Misconfiguration detected in hash 'SID' / 'GID'
Hi!
We are having strange issues with a Snow Leopard Server (10.6.2). Every now an then, it will hang. There seems to be a connection to TimeMachine starting. Authentication via OD is then not possible, especially people can't access the wireless network via RADIUS. We have changed the RAM to no avail.
The only error messages I can find that might have to do with it are copied below - apparently a misconfiguration is detected: It seems there are two groups that both have ID 502 (com.apple.local.ard_reports, com.apple.access_radius); we also have two each with 501 (com.apple.local.ard_admin, com.apple.monitorallservices) and 500 (com.apple.adminallservices, com.apple.access_ssh). Can I just change the IDs or would that make matters worse? Could I delete one or the other to have it auto-regenerated?
We have a group radius with ID 5100 where we keep the users that are allowed access through radius as configured in Server Admin/RADIUS/settings/users.
Could someone please point me in the right direction?
Regards,
Torsten
2009-12-12 16:46:37 CET - T[0x0000000106987000] - Misconfiguration detected in hash 'Global GID':
2009-12-12 16:46:37 CET - T[0x0000000106987000] - Group 'com.apple.access_radius' (/Local/Default) - ID 502 - UUID 225D0F16-2BDB-4223-98AA-7D3F34B117AA - SID S-1-5-21-1369265768-2395346185-594960456-2005
2009-12-12 16:46:37 CET - T[0x0000000106987000] - Group 'com.apple.local.ard_reports' (/Local/Default) - ID 502 - UUID 38251EE2-BE65-4863-B8DE-0DDBC399C261 - SID S-1-5-21-1369265768-2395346185-594960456-2005
2009-12-12 16:46:37 CET - T[0x0000000106987000] - Misconfiguration detected in hash 'Global SID':
2009-12-12 16:46:37 CET - T[0x0000000106987000] - Group 'com.apple.access_radius' (/Local/Default) - ID 502 - UUID 225D0F16-2BDB-4223-98AA-7D3F34B117AA - SID S-1-5-21-1369265768-2395346185-594960456-2005
2009-12-12 16:46:37 CET - T[0x0000000106987000] - Group 'com.apple.local.ard_reports' (/Local/Default) - ID 502 - UUID 38251EE2-BE65-4863-B8DE-0DDBC399C261 - SID S-1-5-21-1369265768-2395346185-594960456-2005
2009-12-12 16:46:37 CET - T[0x0000000106987000] - Misconfiguration detected in hash 'GID':
2009-12-12 16:46:37 CET - T[0x0000000106987000] - Group 'com.apple.access_radius' (/Local/Default) - ID 502 - UUID 225D0F16-2BDB-4223-98AA-7D3F34B117AA - SID S-1-5-21-1369265768-2395346185-594960456-2005
2009-12-12 16:46:37 CET - T[0x0000000106987000] - Group 'com.apple.local.ard_reports' (/Local/Default) - ID 502 - UUID 38251EE2-BE65-4863-B8DE-0DDBC399C261 - SID S-1-5-21-1369265768-2395346185-594960456-2005
2009-12-12 16:46:37 CET - T[0x0000000106987000] - Misconfiguration detected in hash 'SID':
2009-12-12 16:46:37 CET - T[0x0000000106987000] - Group 'com.apple.access_radius' (/Local/Default) - ID 502 - UUID 225D0F16-2BDB-4223-98AA-7D3F34B117AA - SID S-1-5-21-1369265768-2395346185-594960456-2005
2009-12-12 16:46:37 CET - T[0x0000000106987000] - Group 'com.apple.local.ard_reports' (/Local/Default) - ID 502 - UUID 38251EE2-BE65-4863-B8DE-0DDBC399C261 - SID S-1-5-21-1369265768-2395346185-594960456-2005
So, we too are having this issue. We have several systems that are all pointed to an OD that was upgraded from 10.5.8 to 10.6.0 (then 10.6.2), and all the systems a few times a day report:
Dec 23 10:00:00 server DirectoryService[29]: Misconfiguration detected in hash 'Global GID' - see /Library/Logs/DirectoryService/DirectoryService.error.log for details
Dec 23 10:00:00: --- last message repeated 5 times ---
Dec 23 10:00:00 server DirectoryService[29]: Misconfiguration detected in hash 'GID' - see /Library/Logs/DirectoryService/DirectoryService.error.log for details
Dec 23 10:09:03: --- last message repeated 5 times ---
When you look in DirectoryService.error.log, you get:
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Misconfiguration detected in hash 'Global GID':
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'wheel' (/LDAPv3/od.example.com) - ID 0 - UUID 9E733C05-88DE-4F83-9E09-038A887F1327 - SID S-1-5-21-4096-2147483678-1391576524-1001
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'wheel' (/Local/Default) - ID 0 - UUID ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000000 - SID S-1-5-21-4171259825-3059450906-1974363594-1001
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Misconfiguration detected in hash 'Global GID':
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'daemon' (/LDAPv3/od.example.com) - ID 1 - UUID 5860426A-2F8A-4CB8-932C-548A6351DAF7 - SID S-1-5-21-4096-2147483678-1391576524-1003
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'daemon' (/Local/Default) - ID 1 - UUID ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000001 - SID S-1-5-21-4171259825-3059450906-1974363594-1003
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Misconfiguration detected in hash 'Global GID':
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'kmem' (/LDAPv3/od.example.com) - ID 2 - UUID 218C138E-0861-4354-AD5E-EFBEE973A167 - SID S-1-5-21-4096-2147483678-1391576524-1005
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'kmem' (/Local/Default) - ID 2 - UUID ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000002 - SID S-1-5-21-4171259825-3059450906-1974363594-1005
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Misconfiguration detected in hash 'Global GID':
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'sys' (/LDAPv3/od.example.com) - ID 3 - UUID 41B0EEF7-6BDE-4AE2-9D74-FBC5B4E57A43 - SID S-1-5-21-4096-2147483678-1391576524-1007
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'sys' (/Local/Default) - ID 3 - UUID ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000003 - SID S-1-5-21-4171259825-3059450906-1974363594-1007
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Misconfiguration detected in hash 'Global GID':
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'tty' (/LDAPv3/od.example.com) - ID 4 - UUID 343B0640-571C-4210-99FA-585F274128AC - SID S-1-5-21-4096-2147483678-1391576524-1009
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'tty' (/Local/Default) - ID 4 - UUID ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000004 - SID S-1-5-21-4171259825-3059450906-1974363594-1009
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Misconfiguration detected in hash 'Global GID':
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'operator' (/LDAPv3/od.example.com) - ID 5 - UUID C7B00423-F511-4F09-BF56-13F06AE30B37 - SID S-1-5-21-4096-2147483678-1391576524-1011
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'operator' (/Local/Default) - ID 5 - UUID ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000005 - SID S-1-5-21-4171259825-3059450906-1974363594-1011
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Misconfiguration detected in hash 'GID':
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'wheel' (/Local/Default) - ID 0 - UUID ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000000 - SID S-1-5-21-4171259825-3059450906-1974363594-1001
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'wheel' (/LDAPv3/od.example.com) - ID 0 - UUID 9E733C05-88DE-4F83-9E09-038A887F1327 - SID S-1-5-21-4096-2147483678-1391576524-1001
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Misconfiguration detected in hash 'GID':
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'daemon' (/LDAPv3/od.example.com) - ID 1 - UUID 5860426A-2F8A-4CB8-932C-548A6351DAF7 - SID S-1-5-21-4096-2147483678-1391576524-1003
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'daemon' (/Local/Default) - ID 1 - UUID ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000001 - SID S-1-5-21-4171259825-3059450906-1974363594-1003
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Misconfiguration detected in hash 'GID':
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'kmem' (/LDAPv3/od.example.com) - ID 2 - UUID 218C138E-0861-4354-AD5E-EFBEE973A167 - SID S-1-5-21-4096-2147483678-1391576524-1005
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'kmem' (/Local/Default) - ID 2 - UUID ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000002 - SID S-1-5-21-4171259825-3059450906-1974363594-1005
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Misconfiguration detected in hash 'GID':
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'sys' (/LDAPv3/od.example.com) - ID 3 - UUID 41B0EEF7-6BDE-4AE2-9D74-FBC5B4E57A43 - SID S-1-5-21-4096-2147483678-1391576524-1007
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'sys' (/Local/Default) - ID 3 - UUID ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000003 - SID S-1-5-21-4171259825-3059450906-1974363594-1007
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Misconfiguration detected in hash 'GID':
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'tty' (/LDAPv3/od.example.com) - ID 4 - UUID 343B0640-571C-4210-99FA-585F274128AC - SID S-1-5-21-4096-2147483678-1391576524-1009
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'tty' (/Local/Default) - ID 4 - UUID ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000004 - SID S-1-5-21-4171259825-3059450906-1974363594-1009
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Misconfiguration detected in hash 'GID':
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'operator' (/LDAPv3/od.example.com) - ID 5 - UUID C7B00423-F511-4F09-BF56-13F06AE30B37 - SID S-1-5-21-4096-2147483678-1391576524-1011
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'operator' (/Local/Default) - ID 5 - UUID ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000005 - SID S-1-5-21-4171259825-3059450906-1974363594-1011
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Misconfiguration detected in hash 'GID':
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'wheel' (/Local/Default) - ID 0 - UUID ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000000 - SID S-1-5-21-4171259825-3059450906-1974363594-1001
2009-12-23 10:37:43 PST - T[0x0000000103381000] - Group 'wheel' (/LDAPv3/od.example.com) - ID 0 - UUID 9E733C05-88DE-4F83-9E09-038A887F1327 - SID S-1-5-21-4096-2147483678-1391576524-1001
To me, it sounds like there are groups defined in the OD (wheel, mysql, daemon, etc) that are also defined on the local machine. They probably shouldn't be defined on the domain because they're local accounts by design (and don't really need to be directory accounts).
