Misconfiguration detected in hash global uid/sid
running on a mac os x sever network 10.6.8 with over 2,000 users and over 50 groups. for about 1 full year now in sever admin we get this error NON stop witch seems to happen when ever someone logs in. It will say
"misconfiguration detected in hash global UID" OR
"misconfiguration detected in hash global SID"
this is nonstop. From what i have read this is due to the same user or group having the same ID. Where can i go to psychically see if they have the same ID (in WGM it does not show any doubled ID's)
with over 2,000 users and people logging in all the time this error comes out about every 1 minute. Is there any fix for this?
running on a mac os x sever network 10.6.8 with over 2,000 users and over 50 groups. for about 1 full year now in sever admin we get this error NON stop witch seems to happen when ever someone logs in. It will say
"misconfiguration detected in hash global UID" OR
"misconfiguration detected in hash global SID"
this is nonstop. From what i have read this is due to the same user or group having the same ID. Where can i go to psychically see if they have the same ID (in WGM it does not show any doubled ID's)
with over 2,000 users and people logging in all the time this error comes out about every 1 minute. Is there any fix for this?
Similar Messages
-
Misconfiguration detected in hash 'Global UID'
Very dears all,
I upgraded to Snow Leopard Server but I am still missing to have everything working safely as it was on Leopard Server.
In SL Server, Open Directory is Master and its overview page says that both LDAP Server, Password Server and Kerberos are running but in the Settings pane the Kerberize... button is always present (while it is absent in L Server) and if I push the button I am requested to enter user name and password, which is the same I enter in WGM (where it works OK), but it is not accepted and the same windows is re-opened.
Checking the OP logs, in Directory Services Error log, I got the following raw:
Misconfiguration detected in hash 'Global UID'
As well as User root raws for /LDAPv3/127.0.0.1 and Local are present with complex string references for UUID and SID.
Is there anyone may help me to understand what it means and what to do to fully recover the service?
Many thanks and best wishes,
CarmineI look in my Directory Services Error log and see
2009-11-11 13:28:27 EST - T[0x0000000100783000] - Misconfiguration detected in hash 'Global UID':
2009-11-11 13:28:27 EST - T[0x0000000100783000] - User 'root' (/LDAPv3/127.0.0.1) - ID 0 - UUID 50518200-F0D2-4497-A282-6BBE836687C9 - SID S-1-5-21-68834345-3193862298-1725808020-1000
2009-11-11 13:28:27 EST - T[0x0000000100783000] - User 'root' (/Local/Default) - ID 0 - UUID FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000000 - SID S-1-5-18
I launch dscl and
list LDAPv3/127.0.0.1/Users/
diradmin
root
vpn_30717237d42a
root user in open directory that is new in SL.
list Local/Default/Users/
_amavisd
_appowner
_appserver
_ard
_atsserver
_calendar
_carddav
_clamav
_coreaudiod
_cvmsroot
_cvs
_cyrus
_devdocs
_dovecot
_eppc
_installer
_jabber
_lda
_locationd
_lp
_mailman
_mcxalr
_mdnsresponder
_mysql
_pcastagent
_pcastserver
_postfix
_qtss
_sandbox
_screensaver
_securityagent
_serialnumberd
_softwareupdate
_spotlight
_sshd
_svn
_teamsserver
_timezone
_tokend
_trustevaluationagent
_unknown
updatesharing
_usbmuxd
_uucp
_windowserver
_www
_xgridagent
_xgridcontroller
com.apple.calendarserver
com.apple.mailuserforservices
com.apple.notificationuser
daemon
nobody
notjunkmail
root
Which also has a root user. So yes I have 2 root users. I have never seen a root user in the ldap database is this new and expected?
Is this wrong?
should I line up the generated UIDS?
read LDAPv3/127.0.0.1/Users/root/
dsAttrTypeNative:altSecurityIdentities: Kerberos:[email protected]
dsAttrTypeNative:apple-generateduid: 50518200-F0D2-4497-A282-6BBE836687C9
dsAttrTypeNative:authAuthority:
;ApplePasswordServer; blah blah blah blah blah
[email protected]:192.168.1.1
dsAttrTypeNative:cn:
System Administrator
dsAttrTypeNative:gidNumber: 0
dsAttrTypeNative:homeDirectory: /private/var/root
dsAttrTypeNative:loginShell: /bin/tcsh
dsAttrTypeNative:objectClass: inetOrgPerson posixAccount shadowAccount apple-user extensibleObject
dsAttrTypeNative:shadowExpire: 0
dsAttrTypeNative:shadowLastChange: 0
dsAttrTypeNative:sn: Administrator
dsAttrTypeNative:uid: root
dsAttrTypeNative:uidNumber: 0
dsAttrTypeNative:userPassword: ******
AltSecurityIdentities: Kerberos:[email protected]
AppleMetaNodeLocation: /LDAPv3/127.0.0.1
AuthenticationAuthority:
Change: 0
Expire: 0
GeneratedUID: 50518200-blah-blah-blah-blah
LastName: Administrator
NFSHomeDirectory: /private/var/root
Password: ******
PrimaryGroupID: 0
RealName:
System Administrator
RecordName:
root
System Administrator
RecordType: dsRecTypeStandard:Users
UniqueID: 0
UserShell: /bin/tcsh
read Local/Default/Users/root
AppleMetaNodeLocation: /Local/Default
AuthenticationAuthority: ;ShadowHash; ;Kerberosv5;;root@LKDC:SHA1.3 blah;
GeneratedUID: blah blah-blah-blah-blah-blah blah blah
NFSHomeDirectory: /var/root
Password: ******
PrimaryGroupID: 0
RealName:
System Administrator
RecordName: root
RecordType: dsRecTypeStandard:Users
SMBSID: S-1-5-18
UniqueID: 0
UserShell: /bin/sh
What to do... -
Misconfiguration detected in hash 'Global SID'
Greetings
I have the above message in my Directory Services Error log, repeated over & over. I read other posts about this which seem to relate to overlapping user or group IDs. I don't have that issue, and in fact this seems to relate to computer records rather than users or groups. As a test, I deleted & recreated the Guest Computer record, but still get the same issue.
