. Then work your way up the stack; toward higher-level services and mechanisms. Then add more parts and pieces, and DHCP and related.
    IP hosts operating at 169.254.0.0/16 addresses (for longer than it takes to get an IP address from DHCP) usually implies that the network configuration is invalid or the DHCP server is not working.
    I did not expect that Open Directory would be a big problem.
    If DNS services or IP routing is misconfigured, then the whole rest of the stack will be unstable at best. The configuration order (and debugging order) involves functional IP networking and hardware, first and foremost. Then having functional DNS. Then Open Directory and then Kerberos. Then the rest of the stack.

  • New Snow Leopard server problems -need advice.

    hello everyone. I just setup a mac pro with Snow Leopard server to replace our G5 which was setup up for simple file sharing as a fake server and am having several challenges listed below:
    *I've made sure the new computer running SL server has the same local name and IP address as the previous G5 (now off of the network)
    - Our windows (Vista) computer cannot see the server on the network. This was not a problem with the G5 and SMB filesharing.
    - I cannot access server preferences due to this error: "Unable to set node credentials for /LDAPv3/127.0.0.1 with the record name server.mydomain.com$ There may be a problem with the Open Directory service."
    - server admin is treacherously slow both locally and remotely.
    I cold really use some help on these folks. I'd sincerely appreciate it.

    Thanks for your input everyone. I turned off DNS (just to see) and it's still slow. Frankly I am not sure if I even need it yet. My goal is only to setup local services and then open the server up to the WAN.
    My provides the DNS I suppose. MY ISP points to my WAN IP and my router directs that to my server's internal IP. At least that's how things are setup now and left over from when i was using Snow Leopard client as a fake server (for filesharing and DayLite).
    I did setup the initial DNS settings of Snow Leopard Server after the install to the computer's IP address which I assigned manually and left the rest to get from my router's DHCP server. I setup the zone (home.mydomain.com)
    Any ideas for the sluggishness.

  • WGM Login/Server Problems

    I've been smoothly running a web and mail server under domain1.us. Recently, I added domain2.us to run webmail and a mail server under a virtual domain. Each domain has its own IP address, and DNS and reverse DNS resolve correctly for both as well as for the separate IP for the server.
    The server is working without problems as are web and mail servers. Network LDAP logins are working as well.
    Here is the problem: when using WGM, I log into server.domain1.us or its IP address, but as soon as I login, the server name displayed at the top of the WGM window shows server.domain2.us. Furthermore, all users' locations on the WGM main screen show server.domain2.us/LDAPv3/127.0.0.1. It used to show server.domain1.us instead.
    I've been over the contents of my zone files, and they look correct in content and structure. I did a changeip -checkhostname which told me nothing needed to be changed. dscl shows I am logged into server.domain1.us LDAP realm.
    I am at a complete loss here. I've spent hours trying to find the cause of this problem without success. I really don't care about the displayed servername, but I am concerned that future users I create may have problems because of the different LDAP directory.
    Any help would be greatly appreciated. Thanks in advance.
    Eric

    I found the solution to this very irritating problem.
    First sso_util info -g revealed that the default realm name was server.domain2.us. I have no idea how or why it changed when I added the additional services.
    Next, I followed the first 2 steps in this article: http://docs.info.apple.com/article.html?artnum=302044. I did not do step 3.
    Then I went the the Network System Pref on the server and reordered the 3 ports in Network Status that are assigned to the ethernet interface. The port for server.domain1.us was first in the listing and matched the desired and original Kerberos realm name. I moved this port to the last position, rebooted the server, and everything returned to normal.
    sso_util info -g showed server.domain1.us as the default realm name (as it should have been and was previously). WGM showed the correct server in the main window again.
    I'm finally done wasting time on this.

Maybe you are looking for