So, one would think they could just be deleted from the directory, but obviously don't want to do that unless it's the right call.
Anyone see an issue with that? Is my analysis incorrect?
Similar Messages
-
Misconfiguration detected in hash 'GID'
So it seems somehow I have a conflict between a default user and a sharepoint with their ID
Any help to resolve this would be great.
There are no access restrictions on this machine
2010-04-27 13:09:35 EDT - T[0x0000000102B81000] - Misconfiguration detected in hash 'GID':
2010-04-27 13:09:35 EDT - T[0x0000000102B81000] - Group 'com.apple.sharepoint.group.6' (/Local/Default) - ID 106 - UUID F2BBAF71-A605-4F25-8FE5-8927BE578F81 - SID S-1-5-21-2431082434-2368188631-2040194005-1213
2010-04-27 13:09:35 EDT - T[0x0000000102B81000] - Group 'com.apple.limited_admin' (/LDAPv3/127.0.0.1) - ID 106 - UUID 8622BF36-A93E-41C3-A390-6E584C1EEC5A - SID S-1-5-21-2431082434-2368188631-2040194005-1213
2010-04-27 13:09:35 EDT - T[0x0000000102B81000] - Misconfiguration detected in hash 'SID':
2010-04-27 13:09:35 EDT - T[0x0000000102B81000] - Group 'com.apple.sharepoint.group.6' (/Local/Default) - ID 106 - UUID F2BBAF71-A605-4F25-8FE5-8927BE578F81 - SID S-1-5-21-2431082434-2368188631-2040194005-1213
2010-04-27 13:09:35 EDT - T[0x0000000102B81000] - Group 'com.apple.limited_admin' (/LDAPv3/127.0.0.1) - ID 106 - UUID 8622BF36-A93E-41C3-A390-6E584C1EEC5A - SID S-1-5-21-2431082434-2368188631-2040194005-1213Hi, the problem is in the Server Admin - Acess tab. Remove the Access restriction of the service.
I have the same problem with the "com.apple.access_radius", removing all the restriction the error stop. -
Misconfiguration detected in hash -- but for a "group"? How to fix?
So I read the other threads about people with this problem -- but they get this for user accounts.
In my system.log file, I get these:
Nov 12 11:05:12 tts10 DirectoryService[29]: Misconfiguration detected in hash 'SID' - see /Library/Logs/DirectoryService/DirectoryService.error.log for details
But when I look in the error.log, it's referring to groups -- not users:
2009-11-12 11:05:12 EST - T[0x0000000103381000] - Misconfiguration detected in hash 'SID':
2009-11-12 11:05:12 EST - T[0x0000000103381000] - Group 'com.apple.sharepoint.group.1' (/Local/Default) - ID 101 - UUID FEC93DE0-2160-4841-83F9-8C3D4D92BF9D - SID S-1-5-21-447369889-2185500279-2677664303-1203
2009-11-12 11:05:12 EST - T[0x0000000103381000] - Group 'com.apple.access_screensharing' (/Local/Default) - ID 101 - UUID 193DC638-BF8C-44EF-8442-CF93E7B1B84C - SID S-1-5-21-447369889-2185500279-2677664303-1203
Which apparently seem to have the same ID.
However, I'm not seeing these groups in WGM. What should I be looking for to find the groups and their IDs?
(I'm suspicious of the group that says "group.1" being a duplicate group...)
This is a server that started at 10.5.6, was updated accordingly through 10.5.8 and was updated to 10.6.0/1 a month or so ago and had the 10.6.2 combo update installed a couple of days ago.
Thanks!A bit more on this...
I looked at the groups with dscl.
Sure enough, they show the same "PrimaryGroupID":
/Local/Default/Groups > read com.apple.access_screensharing
AppleMetaNodeLocation: /Local/Default
GeneratedUID: 193DC638-BF8C-44EF-8442-CF93E7B1B84C
NestedGroups: ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000050
PrimaryGroupID: 101
RealName:
Screen Sharing Group
RecordName: com.apple.access_screensharing
RecordType: dsRecTypeStandard:Groups
/Local/Default/Groups > read com.apple.sharepoint.group.1
AppleMetaNodeLocation: /Local/Default
GeneratedUID: FEC93DE0-2160-4841-83F9-8C3D4D92BF9D
GroupMembers: FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000000
GroupMembership: root
NestedGroups: ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000050 ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C
PrimaryGroupID: 101
RealName: Public
RecordName: com.apple.sharepoint.group.1
RecordType: dsRecTypeStandard:Groups
/Local/Default/Groups >
I'm just not sure what I'm supposed to do now? On another box, "screensharing" is group "401" (and has a different "RealName"):
/Local/Default/Groups > read com.apple.access_screensharing
AppleMetaNodeLocation: /Local/Default
GeneratedUID: 739023F9-4456-4C1F-BEDB-0EB013B0415B
NestedGroups: ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000050
PrimaryGroupID: 401
RealName:
Screen Sharing ACL
RecordName: com.apple.access_screensharing
RecordType: dsRecTypeStandard:Groups
/Local/Default/Groups >
Thoughts? Suggestions? -
Misconfiguration detected in hash 'Global SID'
Greetings
I have the above message in my Directory Services Error log, repeated over & over. I read other posts about this which seem to relate to overlapping user or group IDs. I don't have that issue, and in fact this seems to relate to computer records rather than users or groups. As a test, I deleted & recreated the Guest Computer record, but still get the same issue.
eddie.waveneyrivercentre.co.uk is the name of the server, and if I am understanding the log correctly it's computer record is somehow conflicting with the guest computer record?