eddie.waveneyrivercentre.co.uk is the name of the server, and if I am understanding the log correctly it's computer record is somehow conflicting with the guest computer record?
Mac Mini OS X Server 10.6.2
Here's the log:
2009-12-29 21:45:41 GMT - T[0x0000000101D05000] - Misconfiguration detected in hash 'Global SID':
2009-12-29 21:45:41 GMT - T[0x0000000101D05000] - Computer 'guest' (/LDAPv3/127.0.0.1) - ID -1 - UUID CE6FD001-9FAD-40EF-89D0-6993842825D5 - SID S-1-5-21-621501553-3013919606-753330415-998
2009-12-29 21:45:41 GMT - T[0x0000000101D05000] - Computer 'eddie.waveneyrivercentre.co.uk$' (/Local/Default) - ID -1 - UUID 4D69A263-5232-4AB4-A7F7-63C57E7F2F70 - SID S-1-5-21-621501553-3013919606-753330415-998
2009-12-29 21:45:41 GMT - T[0x0000000100786000] - Misconfiguration detected in hash 'Global SID':
2009-12-29 21:45:41 GMT - T[0x0000000100786000] - Computer 'guest' (/LDAPv3/127.0.0.1) - ID -1 - UUID CE6FD001-9FAD-40EF-89D0-6993842825D5 - SID S-1-5-21-621501553-3013919606-753330415-998
2009-12-29 21:45:41 GMT - T[0x0000000100786000] - Computer 'eddie.waveneyrivercentre.co.uk$' (/Local/Default) - ID -1 - UUID 4D69A263-5232-4AB4-A7F7-63C57E7F2F70 - SID S-1-5-21-621501553-3013919606-753330415-998
does anyone have any ideas?
TIA
JAmesGreetings
I have the above message in my Directory Services Error log, repeated over & over. I read other posts about this which seem to relate to overlapping user or group IDs. I don't have that issue, and in fact this seems to relate to computer records rather than users or groups. As a test, I deleted & recreated the Guest Computer record, but still get the same issue.
eddie.waveneyrivercentre.co.uk is the name of the server, and if I am understanding the log correctly it's computer record is somehow conflicting with the guest computer record?
Mac Mini OS X Server 10.6.2
Here's the log:
2009-12-29 21:45:41 GMT - T[0x0000000101D05000] - Misconfiguration detected in hash 'Global SID':
2009-12-29 21:45:41 GMT - T[0x0000000101D05000] - Computer 'guest' (/LDAPv3/127.0.0.1) - ID -1 - UUID CE6FD001-9FAD-40EF-89D0-6993842825D5 - SID S-1-5-21-621501553-3013919606-753330415-998
2009-12-29 21:45:41 GMT - T[0x0000000101D05000] - Computer 'eddie.waveneyrivercentre.co.uk$' (/Local/Default) - ID -1 - UUID 4D69A263-5232-4AB4-A7F7-63C57E7F2F70 - SID S-1-5-21-621501553-3013919606-753330415-998
2009-12-29 21:45:41 GMT - T[0x0000000100786000] - Misconfiguration detected in hash 'Global SID':
2009-12-29 21:45:41 GMT - T[0x0000000100786000] - Computer 'guest' (/LDAPv3/127.0.0.1) - ID -1 - UUID CE6FD001-9FAD-40EF-89D0-6993842825D5 - SID S-1-5-21-621501553-3013919606-753330415-998
2009-12-29 21:45:41 GMT - T[0x0000000100786000] - Computer 'eddie.waveneyrivercentre.co.uk$' (/Local/Default) - ID -1 - UUID 4D69A263-5232-4AB4-A7F7-63C57E7F2F70 - SID S-1-5-21-621501553-3013919606-753330415-998
does anyone have any ideas?
TIA
JAmes -
Misconfiguration detected in hash 'SID' / 'GID'
Hi!
We are having strange issues with a Snow Leopard Server (10.6.2). Every now an then, it will hang. There seems to be a connection to TimeMachine starting. Authentication via OD is then not possible, especially people can't access the wireless network via RADIUS. We have changed the RAM to no avail.
The only error messages I can find that might have to do with it are copied below - apparently a misconfiguration is detected: It seems there are two groups that both have ID 502 (com.apple.local.ard_reports, com.apple.access_radius); we also have two each with 501 (com.apple.local.ard_admin, com.apple.monitorallservices) and 500 (com.apple.adminallservices, com.apple.access_ssh). Can I just change the IDs or would that make matters worse? Could I delete one or the other to have it auto-regenerated?