Mac Mini OS X Server 10.6.2
Here's the log:
2009-12-29 21:45:41 GMT - T[0x0000000101D05000] - Misconfiguration detected in hash 'Global SID':
2009-12-29 21:45:41 GMT - T[0x0000000101D05000] - Computer 'guest' (/LDAPv3/127.0.0.1) - ID -1 - UUID CE6FD001-9FAD-40EF-89D0-6993842825D5 - SID S-1-5-21-621501553-3013919606-753330415-998
2009-12-29 21:45:41 GMT - T[0x0000000101D05000] - Computer 'eddie.waveneyrivercentre.co.uk$' (/Local/Default) - ID -1 - UUID 4D69A263-5232-4AB4-A7F7-63C57E7F2F70 - SID S-1-5-21-621501553-3013919606-753330415-998
2009-12-29 21:45:41 GMT - T[0x0000000100786000] - Misconfiguration detected in hash 'Global SID':
2009-12-29 21:45:41 GMT - T[0x0000000100786000] - Computer 'guest' (/LDAPv3/127.0.0.1) - ID -1 - UUID CE6FD001-9FAD-40EF-89D0-6993842825D5 - SID S-1-5-21-621501553-3013919606-753330415-998
2009-12-29 21:45:41 GMT - T[0x0000000100786000] - Computer 'eddie.waveneyrivercentre.co.uk$' (/Local/Default) - ID -1 - UUID 4D69A263-5232-4AB4-A7F7-63C57E7F2F70 - SID S-1-5-21-621501553-3013919606-753330415-998
does anyone have any ideas?
TIA
JAmesGreetings
I have the above message in my Directory Services Error log, repeated over & over. I read other posts about this which seem to relate to overlapping user or group IDs. I don't have that issue, and in fact this seems to relate to computer records rather than users or groups. As a test, I deleted & recreated the Guest Computer record, but still get the same issue.
eddie.waveneyrivercentre.co.uk is the name of the server, and if I am understanding the log correctly it's computer record is somehow conflicting with the guest computer record?
Mac Mini OS X Server 10.6.2
Here's the log:
2009-12-29 21:45:41 GMT - T[0x0000000101D05000] - Misconfiguration detected in hash 'Global SID':
2009-12-29 21:45:41 GMT - T[0x0000000101D05000] - Computer 'guest' (/LDAPv3/127.0.0.1) - ID -1 - UUID CE6FD001-9FAD-40EF-89D0-6993842825D5 - SID S-1-5-21-621501553-3013919606-753330415-998
2009-12-29 21:45:41 GMT - T[0x0000000101D05000] - Computer 'eddie.waveneyrivercentre.co.uk$' (/Local/Default) - ID -1 - UUID 4D69A263-5232-4AB4-A7F7-63C57E7F2F70 - SID S-1-5-21-621501553-3013919606-753330415-998
2009-12-29 21:45:41 GMT - T[0x0000000100786000] - Misconfiguration detected in hash 'Global SID':
2009-12-29 21:45:41 GMT - T[0x0000000100786000] - Computer 'guest' (/LDAPv3/127.0.0.1) - ID -1 - UUID CE6FD001-9FAD-40EF-89D0-6993842825D5 - SID S-1-5-21-621501553-3013919606-753330415-998
2009-12-29 21:45:41 GMT - T[0x0000000100786000] - Computer 'eddie.waveneyrivercentre.co.uk$' (/Local/Default) - ID -1 - UUID 4D69A263-5232-4AB4-A7F7-63C57E7F2F70 - SID S-1-5-21-621501553-3013919606-753330415-998
does anyone have any ideas?
TIA
JAmes -
Misconfiguration detected in hash global uid/sid
running on a mac os x sever network 10.6.8 with over 2,000 users and over 50 groups. for about 1 full year now in sever admin we get this error NON stop witch seems to happen when ever someone logs in. It will say
"misconfiguration detected in hash global UID" OR
"misconfiguration detected in hash global SID"
this is nonstop. From what i have read this is due to the same user or group having the same ID. Where can i go to psychically see if they have the same ID (in WGM it does not show any doubled ID's)
with over 2,000 users and people logging in all the time this error comes out about every 1 minute. Is there any fix for this?running on a mac os x sever network 10.6.8 with over 2,000 users and over 50 groups. for about 1 full year now in sever admin we get this error NON stop witch seems to happen when ever someone logs in. It will say
"misconfiguration detected in hash global UID" OR
"misconfiguration detected in hash global SID"
this is nonstop. From what i have read this is due to the same user or group having the same ID. Where can i go to psychically see if they have the same ID (in WGM it does not show any doubled ID's)
with over 2,000 users and people logging in all the time this error comes out about every 1 minute. Is there any fix for this? -
Misconfiguration detected in hash 'Kerberos'
I am having difficulty troubleshooting this error. I have attached a section of the /var/log/opendirectoryd.log file while in debug mode. This is a 10.7.3 Open Directory master with no replicas. I put logging into debug mode to try to get to the root of this problem but I am not finding an answer to this issue. I am getting this same error message with multiple users, but they can all log in and function just fine. We are doing Radius auth to OD from our Cisco ASA for VPN connectivity and that works fine as well.
Any help would be greatly appreciated. Thanks!
2012-03-12 11:30:09.119 PDT - Multiple names for non-user record 'wleler' - will be cache miss for others
2012-03-12 11:30:09.119 PDT - Module: SystemCache - Attaching Kerberos id '[email protected].
OFFICE' to record 'wleler'
2012-03-12 11:30:09.119 PDT - Setting item 'wleler' with expiration 406137
2012-03-12 11:30:09.119 PDT - Adding item 'wleler' with expiration 406137
2012-03-12 11:30:09.119 PDT - Module: SystemCache - RBtree add - GlobalGUID - adding entry wleler (0x43E09310) - node 0x45903830
2012-03-12 11:30:09.119 PDT - Module: SystemCache - RBtree add - GlobalUID - adding entry wleler (0x43E09310) - node 0x45903B30
2012-03-12 11:30:09.119 PDT - Module: SystemCache - RBtree add - UserName - adding entry wleler (0x43E09310) - node 0x45903C60
2012-03-12 11:30:09.119 PDT - Module: SystemCache - Misconfiguration detected in hash 'Kerberos':
User 'wleler' (/LDAPv3/127.0.0.1) - ID 1043 - UUID C66E0823-A91D-4C27-9A37-4BA25090F3AC - SID S-1-5-21-2682738804-2853610044-371931698-3086
User 'cvaraghur' (/LDAPv3/127.0.0.1) - ID 1055 - UUID 062DA3EC-8197-460A-94DA-8F94008B4B0F - SID S-1-5-21-2682738804-2853610044-371931698-3110
2012-03-12 11:30:09.119 PDT - Module: SystemCache - RBtree add - GlobalSID - adding entry wleler (0x43E09310) - node 0x45903DE0
2012-03-12 11:30:09.119 PDT - Module: SystemCache - Merged record 'wleler' (0x459033E0) into 0x43E09310 - new authority 'Name'
2012-03-12 11:30:09.120 PDT - Finalizing request 6369 object 0x7fb445d3b860
2012-03-12 11:30:09.120 PDT - Finalizing request 6366 object 0x7fb445902f30
2012-03-12 11:30:09.130 PDT - 1458.6370 - Client: AppleFileServer, UID: 0, EUID: 0, GID: 0, EGID: 0
2012-03-12 11:30:09.130 PDT - 1458.6370 - Adding to global request list - new count 1
2012-03-12 11:30:09.130 PDT - 1458.6370 - ODQueryCreateWithNode request, NodeID: 425F4A0A-25C3-4E46-8A8E-EC4C2DD3465B, RecordType(s): dsRecTypeStandard:AFPUserAliases, Attribute: dsAttrTypeStandard:RecordName, MatchType: EqualTo, Equality: CaseExact, Value(s): wleler, Requested Attributes: dsAttributesAll, Max Results: 1Hi,
your log tells me that the users wleler and cvaraghur have the same values in "AltSecurityIdentities" -> something like "kerberos:[email protected]".