We have a group radius with ID 5100 where we keep the users that are allowed access through radius as configured in Server Admin/RADIUS/settings/users.
Could someone please point me in the right direction?
Regards,
Torsten
2009-12-12 16:46:37 CET - T[0x0000000106987000] - Misconfiguration detected in hash 'Global GID':
2009-12-12 16:46:37 CET - T[0x0000000106987000] - Group 'com.apple.access_radius' (/Local/Default) - ID 502 - UUID 225D0F16-2BDB-4223-98AA-7D3F34B117AA - SID S-1-5-21-1369265768-2395346185-594960456-2005
2009-12-12 16:46:37 CET - T[0x0000000106987000] - Group 'com.apple.local.ard_reports' (/Local/Default) - ID 502 - UUID 38251EE2-BE65-4863-B8DE-0DDBC399C261 - SID S-1-5-21-1369265768-2395346185-594960456-2005
2009-12-12 16:46:37 CET - T[0x0000000106987000] - Misconfiguration detected in hash 'Global SID':
2009-12-12 16:46:37 CET - T[0x0000000106987000] - Group 'com.apple.access_radius' (/Local/Default) - ID 502 - UUID 225D0F16-2BDB-4223-98AA-7D3F34B117AA - SID S-1-5-21-1369265768-2395346185-594960456-2005
2009-12-12 16:46:37 CET - T[0x0000000106987000] - Group 'com.apple.local.ard_reports' (/Local/Default) - ID 502 - UUID 38251EE2-BE65-4863-B8DE-0DDBC399C261 - SID S-1-5-21-1369265768-2395346185-594960456-2005
2009-12-12 16:46:37 CET - T[0x0000000106987000] - Misconfiguration detected in hash 'GID':
2009-12-12 16:46:37 CET - T[0x0000000106987000] - Group 'com.apple.access_radius' (/Local/Default) - ID 502 - UUID 225D0F16-2BDB-4223-98AA-7D3F34B117AA - SID S-1-5-21-1369265768-2395346185-594960456-2005
2009-12-12 16:46:37 CET - T[0x0000000106987000] - Group 'com.apple.local.ard_reports' (/Local/Default) - ID 502 - UUID 38251EE2-BE65-4863-B8DE-0DDBC399C261 - SID S-1-5-21-1369265768-2395346185-594960456-2005
2009-12-12 16:46:37 CET - T[0x0000000106987000] - Misconfiguration detected in hash 'SID':
2009-12-12 16:46:37 CET - T[0x0000000106987000] - Group 'com.apple.access_radius' (/Local/Default) - ID 502 - UUID 225D0F16-2BDB-4223-98AA-7D3F34B117AA - SID S-1-5-21-1369265768-2395346185-594960456-2005
2009-12-12 16:46:37 CET - T[0x0000000106987000] - Group 'com.apple.local.ard_reports' (/Local/Default) - ID 502 - UUID 38251EE2-BE65-4863-B8DE-0DDBC399C261 - SID S-1-5-21-1369265768-2395346185-594960456-2005So, we too are having this issue. We have several systems that are all pointed to an OD that was upgraded from 10.5.8 to 10.6.0 (then 10.6.2), and all the systems a few times a day report:
Dec 23 10:00:00 server DirectoryService[29]: Misconfiguration detected in hash 'Global GID' - see /Library/Logs/DirectoryService/DirectoryService.error.log for details
Dec 23 10:00:00: --- last message repeated 5 times ---
Dec 23 10:00:00 server DirectoryService[29]: Misconfiguration detected in hash 'GID' - see /Library/Logs/DirectoryService/DirectoryService.error.log for details
Dec 23 10:09:03: --- last message repeated 5 times ---
When you look in DirectoryService.error.log, you get:
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Misconfiguration detected in hash 'Global GID':
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'wheel' (/LDAPv3/od.example.com) - ID 0 - UUID 9E733C05-88DE-4F83-9E09-038A887F1327 - SID S-1-5-21-4096-2147483678-1391576524-1001
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'wheel' (/Local/Default) - ID 0 - UUID ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000000 - SID S-1-5-21-4171259825-3059450906-1974363594-1001
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Misconfiguration detected in hash 'Global GID':
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'daemon' (/LDAPv3/od.example.com) - ID 1 - UUID 5860426A-2F8A-4CB8-932C-548A6351DAF7 - SID S-1-5-21-4096-2147483678-1391576524-1003
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'daemon' (/Local/Default) - ID 1 - UUID ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000001 - SID S-1-5-21-4171259825-3059450906-1974363594-1003
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Misconfiguration detected in hash 'Global GID':
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'kmem' (/LDAPv3/od.example.com) - ID 2 - UUID 218C138E-0861-4354-AD5E-EFBEE973A167 - SID S-1-5-21-4096-2147483678-1391576524-1005
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'kmem' (/Local/Default) - ID 2 - UUID ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000002 - SID S-1-5-21-4171259825-3059450906-1974363594-1005
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Misconfiguration detected in hash 'Global GID':
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'sys' (/LDAPv3/od.example.com) - ID 3 - UUID 41B0EEF7-6BDE-4AE2-9D74-FBC5B4E57A43 - SID S-1-5-21-4096-2147483678-1391576524-1007
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'sys' (/Local/Default) - ID 3 - UUID ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000003 - SID S-1-5-21-4171259825-3059450906-1974363594-1007
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Misconfiguration detected in hash 'Global GID':
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'tty' (/LDAPv3/od.example.com) - ID 4 - UUID 343B0640-571C-4210-99FA-585F274128AC - SID S-1-5-21-4096-2147483678-1391576524-1009
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'tty' (/Local/Default) - ID 4 - UUID ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000004 - SID S-1-5-21-4171259825-3059450906-1974363594-1009
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Misconfiguration detected in hash 'Global GID':
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'operator' (/LDAPv3/od.example.com) - ID 5 - UUID C7B00423-F511-4F09-BF56-13F06AE30B37 - SID S-1-5-21-4096-2147483678-1391576524-1011
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'operator' (/Local/Default) - ID 5 - UUID ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000005 - SID S-1-5-21-4171259825-3059450906-1974363594-1011
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Misconfiguration detected in hash 'GID':
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'wheel' (/Local/Default) - ID 0 - UUID ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000000 - SID S-1-5-21-4171259825-3059450906-1974363594-1001
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'wheel' (/LDAPv3/od.example.com) - ID 0 - UUID 9E733C05-88DE-4F83-9E09-038A887F1327 - SID S-1-5-21-4096-2147483678-1391576524-1001
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Misconfiguration detected in hash 'GID':
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'daemon' (/LDAPv3/od.example.com) - ID 1 - UUID 5860426A-2F8A-4CB8-932C-548A6351DAF7 - SID S-1-5-21-4096-2147483678-1391576524-1003
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'daemon' (/Local/Default) - ID 1 - UUID ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000001 - SID S-1-5-21-4171259825-3059450906-1974363594-1003
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Misconfiguration detected in hash 'GID':
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'kmem' (/LDAPv3/od.example.com) - ID 2 - UUID 218C138E-0861-4354-AD5E-EFBEE973A167 - SID S-1-5-21-4096-2147483678-1391576524-1005
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'kmem' (/Local/Default) - ID 2 - UUID ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000002 - SID S-1-5-21-4171259825-3059450906-1974363594-1005
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Misconfiguration detected in hash 'GID':
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'sys' (/LDAPv3/od.example.com) - ID 3 - UUID 41B0EEF7-6BDE-4AE2-9D74-FBC5B4E57A43 - SID S-1-5-21-4096-2147483678-1391576524-1007
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'sys' (/Local/Default) - ID 3 - UUID ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000003 - SID S-1-5-21-4171259825-3059450906-1974363594-1007
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Misconfiguration detected in hash 'GID':
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'tty' (/LDAPv3/od.example.com) - ID 4 - UUID 343B0640-571C-4210-99FA-585F274128AC - SID S-1-5-21-4096-2147483678-1391576524-1009
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'tty' (/Local/Default) - ID 4 - UUID ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000004 - SID S-1-5-21-4171259825-3059450906-1974363594-1009
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Misconfiguration detected in hash 'GID':
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'operator' (/LDAPv3/od.example.com) - ID 5 - UUID C7B00423-F511-4F09-BF56-13F06AE30B37 - SID S-1-5-21-4096-2147483678-1391576524-1011
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'operator' (/Local/Default) - ID 5 - UUID ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000005 - SID S-1-5-21-4171259825-3059450906-1974363594-1011
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Misconfiguration detected in hash 'GID':
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'wheel' (/Local/Default) - ID 0 - UUID ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000000 - SID S-1-5-21-4171259825-3059450906-1974363594-1001
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'wheel' (/LDAPv3/od.example.com) - ID 0 - UUID 9E733C05-88DE-4F83-9E09-038A887F1327 - SID S-1-5-21-4096-2147483678-1391576524-1001
To me, it sounds like there are groups defined in the OD (wheel, mysql, daemon, etc) that are also defined on the local machine. They probably shouldn't be defined on the domain because they're local accounts by design (and don't really need to be directory accounts).
So, one would think they could just be deleted from the directory, but obviously don't want to do that unless it's the right call.
Anyone see an issue with that? Is my analysis incorrect? -
Misconfiguration detected in hash 'Kerberos'
I am having difficulty troubleshooting this error. I have attached a section of the /var/log/opendirectoryd.log file while in debug mode. This is a 10.7.3 Open Directory master with no replicas. I put logging into debug mode to try to get to the root of this problem but I am not finding an answer to this issue. I am getting this same error message with multiple users, but they can all log in and function just fine. We are doing Radius auth to OD from our Cisco ASA for VPN connectivity and that works fine as well.
Any help would be greatly appreciated. Thanks!
2012-03-12 11:30:09.119 PDT - Multiple names for non-user record 'wleler' - will be cache miss for others
2012-03-12 11:30:09.119 PDT - Module: SystemCache - Attaching Kerberos id '[email protected].