Go to: Systemsettings -> User & Groups -> Login options (the little House Symbol).
Then Klick the edit button beside the networkaccount server entry. In the new opened window click the open directory service button. Choose the right tree (Users) - (/LDAPv3/127.0.0.1) and authenticate yourself with the diradmin user. Check every single users entry "AltSecurityIdentities" and change untitled_1 to the users short name.
Example, change: "kerberos:[email protected]". to "kerberos:[email protected]" for your user wleler and
"kerberos:[email protected]" for user cvaraghur.
thats it -
Lion Server: Misconfiguration detected in hash 'UserGroupGUID'
Hi,
I'm new to OS X Server - the price had me installing and doing things manually prior to Lion. Previously I managed users and groups manually, but now I'm giving open directory a go. I'm seeing these messages in opendirectoryd.log:
2011-08-21 08:38:06.479 EDT - Module: SystemCache - Misconfiguration detected in hash 'UserGroupGUID':
Group 'workgroup' (/LDAPv3/localhost) - ID 1025 - UUID 96520719-99D8-4168-8AF1-11AD55FB389F - SID S-1-5-21-987654321-987654321-987654321-3051
Group 'workgroup' (/LDAPv3/127.0.0.1) - ID 1025 - UUID 96520719-99D8-4168-8AF1-11AD55FB389F - SID S-1-5-21-4096-2147483670-3416910327-3051
2011-08-21 08:38:06.482 EDT - Module: SystemCache - Misconfiguration detected in hash 'UserGroupGID':
Group 'workgroup' (/LDAPv3/localhost) - ID 1025 - UUID 96520719-99D8-4168-8AF1-11AD55FB389F - SID S-1-5-21-987654321-987654321-987654321-3051
Group 'workgroup' (/LDAPv3/127.0.0.1) - ID 1025 - UUID 96520719-99D8-4168-8AF1-11AD55FB389F - SID S-1-5-21-4096-2147483670-3416910327-3051
I also see this:
2011-08-21 08:38:04.990 EDT - Discovered configuration for node name '/LDAPv3/127.0.0.1' at path '/Library/Preferences/OpenDirectory/Configurations/LDAPv3/127.0.0.1.plist'
2011-08-21 08:38:04.990 EDT - Registered subnode with name '/LDAPv3/127.0.0.1'
2011-08-21 08:38:04.991 EDT - Discovered configuration for node name '/LDAPv3/localhost' at path '/Library/Preferences/OpenDirectory/Configurations/LDAPv3/localhost.plist'
2011-08-21 08:38:04.991 EDT - Registered subnode with name '/LDAPv3/localhost'
"workgroup" is the default group that was there - I didn't create it (or any other groups), though I did add members. I'm curios why it is referencing both "/LDAPv3/localhost" and "/LDAPv3/127.0.0.1", and I suspect that may be the issue. If so, any ideas on how I caused this, and how to fix it? My guess is that I could remove one of the .plist files, but if I have done something in the gui to cause this, I'd like to fix it there so that some config chagne doesn't end up re-creating the problem. So far I haven't done any "manual" editing of configuration files.
Thanks very much!Hah! Thanks for pointing that out! I've moved it over there:
https://discussions.apple.com/thread/3277778
Sorry about that! -
Misconfiguration detected in hash 'Global UID'
Very dears all,
I upgraded to Snow Leopard Server but I am still missing to have everything working safely as it was on Leopard Server.
In SL Server, Open Directory is Master and its overview page says that both LDAP Server, Password Server and Kerberos are running but in the Settings pane the Kerberize... button is always present (while it is absent in L Server) and if I push the button I am requested to enter user name and password, which is the same I enter in WGM (where it works OK), but it is not accepted and the same windows is re-opened.
Checking the OP logs, in Directory Services Error log, I got the following raw:
Misconfiguration detected in hash 'Global UID'
As well as User root raws for /LDAPv3/127.0.0.1 and Local are present with complex string references for UUID and SID.
Is there anyone may help me to understand what it means and what to do to fully recover the service?
Many thanks and best wishes,
CarmineI look in my Directory Services Error log and see
2009-11-11 13:28:27 EST - T[0x0000000100783000] - Misconfiguration detected in hash 'Global UID':
2009-11-11 13:28:27 EST - T[0x0000000100783000] - User 'root' (/LDAPv3/127.0.0.1) - ID 0 - UUID 50518200-F0D2-4497-A282-6BBE836687C9 - SID S-1-5-21-68834345-3193862298-1725808020-1000
2009-11-11 13:28:27 EST - T[0x0000000100783000] - User 'root' (/Local/Default) - ID 0 - UUID FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000000 - SID S-1-5-18
I launch dscl and
list LDAPv3/127.0.0.1/Users/
diradmin
root
vpn_30717237d42a
root user in open directory that is new in SL.
list Local/Default/Users/
_amavisd
_appowner
_appserver
_ard
_atsserver
_calendar
_carddav
_clamav
_coreaudiod
_cvmsroot
_cvs
_cyrus
_devdocs
_dovecot
_eppc
_installer
_jabber
_lda
_locationd
_lp
_mailman
_mcxalr
_mdnsresponder
_mysql
_pcastagent
_pcastserver
_postfix
_qtss
_sandbox
_screensaver
_securityagent
_serialnumberd
_softwareupdate
_spotlight
_sshd
_svn
_teamsserver
_timezone
_tokend
_trustevaluationagent
_unknown
updatesharing
_usbmuxd
_uucp
_windowserver
_www
_xgridagent
_xgridcontroller
com.apple.calendarserver
com.apple.mailuserforservices
com.apple.notificationuser
daemon
nobody
notjunkmail
root
Which also has a root user. So yes I have 2 root users. I have never seen a root user in the ldap database is this new and expected?
Is this wrong?
should I line up the generated UIDS?
read LDAPv3/127.0.0.1/Users/root/
dsAttrTypeNative:altSecurityIdentities: Kerberos:[email protected]
dsAttrTypeNative:apple-generateduid: 50518200-F0D2-4497-A282-6BBE836687C9
dsAttrTypeNative:authAuthority:
;ApplePasswordServer; blah blah blah blah blah
[email protected]:192.168.1.1
dsAttrTypeNative:cn:
System Administrator
dsAttrTypeNative:gidNumber: 0
dsAttrTypeNative:homeDirectory: /private/var/root
dsAttrTypeNative:loginShell: /bin/tcsh
dsAttrTypeNative:objectClass: inetOrgPerson posixAccount shadowAccount apple-user extensibleObject
dsAttrTypeNative:shadowExpire: 0
dsAttrTypeNative:shadowLastChange: 0
dsAttrTypeNative:sn: Administrator
dsAttrTypeNative:uid: root
dsAttrTypeNative:uidNumber: 0
dsAttrTypeNative:userPassword: ******
AltSecurityIdentities: Kerberos:[email protected]
AppleMetaNodeLocation: /LDAPv3/127.0.0.1
AuthenticationAuthority:
Change: 0
Expire: 0
GeneratedUID: 50518200-blah-blah-blah-blah
LastName: Administrator
NFSHomeDirectory: /private/var/root
Password: ******
PrimaryGroupID: 0
RealName:
System Administrator
RecordName:
root
System Administrator
RecordType: dsRecTypeStandard:Users
UniqueID: 0
UserShell: /bin/tcsh
read Local/Default/Users/root
AppleMetaNodeLocation: /Local/Default
AuthenticationAuthority: ;ShadowHash; ;Kerberosv5;;root@LKDC:SHA1.3 blah;
GeneratedUID: blah blah-blah-blah-blah-blah blah blah
NFSHomeDirectory: /var/root
Password: ******
PrimaryGroupID: 0
RealName:
System Administrator
RecordName: root
RecordType: dsRecTypeStandard:Users
SMBSID: S-1-5-18
UniqueID: 0
UserShell: /bin/sh
What to do... -
How to detect it left side Alt or right side Alt key pressed?