OFFICE' to record 'wleler'
2012-03-12 11:30:09.119 PDT - Setting item 'wleler' with expiration 406137
2012-03-12 11:30:09.119 PDT - Adding item 'wleler' with expiration 406137
2012-03-12 11:30:09.119 PDT - Module: SystemCache - RBtree add - GlobalGUID - adding entry wleler (0x43E09310) - node 0x45903830
2012-03-12 11:30:09.119 PDT - Module: SystemCache - RBtree add - GlobalUID - adding entry wleler (0x43E09310) - node 0x45903B30
2012-03-12 11:30:09.119 PDT - Module: SystemCache - RBtree add - UserName - adding entry wleler (0x43E09310) - node 0x45903C60
2012-03-12 11:30:09.119 PDT - Module: SystemCache - Misconfiguration detected in hash 'Kerberos':
User 'wleler' (/LDAPv3/127.0.0.1) - ID 1043 - UUID C66E0823-A91D-4C27-9A37-4BA25090F3AC - SID S-1-5-21-2682738804-2853610044-371931698-3086
User 'cvaraghur' (/LDAPv3/127.0.0.1) - ID 1055 - UUID 062DA3EC-8197-460A-94DA-8F94008B4B0F - SID S-1-5-21-2682738804-2853610044-371931698-3110
2012-03-12 11:30:09.119 PDT - Module: SystemCache - RBtree add - GlobalSID - adding entry wleler (0x43E09310) - node 0x45903DE0
2012-03-12 11:30:09.119 PDT - Module: SystemCache - Merged record 'wleler' (0x459033E0) into 0x43E09310 - new authority 'Name'
2012-03-12 11:30:09.120 PDT - Finalizing request 6369 object 0x7fb445d3b860
2012-03-12 11:30:09.120 PDT - Finalizing request 6366 object 0x7fb445902f30
2012-03-12 11:30:09.130 PDT - 1458.6370 - Client: AppleFileServer, UID: 0, EUID: 0, GID: 0, EGID: 0
2012-03-12 11:30:09.130 PDT - 1458.6370 - Adding to global request list - new count 1
2012-03-12 11:30:09.130 PDT - 1458.6370 - ODQueryCreateWithNode request, NodeID: 425F4A0A-25C3-4E46-8A8E-EC4C2DD3465B, RecordType(s): dsRecTypeStandard:AFPUserAliases, Attribute: dsAttrTypeStandard:RecordName, MatchType: EqualTo, Equality: CaseExact, Value(s): wleler, Requested Attributes: dsAttributesAll, Max Results: 1Hi,
your log tells me that the users wleler and cvaraghur have the same values in "AltSecurityIdentities" -> something like "kerberos:[email protected]".
Go to: Systemsettings -> User & Groups -> Login options (the little House Symbol).
Then Klick the edit button beside the networkaccount server entry. In the new opened window click the open directory service button. Choose the right tree (Users) - (/LDAPv3/127.0.0.1) and authenticate yourself with the diradmin user. Check every single users entry "AltSecurityIdentities" and change untitled_1 to the users short name.
Example, change: "kerberos:[email protected]". to "kerberos:[email protected]" for your user wleler and
"kerberos:[email protected]" for user cvaraghur.
thats it -
Lion Server: Misconfiguration detected in hash 'UserGroupGUID'
Hi,
I'm new to OS X Server - the price had me installing and doing things manually prior to Lion. Previously I managed users and groups manually, but now I'm giving open directory a go. I'm seeing these messages in opendirectoryd.log:
2011-08-21 08:38:06.479 EDT - Module: SystemCache - Misconfiguration detected in hash 'UserGroupGUID':
Group 'workgroup' (/LDAPv3/localhost) - ID 1025 - UUID 96520719-99D8-4168-8AF1-11AD55FB389F - SID S-1-5-21-987654321-987654321-987654321-3051
Group 'workgroup' (/LDAPv3/127.0.0.1) - ID 1025 - UUID 96520719-99D8-4168-8AF1-11AD55FB389F - SID S-1-5-21-4096-2147483670-3416910327-3051
2011-08-21 08:38:06.482 EDT - Module: SystemCache - Misconfiguration detected in hash 'UserGroupGID':
Group 'workgroup' (/LDAPv3/localhost) - ID 1025 - UUID 96520719-99D8-4168-8AF1-11AD55FB389F - SID S-1-5-21-987654321-987654321-987654321-3051
Group 'workgroup' (/LDAPv3/127.0.0.1) - ID 1025 - UUID 96520719-99D8-4168-8AF1-11AD55FB389F - SID S-1-5-21-4096-2147483670-3416910327-3051
I also see this:
2011-08-21 08:38:04.990 EDT - Discovered configuration for node name '/LDAPv3/127.0.0.1' at path '/Library/Preferences/OpenDirectory/Configurations/LDAPv3/127.0.0.1.plist'
2011-08-21 08:38:04.990 EDT - Registered subnode with name '/LDAPv3/127.0.0.1'
2011-08-21 08:38:04.991 EDT - Discovered configuration for node name '/LDAPv3/localhost' at path '/Library/Preferences/OpenDirectory/Configurations/LDAPv3/localhost.plist'
2011-08-21 08:38:04.991 EDT - Registered subnode with name '/LDAPv3/localhost'
"workgroup" is the default group that was there - I didn't create it (or any other groups), though I did add members. I'm curios why it is referencing both "/LDAPv3/localhost" and "/LDAPv3/127.0.0.1", and I suspect that may be the issue. If so, any ideas on how I caused this, and how to fix it? My guess is that I could remove one of the .plist files, but if I have done something in the gui to cause this, I'd like to fix it there so that some config chagne doesn't end up re-creating the problem. So far I haven't done any "manual" editing of configuration files.