Hi,
I want to know if there is a way to detect whether it is the alt key on the left of the keyboard pressed or it is the alt key on the right side of the keyboard pressed. I don't want to use JNI stuff. Is there a 100% Java solution to it?
ThanksI've seen bug reports regarding this issue, and it is stated as fixed, but I don't know for which release of the jdk. So far, I think you can't distinguish between left and right alt/shift/ctrl..
-
Device Detection in Server side using jdev 11.1.1.7
How to detect the device from which the request is from (in server side) and respond to it accordingly using jdeveloper 11.1.1.7??? i tried using servlets bt i didnt get the expected output....
Hi R,
The device you mean if its windows, linux, apple or android?? The following code returns seeDetails if the request is being made from a device that is NO WINDOWS OR LINUX.
public String processAccordingDevice(){
RequestContext context = RequestContext.getCurrentInstance();
Agent agent = context.getAgent();
String platformName = agent.getPlatformName();
return !("windows".equals(platformName) || "linux".equals(platformName)) ?
"seeDetail" : ""; -
Al of a sudden after trying to get profiles running with server app I can no longer log into the system with my user account. I can however log in with the root user.
Ihave tried a ton of support articles from apple support site and web based searches to no avail?Al of a sudden after trying to get profiles running with server app I can no longer log into the system with my user account. I can however log in with the root user.
Ihave tried a ton of support articles from apple support site and web based searches to no avail? -
I can't post a reply to this archived topic here (http://discussions.apple.com/thread.jspa?threadID=2263001&tstart=0), but I was wondering how does one go about changing a GID for a group that is not listed in the Workgroup Manager (eg. com.apple.access_backup, com.apple.access_mail)? I really want to fix these errors:
2011-03-08 14:54:43 PST - T[0x0000000100604000] - Misconfiguration detected in hash 'Global GID':
2011-03-08 14:54:43 PST - T[0x0000000100604000] - Group 'com.apple.access_mail' (/Local/Default) - ID 255 - UUID 876303C7-04E0-4670-9E45-217BA7EC8039 - SID S-1-5-21-4096-2147483670-3417106711-1511
2011-03-08 14:54:43 PST - T[0x0000000100604000] - Group 'com.apple.access_backup' (/Local/Default) - ID 255 - UUID F029947A-E96F-45D1-B986-1A8A8626133F - SID S-1-5-21-4096-2147483670-3417106711-1511use dscl ?
you could go interactive or do it on the command line. instead of using LDAPv3/127.0.01 use the local directory. -
Kernel_task at 90% on my Macbook
Hi - the kernel_task on my Macbook is consistently at 80-90%.
Curiosly, if I boot in "safe-mode" (pressing shift while booting) the kernel_task stays at a reasonable 3%.
I've run the hardware check (pressing D while booting) and nothing was found.
All this points to a software problem -- any ideas how to identify the offending component/process?
- Francisco
PS: I've the impression this has been happening for a while and maybe related to the battery (which is working but shows zero cycles).
OSX 10.6.8
Hardware Overview:
Model Name: MacBook
Model Identifier: MacBook6,1
Processor Name: Intel Core 2 Duo
Processor Speed: 2.26 GHz
Number Of Processors: 1
Total Number Of Cores: 2
L2 Cache: 3 MB
Memory: 2 GB
Bus Speed: 1.07 GHz
Boot ROM Version: MB61.00C8.B00
SMC Version (system): 1.51f53
Serial Number (system): W894764P8PW
Hardware UUID: C76E1A18-0418-5CB9-8F53-7ED5296F6F5D
Battery Information:
Charge Information:
Charge remaining (mAh): 0
Fully charged: No
Charging: No
Full charge capacity (mAh): 0
Health Information:
Cycle count: 0
Condition: Normal
Battery Installed: Yes
Amperage (mA): 0
Voltage (mV): 0Thanks Williams - I will look into those.
It's the Snow Leopard that came in the MacBook.
This is how the log looks when boot in safe mode - and cpu usage back to normal
28/09/2011 06:52:18 kernel PAE enabled
28/09/2011 06:52:18 kernel 64 bit mode enabled
28/09/2011 06:52:18 kernel Darwin Kernel Version 10.8.0: Tue Jun 7 16:33:36 PDT 2011; root:xnu-1504.15.3~1/RELEASE_I386
28/09/2011 06:52:18 kernel vm_page_bootstrap: 441553 free pages and 17199 wired pages
28/09/2011 06:52:18 kernel standard timeslicing quantum is 10000 us
28/09/2011 06:52:18 kernel mig_table_max_displ = 73
28/09/2011 06:52:18 kernel AppleACPICPU: ProcessorId=0 LocalApicId=0 Enabled
28/09/2011 06:52:18 kernel AppleACPICPU: ProcessorId=1 LocalApicId=1 Enabled
28/09/2011 06:52:18 kernel calling mpo_policy_init for TMSafetyNet
28/09/2011 06:52:18 kernel Security policy loaded: Safety net for Time Machine (TMSafetyNet)
28/09/2011 06:52:18 kernel calling mpo_policy_init for Quarantine
28/09/2011 06:52:18 kernel Security policy loaded: Quarantine policy (Quarantine)
28/09/2011 06:52:18 kernel calling mpo_policy_init for Sandbox
28/09/2011 06:52:18 kernel Security policy loaded: Seatbelt sandbox policy (Sandbox)
28/09/2011 06:52:18 kernel Copyright (c) 1982, 1986, 1989, 1991, 1993
28/09/2011 06:52:18 kernel The Regents of the University of California. All rights reserved.
28/09/2011 06:52:18 kernel MAC Framework successfully initialized
28/09/2011 06:52:18 kernel using 9175 buffer headers and 4096 cluster IO buffer headers
28/09/2011 06:52:18 kernel IOAPIC: Version 0x11 Vectors 64:87
28/09/2011 06:52:18 kernel ACPI: System State [S0 S3 S4 S5] (S3)
28/09/2011 06:52:18 kernel PFM64 0xf10000000, 0xf0000000
28/09/2011 06:52:18 kernel [ PCI configuration begin ]
28/09/2011 06:52:18 kernel console relocated to 0xf10010000
28/09/2011 06:52:18 kernel PCI configuration changed (bridge=2 device=1 cardbus=0)
28/09/2011 06:52:18 kernel [ PCI configuration end, bridges 4 devices 17 ]
28/09/2011 06:52:18 kernel AppleIntelCPUPowerManagement: (built 16:44:45 Jun 7 2011) initialization complete
28/09/2011 06:52:18 kernel Sleep failure code 0x00000000 0x15000000
28/09/2011 06:52:18 kernel mbinit: done (64 MB memory set for mbuf pool)
28/09/2011 06:52:18 kernel rooting via boot-uuid from /chosen: 74AE97F5-8AD7-326D-B92B-ADCDBE6687C5
28/09/2011 06:52:18 kernel Waiting on <dict ID="0"><key>IOProviderClass</key><string ID="1">IOResources</string><key>IOResourceMatch</key><string ID="2">boot-uuid-media</string></dict>
28/09/2011 06:52:18 kernel com.apple.AppleFSCompressionTypeZlib kmod start
28/09/2011 06:52:18 kernel com.apple.AppleFSCompressionTypeZlib load succeeded
28/09/2011 06:52:18 kernel AppleIntelCPUPowerManagementClient: ready
28/09/2011 06:52:18 kernel Got boot device = IOService:/AppleACPIPlatformExpert/PCI0@0/AppleACPIPCI/SATA@B/AppleMCP79AHCI/PR T0@0/IOAHCIDevice@0/AppleAHCIDiskDriver/IOAHCIBlockStorageDevice/IOBlockStorageD river/Hitachi HTS545025B9SA02 Media/IOGUIDPartitionScheme/Customer@2
28/09/2011 06:52:18 kernel BSD root: disk0s2, major 14, minor 2
28/09/2011 06:52:18 kernel jnl: unknown-dev: replay_journal: from: 2543616 to: 10100736 (joffset 0x11502000)
28/09/2011 06:52:18 kernel BTCOEXIST off
28/09/2011 06:52:18 kernel wl0: Broadcom BCM4353 802.11 Wireless Controller
28/09/2011 06:52:18 kernel 5.10.131.42
28/09/2011 06:52:18 kernel jnl: unknown-dev: journal replay done.