Thanks very much!Hah! Thanks for pointing that out! I've moved it over there:
https://discussions.apple.com/thread/3277778
Sorry about that! -
Misconfiguration detected in hash 'GID'
So it seems somehow I have a conflict between a default user and a sharepoint with their ID
Any help to resolve this would be great.
There are no access restrictions on this machine
2010-04-27 13:09:35 EDT - T[0x0000000102B81000] - Misconfiguration detected in hash 'GID':
2010-04-27 13:09:35 EDT - T[0x0000000102B81000] - Group 'com.apple.sharepoint.group.6' (/Local/Default) - ID 106 - UUID F2BBAF71-A605-4F25-8FE5-8927BE578F81 - SID S-1-5-21-2431082434-2368188631-2040194005-1213
2010-04-27 13:09:35 EDT - T[0x0000000102B81000] - Group 'com.apple.limited_admin' (/LDAPv3/127.0.0.1) - ID 106 - UUID 8622BF36-A93E-41C3-A390-6E584C1EEC5A - SID S-1-5-21-2431082434-2368188631-2040194005-1213
2010-04-27 13:09:35 EDT - T[0x0000000102B81000] - Misconfiguration detected in hash 'SID':
2010-04-27 13:09:35 EDT - T[0x0000000102B81000] - Group 'com.apple.sharepoint.group.6' (/Local/Default) - ID 106 - UUID F2BBAF71-A605-4F25-8FE5-8927BE578F81 - SID S-1-5-21-2431082434-2368188631-2040194005-1213
2010-04-27 13:09:35 EDT - T[0x0000000102B81000] - Group 'com.apple.limited_admin' (/LDAPv3/127.0.0.1) - ID 106 - UUID 8622BF36-A93E-41C3-A390-6E584C1EEC5A - SID S-1-5-21-2431082434-2368188631-2040194005-1213Hi, the problem is in the Server Admin - Acess tab. Remove the Access restriction of the service.
I have the same problem with the "com.apple.access_radius", removing all the restriction the error stop. -
Misconfiguration detected in hash -- but for a "group"? How to fix?
So I read the other threads about people with this problem -- but they get this for user accounts.
In my system.log file, I get these:
Nov 12 11:05:12 tts10 DirectoryService[29]: Misconfiguration detected in hash 'SID' - see /Library/Logs/DirectoryService/DirectoryService.error.log for details
But when I look in the error.log, it's referring to groups -- not users:
2009-11-12 11:05:12 EST - T[0x0000000103381000] - Misconfiguration detected in hash 'SID':
2009-11-12 11:05:12 EST - T[0x0000000103381000] - Group 'com.apple.sharepoint.group.1' (/Local/Default) - ID 101 - UUID FEC93DE0-2160-4841-83F9-8C3D4D92BF9D - SID S-1-5-21-447369889-2185500279-2677664303-1203
2009-11-12 11:05:12 EST - T[0x0000000103381000] - Group 'com.apple.access_screensharing' (/Local/Default) - ID 101 - UUID 193DC638-BF8C-44EF-8442-CF93E7B1B84C - SID S-1-5-21-447369889-2185500279-2677664303-1203
Which apparently seem to have the same ID.
However, I'm not seeing these groups in WGM. What should I be looking for to find the groups and their IDs?
(I'm suspicious of the group that says "group.1" being a duplicate group...)
This is a server that started at 10.5.6, was updated accordingly through 10.5.8 and was updated to 10.6.0/1 a month or so ago and had the 10.6.2 combo update installed a couple of days ago.
Thanks!A bit more on this...
I looked at the groups with dscl.
Sure enough, they show the same "PrimaryGroupID":
/Local/Default/Groups > read com.apple.access_screensharing
AppleMetaNodeLocation: /Local/Default
GeneratedUID: 193DC638-BF8C-44EF-8442-CF93E7B1B84C
NestedGroups: ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000050
PrimaryGroupID: 101
RealName:
Screen Sharing Group
RecordName: com.apple.access_screensharing
RecordType: dsRecTypeStandard:Groups
/Local/Default/Groups > read com.apple.sharepoint.group.1
AppleMetaNodeLocation: /Local/Default
GeneratedUID: FEC93DE0-2160-4841-83F9-8C3D4D92BF9D
GroupMembers: FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000000
GroupMembership: root
NestedGroups: ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000050 ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C
PrimaryGroupID: 101
RealName: Public
RecordName: com.apple.sharepoint.group.1
RecordType: dsRecTypeStandard:Groups
/Local/Default/Groups >
I'm just not sure what I'm supposed to do now? On another box, "screensharing" is group "401" (and has a different "RealName"):
/Local/Default/Groups > read com.apple.access_screensharing
AppleMetaNodeLocation: /Local/Default
GeneratedUID: 739023F9-4456-4C1F-BEDB-0EB013B0415B
NestedGroups: ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000050
PrimaryGroupID: 401
RealName:
Screen Sharing ACL
RecordName: com.apple.access_screensharing
RecordType: dsRecTypeStandard:Groups
/Local/Default/Groups >
Thoughts? Suggestions? -
Password hashing on client side
Hi. I would like my users to have their passwords hashed in SHA1 at the client side when they login so that when the html form comes to the server, the password is hashed and in case if the form is being eavesdropped on , I do not need to worry about the passwords in plain since it's hashed.