28/09/2011 06:52:18 kernel hfs: Removed 5 orphaned / unlinked files and 0 directories
28/09/2011 06:52:09 com.apple.launchd[1] *** launchd[1] has started up. ***
28/09/2011 06:52:18 DirectoryService[11] Improper shutdown detected
28/09/2011 06:52:19 kernel NVEthernet: Ethernet address d4:9a:20:09:52:00
28/09/2011 06:52:19 kernel AirPort_Brcm43224: Ethernet address d4:9a:20:6f:70:7b
28/09/2011 06:52:19 kernel IO80211Controller::dataLinkLayerAttachComplete(): adding AppleEFINVRAM notification
28/09/2011 06:52:19 kernel IO80211Interface::efiNVRAMPublished():
28/09/2011 06:52:19 kernel systemShutdown false
28/09/2011 06:52:19 blued[16] Apple Bluetooth daemon started
28/09/2011 06:52:36 mDNSResponder[18] mDNSResponder mDNSResponder-258.21 (May 26 2011 14:40:13) starting
28/09/2011 06:52:36 DirectoryService[11] Misconfiguration detected in hash 'Global GID' - see /Library/Logs/DirectoryService/DirectoryService.error.log for details
<same line repeated 30 or 40 times>
28/09/2011 06:52:36 DirectoryService[11] Misconfiguration detected in hash 'GID' - see /Library/Logs/DirectoryService/DirectoryService.error.log for details
28/09/2011 06:52:37 kernel AirPort: Link Down on en1. Reason 8 (Disassociated because station leaving).
28/09/2011 06:52:37 com.apple.SecurityServer[22] Session 0x5fbff962 created
28/09/2011 06:52:37 com.apple.SecurityServer[22] Entering service
28/09/2011 06:52:38 kernel NVDANV50HAL loaded and registered.
28/09/2011 06:52:38 kernel Previous Shutdown Cause: -60
28/09/2011 06:52:38 kernel DSMOS has arrived
28/09/2011 06:52:40 kernel 00000000 00000020 NVEthernet::setLinkStatus - not Active
28/09/2011 06:52:40 fseventsd[42] event logs in /.fseventsd out of sync with volume. destroying old logs. (558 37 206826)
28/09/2011 06:52:40 fseventsd[42] log dir: /.fseventsd getting new uuid: 02EF05DC-5E8C-4DE1-838C-7E235078C7D8
28/09/2011 06:52:40 bootlog[49] BOOT_TIME: 1317189123 0
28/09/2011 06:52:41 configd[14] bootp_session_transmit: bpf_write(en1) failed: Network is down (50)
28/09/2011 06:52:41 configd[14] DHCP en1: INIT transmit failed
28/09/2011 06:52:41 /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow[38 ] Login Window Application Started
28/09/2011 06:52:42 com.apple.usbmuxd[31] usbmuxd-211 built on May 16 2011 at 00:14:56 on May 16 2011 at 00:14:55, running 64 bit
28/09/2011 06:52:42 configd[14] network configuration changed.
28/09/2011 06:52:42 configd[14] setting hostname to "laptop.local"
28/09/2011 06:52:45 kernel Auth result for: 00:25:69:9b:09:bd No Ack
28/09/2011 06:52:47 com.apple.SecurityServer[22] Session 0x1207182 created
28/09/2011 06:52:47 com.apple.SecurityServer[22] Session 0x1207182 attributes 0x30
28/09/2011 06:52:48 loginwindow[38] Login Window Started Security Agent
28/09/2011 06:52:49 airportd[21] Apple80211Associate() failed -3905 (Timeout)
28/09/2011 06:52:50 kernel Auth result for: 00:25:69:9b:09:bd No Ack
28/09/2011 06:52:50 WindowServer[70] kCGErrorFailure: Set a breakpoint @ CGErrorBreakpoint() to catch errors as they are logged.
28/09/2011 06:52:50 com.apple.WindowServer[70] Wed Sep 28 06:52:50 laptop.local WindowServer[70] <Error>: kCGErrorFailure: Set a breakpoint @ CGErrorBreakpoint() to catch errors as they are logged.
28/09/2011 06:52:51 kernel Auth result for: 00:25:69:9b:09:bd MAC AUTH succeeded
28/09/2011 06:52:51 kernel AirPort: Link Up on en1
28/09/2011 06:52:51 kernel AirPort: RSN handshake complete on en1
28/09/2011 06:52:51 SecurityAgent[89] Showing Login Window
28/09/2011 06:52:53 configd[14] network configuration changed.
28/09/2011 06:52:46 warmd[30] [fetcher_open_file:936] open("/var/db/dyld/dyld_shared_cache_x86_64") => -1 (errno: 2)
28/09/2011 06:52:47 SecurityAgent[89] User info context values set for fgarau
28/09/2011 06:52:48 authorizationhost[87] Failed to authenticate user <fgarau> (tDirStatus: -14090).
28/09/2011 06:52:53 SecurityAgent[89] User info context values set for fgarau
28/09/2011 06:52:53 SecurityAgent[89] Login Window Showing Progress
28/09/2011 06:52:54 SecurityAgent[89] Login Window done
28/09/2011 06:52:54 loginwindow[38] Login Window - Returned from Security Agent
28/09/2011 06:52:54 loginwindow[38] USER_PROCESS: 38 console
28/09/2011 06:52:55 com.apple.launchd.peruser.501[97] (com.apple.ReportCrash) Falling back to default Mach exception handler. Could not find: com.apple.ReportCrash.Self
28/09/2011 06:52:55 com.apple.launchd.peruser.501[97] (com.apple.SystemUIServer.agent) Conflict with job: 0x100300b30.anonymous.SecurityAgent over Mach service: com.apple.tsm.uiserver
28/09/2011 06:53:03 mds[37] (Warning) Server: No stores registered for metascope "kMDQueryScopeComputerIndexed"
28/09/2011 06:53:05 storeagent[108] port created
28/09/2011 06:53:06 com.apple.launchd.peruser.501[97] (com.apple.Kerberos.renew.plist[116]) Exited with exit code: 1
28/09/2011 06:53:17 com.apple.launchd.peruser.501[97] ([email protected][120]) Exited with exit code: 1
28/09/2011 06:53:33 mds[37] (Warning) Server: No stores registered for metascope "kMDQueryScopeComputerIndexed"
28/09/2011 06:59:18 mds[37] (Warning) Server: No stores registered for metascope "kMDQueryScopeComputer"
28/09/2011 06:59:19 mds[37] (Warning) Server: No stores registered for metascope "kMDQueryScopeComputer"
28/09/2011 06:59:19 mds[37] (Warning) Server: No stores registered for metascope "kMDQueryScopeComputer"
28/09/2011 06:59:20 mds[37] (Warning) Server: No stores registered for metascope "kMDQueryScopeComputer"
28/09/2011 06:59:21 mds[37] (Warning) Server: No stores registered for metascope "kMDQueryScopeComputer"
28/09/2011 06:59:21 mds[37] (Warning) Server: No stores registered for metascope "kMDQueryScopeComputer" -
I keep getting these errors - can anyone interpret what is wrong? I am also having issues authenticating inot a company LEAP account over Wifi -- just wondering if this could be at all related.