I am not using SSL because there isn't much things to encrypt or hide secret other than just for the login passwords or users changing their user profile like updating their passwords. And SSL can add quite abit of cost to my client's web hosting budget.
So simply, is there anyway to hash passwords in client side using JSP before it is sent to the server ?Not using jsp no, because JSP stands for Java SERVER Pages. Meaning that java/jsp only runs on the server.
You can do it in javascript client-side: http://www.movable-type.co.uk/scripts/sha1.html
But whats the point?
Now instead of sending what they user typed in, you send the hash of it.
If anyone is monitoring the line, they can just send the hash of it as well.
No protection is afforded you by doing this.
Hashing the password doesn't stop someone stealing it by tapping into the line.
What is DOES stop is somebody querying your database and saying "give me a list of username/passwords" -
How could I access the UID (or SID) on a usb flash drive? I
want to use the UID to authenticate that the program is on one of
my USB flash drives and then use it to authenticate data passed to
a web form."Applied CD" <[email protected]> wrote in
message
news:gnk4hg$cth$[email protected]..
> You might want to look at U3 enabled flash drives. These
drives
> provide
> environment variables that will let you authenticate the
media. I?m
> not saying
> it will be easy, you?ll still need an xtra because the
environment
> variables
> are made available to C programmers, not directly
accessible in
> Director. On
> top of that, we tested a concept of using these drives
as give-aways
> with
> preloaded advertising and I found the U3 launcher alone
to be
> incredibly
> annoying, much less having advertising dumped on top ?
but ? if
> you?re putting
> something useful on the drive then maybe U3 will be a
solution for
> you.
Hi,
the U3 launcher, is that a sort of "autorun" thingie? :( :(
If so, then I am already having deja-vues....
Richard -
How can I detect if a global bolean variable has changed
I have a boolean global variable that change its value from time to time. At hte beginning of my program I take the actual time, but everytime this value change I have to reset this previous value and take the actual one. I've tried to do this with the event structure but it doesn't work because this is a global variable and not a control in the panel. Some idea to solve this problem? Thanks in advance,
AngelIt's mainly because you are reading value change events for the indicator, not the control. Value change events are only fired for changes given by a user. The indicator however is not updated by the GUI, but by programmatic input from the control. By replacing the reference with a reference to the control it will work. Or you can write the value to the indicator by using a Value (Signaling) property, that will trigger a change event for the indicator.
Note: You should not register the event inside the loop, do that only once - outside the loop.
If the boolean you are to monitor is not changed from the GUI you can as I mentioned above make it fire an event by setting the value using the value signalling property inst
ead of wiring the new value directly, but the property node has it's downsides so another option is to create a user event, put that reference in the global, and then run the generate user event function whenever the boolean changes.
I see you read the ms timer when the value changes. Why? If you want the time get the time, if you want the time since the last update you could use the ms timer, keep the previous value in a shift register and then calculate the difference, but the ms timer rolls over now and then so that can give false results...What is the purpose of the time and how often does the value change?
Attached is an exmaple that use a user event and the generate event function.
MTO
Attachments:
example_Rev3.llb 54 KB -
Detecting validation error on client side
If there is some error in validation on the field of ViewObject which is binded with a page, that component shows error message. I want to set some javascript fields on client side when a component gets error. How i can do that?
Hi,
for this you will need to catch the error in a custom error handler and call JavaScript from a managed bean (see chapter 5 of the Web Developer guide in the OTN documentation for JDeveloper and ADF).
Frank -
Al of a sudden after trying to get profiles running with server app I can no longer log into the system with my user account. I can however log in with the root user.
Ihave tried a ton of support articles from apple support site and web based searches to no avail?Al of a sudden after trying to get profiles running with server app I can no longer log into the system with my user account. I can however log in with the root user.
Ihave tried a ton of support articles from apple support site and web based searches to no avail? -
Duplicate UIDs, authentication AD
We have lab machines that are bound to Active Directory, no Open Directory, just Active, being managed with local MCX settings. I have a two users who have somehow gotten the same UID from the Macintosh. Now when one of them logs in, it is trying to use the other's home directory, can't find and gives the error message the users home directory can't be found in the usual place. It logs the user in, but sees him as the other user.
Active Directory does not have this attribute anywhere and I'm trying to find out how to get rid of the duplicate UID and have one of the users get a new one.
What I don't understand is why it is saving that information. For the lab machines, the accounts are deleted on logout (and login), so there should be no record of any of the users.
Here's the message Console gives me:
2011-04-15 11:30:46 EDT - T[0x000000010200B000] - Misconfiguration detected in hash 'Global UID':
2011-04-15 11:30:46 EDT - T[0x000000010200B000] - User 'userA' (/Active Directory/student.ads.xxxx.xxx) - ID 506956629 - UUID 9E378B55-22AD-47AA-B0AE-AE56CB387A47 - SID S-1-5-21-3326139827-3656363311-3723297674-111390
2011-04-15 11:30:46 EDT - T[0x000000010200B000] - User 'userB' (/Active Directory/student.ads.xxxx.xxx) - ID 506956629 - UUID 1E378B55-A39A-4D72-96B8-46417E225A00 - SID S-1-5-21-3326139827-3656363311-3723297674-36961
Thanks for any help!I had to submit a trouble ticket to AELP and found out, it's the alogrithm, they use in generating the uniqueID. Something about it takes the GUID and the some other attribute and comes up with a uniqueID that follows that user.