2011-09-08 13:10:49.520 EDT - Module: SystemCache - Misconfiguration detected in hash 'X509DN':
User 'User1' (/Local/Default) - ID 501 - UUID B5E40240-0DEB-4D2D-B4CE-FEB063D4F176 - SID S-1-5-21-1644581886-2670095315-2735356224-2002
User 'User2' (/Local/Default) - ID 502 - UUID C7E3BC3F-0749-4A6B-8E5E-CFDA0AFB919E - SID S-1-5-21-1644581886-2670095315-2735356224-2004hi Srini,
I have checked the forum and found amy be this is the best place any ways !!!!! next time will keep in mind...
I haven't change anything its my IE 7 installation that may have done something wrong which by the way i have downgraded to IE6 again to get the EBS going
It works fine but only some of the times.... most of the time it gives me the miscofiguration error.... then I have to start all the services again..... I really dont know by which service I got right and after trying 2-3 times EBS starts....
Kindly help me in resolving this
Thanks again
- Shivdeep Singh -
I recently installed a fresh version of Lion Server after attempting to fix a broken upgrade. With some help from others, I've managed to get all the new features working and have kept notes, having found that many or most of the necessary installation steps for both the OS and its services are almost entirely undocumented. When you get them working, they work great, but the entire process is very fragile, with simple setup steps causing breaks or even malicious behaviors. In case this is useful to others, here are my notes.
Start with an erased, virgin, single guid partitioned drive. Not an upgrade. Not simply a repartitioned drive. Erased. Clean. Anything else can and probably will break the Lion Server install, as I discovered myself more than once. Before erasing my drive, I already had Lion and made a Lion install DVD from instructions widely available on the web. I suppose you could also boot into the Lion recovery partition and use disk utility to erase the OS X partition then install a new partition, but I cut a DVD. The bottom line is to erase any old OS partitions. And of course to have multiple, independent backups: I use both Time Machine with a modified StdExclusions.plist and Carbon Copy Cloner.
Also, if you will be running your own personal cloud, you will want to know your domain name ahead of time, as this will be propagated everywhere throughout server, and changing anything related to SSL on Lion Server is a nightmare that I haven't figured out. If you don't yet have a domain name, go drop ten dollars at namecheap.com or wherever and reserve one before you start. Soemday someone will document how to change this stuff without breaking Lion Server, but we're not there yet. I'll assume the top-level domain name "domain.com" here.
Given good backups, a Lion Install DVD (or Recovery Partition), and a domain name, here are the steps, apparently all of which must be more-or-less strictly followed in this order.
DVD>Disk Utility>Erase Disk [or Recovery Partition>Disk Utility>Erase Partition]
DVD>Install Lion
Reboot, hopefully Lion install kicks in
Update, update, update Lion (NOT Lion Server yet) until no more updates
System Preferences>Network>Static IP on the LAN (say 10.0.1.2) and Computer name ("server" is a good standbye)
Terminal>$ sudo scutil --set HostName server.domain.com
App Store>Install Lion Server and run through the Setup
Download install Server Admin Tools, then update, update, update until no more updates
Server Admin>DNS>Zones [IF THIS WASN'T AUTOMAGICALLY CREATED (mine wasn't): Add zone domain.com with Nameserver "server.domain.com." (that's a FQDN terminated with a period) and a Mail Exchanger (MX record) "server.domain.com." with priority 10. Add Record>Add Machine (A record) server.domain.com pointing to the server's static IP. You can add fancier DNS aliases and a simpler MX record below after you get through the crucial steps.]
System Prefs>Network>Advanced>Set your DNS server to 127.0.0.1
A few DNS set-up steps and these most important steps:
A. Check that the Unix command "hostname" returns the correct hostname and you can see this hostname in Server.app>Hardware>Network
B. Check that DNS works: the unix commands "host server.domain.com" and "host 10.0.1.2" (assuming that that's your static IP) should point to each other. Do not proceed until DNS works.
C. Get Apple Push Notification Services CA via Server.app>Hardware>Settings><Click toggle, Edit... get a new cert ...>
D. Server.app>Profile Manager>Configure... [Magic script should create OD Master, signed SSL cert]
E. Server.app>Hardware>Settings>SSL Certificate> [Check to make sure it's set to the one just created]
F. Using Server.app, turn on the web, then Server.app>Profile Manager> [Click on hyperlink to get to web page, e.g. server.domain.com/profilemanager] Upper RHS pull-down, install Trust Profile
G. Keychain Access>System>Certificates [Find the automatically generated cert "Domain", the one that is a "Root certificate authority", Highlight and Export as .cer, email to all iOS devices, and click on the authority on the device. It should be entered as a trusted CA on all iOS devices. While you're at it, highlight and Export... as a .cer the certificate "IntermediateCA_SERVER.DOMAIN.COM_1", which is listed an an "Intermediate CA" -- you will use this to establish secure SSL connections with remote browsers hitting your server.]
H. iOS on LAN: browse to server.domain.com/mydevices> [click on LHS Install trust cert, then RHS Enroll device.
I. Test from web browser server.domain.com/mydevices: Lock Device to test
J. ??? Profit
12. Server Admin>DNS>Zones> Add convenient DNS alias records if necessary, e.g., mail.domain.com, smtp.domain.com, www.domain.com. If you want to refer to your box using the convenient shorthand "domain.com", you must enter the A record (NOT alias) "domain.com." FQDN pointing to the server's fixed IP. You can also enter the convenient short MX record "domain.com." with priority 11. This will all work on the LAN -- all these settings must be mirrored on the outside internet using the service from which you registered domain.com.
You are now ready to begin turning on your services. Here are a few important details and gotchas setting up cloud services.
Firewall
Server Admin>Firewall>Services> Open up all ports needed by whichever services you want to run and set up your router (assuming that your server sits behind a router) to port forward these ports to your router's LAN IP. This is most a straightforward exercise in grepping for the correct ports on this page, but there are several jaw-droppingly undocumented omissions of crucial ports for Push Services and Device Enrollment. If you want to enroll your iOS devices, make sure port 1640 is open. If you want Push Notifications to work (you do), then ports 2195, 2196, 5218, and 5223 must be open. The Unix commands "lsof -i :5218" and "nmap -p 5218 server.domain.com" (nmap available from Macports after installing Xcode from the App Store) help show which ports are open.
SSH
Do this with strong security. Server.app to turn on remote logins (open port 22), but edit /etc/sshd_config to turn off root and password logins.
PermitRootLogin no
PasswordAuthentication no
ChallengeResponseAuthentication no
I'm note sure if toggling the Allow remote logins will load this config file or, run "sudo launchctl unload -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist ; sudo launchctl load -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist" to restart the server's ssh daemon.