I was told it was a million to one shot that it would happen, but it could happen, and it did. The best resolution was to delete one of the accounts and recreate and then it would get a different GUID and then OSX will generate a new (really new) uniqueID.
I did try the unbind and bind first, but obviously that didn't do anything for the user.
Thanks for the response and hopefully, the next one in a millionth user will find this answer helpful! -
Mobile-accounts FULL PATH badboy
Our goal is to get Mobile Accounts with Portable Home Directories working. The home folders are stored on an external hard drive on Mac OS X Server 10.6.3. It's more or less working... but not quite ARGHH! HELP!!
The short question is: What value do I use for the 'full path'
The obvious answer, causes problems.
THE GORY DETAILS (+aka. 'argh!!'+):
Since all the files for user1 are stored on macsrv1 in /Volumes/team1/users/user1 I believe that in WGM I should have:
Share Point URL: afp://macsrv1.disney.ch/users
path to home: user1
full path: /Volumes/team1/users/user1
but when I try to log onto user1 on mac1, for the first time, it fails.
In /var/log/secure.log I read +"user1 not known"+.
And +"Could not get the user record for 'user1' from Directory Services"+
(see *error1 at the bottom of this msg)
IF I CHANGE the full path to:
full path: /Network/Servers/macsrv1.disney.ch/users/user1
THE LOGIN WORKS (I'm asked if I want to create a mobile account and when I say yes, a local folder is created on mac1, and any syncing does indeed cause files to appear on macsrv1 in /Volumes/team1/users/user1
HOWEVER (+aka. Oh no!+):
When the user does an ssh into macsrv1, his home directory (cd ~ or echo $HOME) is /Network/servers/macsrv1.disney.ch/users/user1 which is really just /users/users1 which is a virgin/template-like folder.. certainy not /Volumes/team1/users/user1
BUT (goodnews here)
If I now set the full path back...
full path: /Volumes/team1/users/user1
Everything works. Loggging into mac1 ok. SSHing into macsrv1 ok.
But logging into mac2 fails (until I switch out the full path again)
*a. WHAT SHOULD BE THE CORRECT VALUE FOR FULL PATH?*
b. If it should be /Volumes/team1/users/user1 then how can I convince the client macs to create the mobile account?
2. I have a 2nd question concerning the automount re-mounting the drive... causing a double mount! I've described the problem here: http://discussions.apple.com/thread.jspa?threadID=2461695&stqc=true
I've hunted through the forums, where appartently the answer lies, without success. Please help!
/shawn
THANKS FOR ANY INSIGHT/help.
Helpers get free beer if they come to Switzerland.
p.s. I might add that the afp Share point on macsrv1 for /Volumes/team1/users is called 'users' (configured via WGM). Does that help? Maybe there is some weird conflict between there existing a /Users in root, and there being a mount called 'users'?
*error1:
After the login window, the user is informed that "Zou are unable to log into the user account. An error has occurred". In system.log on mac1 I read +"edu.mit.Kerberos.CCacheServer[927]: launchctl start error: No such process"+
+edu.mit.Kerberos.CCacheServer[927]: launchctl start error: No such process+
Message was edited by: DrKdevOther observations:
*1. from /Library/Logs/DirectoryService/DirectoryService.error.log*
2010-06-18 14:04:11 CEST - T[0xB0185000] - Misconfiguration detected in hash 'Global UID':
2010-06-18 14:04:11 CEST - T[0xB0185000] - User 'user1' (/LDAPv3/macsrv1.disney.ch) - ID 1035 - UUID 80699B6C-A90E-4D2F-9B07-FB78F72E9709 - SID S-1-5-21-4063190502-2217233148-2094676766-3070
*2. user IS showing up in the login window.*
If I configure the login window to show all users (including network users), then user1 does indeed show up.
*3. Logging into user1 via ssh works.*
*4. dscl on macsrv1*
dscl /LDAPv3/127.0.0.1 -list /Users
does indeed show user1 (and any other user I create)
So why can't I login/create user1 on the client mac without toggling the FULL PATH to /Network/Servers/macsrv1.disney.ch/users/user1 first? arghh!
Maybe you are looking for
-
Maximum file size of 2 GB exceeded please choose a shorter bounce time
I have done a thorough search online (w/google) trying several combinations of words but I seem to be the only person on the planet with this error. I guess I will try to remake the project but I don't think it will fix the problem. I also will updat
-
Dynamic Link issues between Pr and Ae
Hey Guys - We have had issues with our dynamic link since the last update to Premiere CC 45 days ago. Two different iMacs, one 2010 and the other late 2012 are both having these issues. Regardless of system, we weren't having the issue before the mos
-
Missing cover art from iTunes on iPhone
Some of the albums on my iPhone (bought via iTunes) are missing their cover art. On my iMac all the albums in iTunes have their cover art. When I sync the iPhone on my iMac, the cover art doesn't update on the iPhone! The iPhone iTunes cover art used
-
I cannot view folders and files in finder on macbook pro OS version 10.9.5. Why it happens and what should I do about it?
-
Soap messages from Oracle 9.2
I want to send soap messages from Oracle 9.2 Database. Our requirement would involve sending multiple rows of data. Is this feasible?