Then use ssh-keygen on remote client to generate public/private keys that can be used to remotely login to the server.
client$ ssh-keygen -t rsa -b 2048 -C client_name
[Securely copy ~/.ssh/id_rsa.pub from client to server.]
server$ cat id_rsa.pub > ~/.ssh/known_hosts
I also like DenyHosts, which emails detected ssh attacks to [email protected]. It's amazing how many ssh attacks there are on any open port 22. Not really an added security feature if you've turned off password logins, but good to monitor. Here's a Lion Server diff for the config file /usr/share/denyhosts:
$ diff denyhosts.cfg-dist denyhosts.cfg
12c12
< SECURE_LOG = /var/log/secure
> #SECURE_LOG = /var/log/secure
22a23
> SECURE_LOG = /var/log/secure.log
34c35
< HOSTS_DENY = /etc/hosts.deny
> #HOSTS_DENY = /etc/hosts.deny
40a42,44
> #
> # Mac OS X Lion Server
> HOSTS_DENY = /private/etc/hosts.deny
195c199
< LOCK_FILE = /var/lock/subsys/denyhosts
> #LOCK_FILE = /var/lock/subsys/denyhosts
202a207,208
> LOCK_FILE = /var/denyhosts/denyhosts.pid
> #
219c225
< ADMIN_EMAIL =
> ADMIN_EMAIL = [email protected]
286c292
< #SYSLOG_REPORT=YES
> SYSLOG_REPORT=YES
Network Accounts
User Server.app to create your network accounts; do not use Workgroup Manager. If you use Workgroup Manager, as I did, then your accounts will not have email addresses specified and iCal Server WILL NOT COMPLETELY WORK. Well, at least collaboration through network accounts will be handled clunkily through email, not automatically as they should. If you create a network account using Workgroup Manager, then edit that account using Server.app to specify the email to which iCal invitations may be sent. Server.app doesn't say anything about this, but that's one thing that email address entry is used for. This still isn't quite solid on Lion Server, as my Open Directory logs on a freshly installed Lion Server are filled with errors that read:
2011-12-12 15:05:52.425 EST - Module: SystemCache - Misconfiguration detected in hash 'Kerberos':
User 'uname' (/LDAPv3/127.0.0.1) - ID 1031 - UUID 98B4DF30-09CF-42F1-6C31-9D55FE4A0812 - SID S-0-8-83-8930552043-0845248631-7065481045-9092
Oh well.
Email
Email aliases are handled with the file /private/etc/postfix/aliases. Do something like this
root: myname
admin: myname
sysadmin: myname
certadmin: myname
webmaster: myname
my_alternate: myname
Then run "sudo newaliases". If your ISP is Comcast or some other large provider, you probably must proxy your outgoing mail through their SMTP servers to avoid being blocked as a spammer (a lot of SMTP servers will block email from Comcast/whatever IP addresses that isn't sent by Comcast). Use Server.app>Mail to enter your account information. Even then, the Lion Server default setup may fail using this proxy. I had to do this with the file /private/etc/postfix/main.cf:
cd /etc/postfix
sudo cp ./main.cf ./main.cf.no_smtp_sasl_security_options
sudo echo 'smtp_sasl_security_options = noanonymous' >> ./main.cf
sudo serveradmin stop mail
sudo serveradmin start mail
Finally, make sure that you're running a blacklisting srevice yourself! Server Admin>Mail>Filter> Use spamhaus.org as a blacklister. Finally, set up mail to use strong Kerberos/MD5 settings under on Server Admin>Mail>Advanced. Turn off password and clear logins. The settings should be set to "Use" your SSL cert, NOT "Require". "Require" consistently breaks things for me.
If you already installed the server's Trust Certificate as described above (and opened up the correct ports), email to your account should be pushed out to all clients.
iCal Server
Server.app>Calendar>Turn ON and Allow Email Invitations, Edit... . Whatever you do, do NOT enter your own email account information in this GUI. You must enter the account information for local user com.apple.calendarserver, and the password for this account, which is stored in the System keychain: Keychain Access>System> Item com.apple.servermgr_calendar. Double-click and Show Password, copy and paste into Server.app dialog. This is all described in depth here. If you enter your own account information here (DO NOT!), the iCal Server will delete all Emails in your Inbox just as soon as it reads them, exactly like it works for user com.apple.calendarserver. Believe me, you don't want to discover this "feature", which I expect will be more tightly controlled in some future update.
Web
The functionality of Server.app's Web management is pretty limited and awful, but a few changes to the file /etc/apache2/httpd.conf will give you a pretty capable and flexible web server, just one that you must manage by hand. Here's a diff for httpd.conf:
$ diff httpd.conf.default httpd.conf
95c95
< #LoadModule ssl_module libexec/apache2/mod_ssl.so
> LoadModule ssl_module libexec/apache2/mod_ssl.so
111c111
< #LoadModule php5_module libexec/apache2/libphp5.so
> LoadModule php5_module libexec/apache2/libphp5.so
139,140c139,140
< #LoadModule auth_digest_apple_module libexec/apache2/mod_auth_digest_apple.so
< #LoadModule encoding_module libexec/apache2/mod_encoding.so
> LoadModule auth_digest_apple_module libexec/apache2/mod_auth_digest_apple.so
> LoadModule encoding_module libexec/apache2/mod_encoding.so
146c146
< #LoadModule xsendfile_module libexec/apache2/mod_xsendfile.so
> LoadModule xsendfile_module libexec/apache2/mod_xsendfile.so
177c177
< ServerAdmin [email protected]
> ServerAdmin [email protected]
186c186
< #ServerName www.example.com:80
> ServerName domain.com:443
677a678,680
> # Server-specific configuration
> # sudo apachectl -D WEBSERVICE_ON -D MACOSXSERVER -k restart
> Include /etc/apache2/mydomain/*.conf
I did "sudo mkdir /etc/apache2/mydomain" and add specific config files for various web pages to host. For example, here's a config file that will host the entire contents of an EyeTV DVR, all password controlled with htdigest ("htdigest ~uname/.htdigest EyeTV uname"). Browsing to https://server.domain.com/eyetv points to /Users/uname/Sites/EyeTV, in which there's an index.php script that can read and display the EyeTV archive at https://server.domain.com/eyetv_archive. If you want Apache username accounts with twiddles as in https://server.domain.com/~uname, specify "UserDir Sites" in the configuration file.
Alias /eyetv /Users/uname/Sites/EyeTV
<Directory "/Users/uname/Sites/EyeTV">
AuthType Digest
AuthName "EyeTV"
AuthUserFile /Users/uname/.htdigest
AuthGroupFile /dev/null
Require user uname
Options Indexes MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
Alias /eyetv_archive "/Volumes/Macintosh HD2/Documents/EyeTV Archive"
<Directory "/Volumes/Macintosh HD2/Documents/EyeTV Archive">
AuthType Digest
AuthName "EyeTV"
AuthUserFile /Users/uname/.htdigest
AuthGroupFile /dev/null
Require user uname
Options Indexes MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
I think you can turn Web off/on in Server.app to relaunch apached, or simply "sudo apachectl -D WEBSERVICE_ON -D MACOSXSERVER -k restart".
Securely copy to all desired remote clients the file IntermediateCA_SERVER.DOMAIN.COM_1.cer, which you exported from System Keychain above. Add this certificate to your remote keychain and trust it, allowing secure connections between remote clients and your server. Also on remote clients: Firefox>Advanced>Encryption>View Certificates>Authorities>Import...> Import this certificate into your browser. Now there should be a secure connection to https://server.domain.com without any SSL warnings.
One caveat is that there should be a nice way to establish secure SSL to https://domain.com and https://www.domain.com, but the automagically created SSL certificate only knows about server.domain.com. I attempted to follow this advice when I originally created the cert and add these additional domains (under "Subject Alternate Name Extension"), but the cert creation UI failed when I did this, so I just gave up. I hope that by the time these certs expire, someone posts some documentation on how to manage and change Lion Server SSL scripts AFTER the server has been promoted to an Open Directory Master. In the meantime, it would be much appreciated if anyone can post either how to add these additional domain names to the existing cert, or generate and/or sign a cert with a self-created Keychain Access root certificate authority. In my experience, any attempt to mess with the SSL certs automatically generated just breaks Lion Server.
Finally, if you don't want a little Apple logo as your web page icon, create your own 16×16 PNG and copy it to the file /Library/Server/Web/Data/Sites/Default/favicon.ico. And request that all web-crawling robots go away with the file /Library/Server/Web/Data/Sites/Default/robots.txt:
User-agent: *
Disallow: /
Misc
VNC easily works with iOS devices -- use a good passphrase. Edit /System/Library/LaunchDaemons/org.postgresql.postgres.plist and set "listen_addresses=127.0.0.1" to allow PostgreSQL connections over localhost. I've also downloaded snort/base/swatch to build an intrusion detection system, and used Macports's squid+privoxy to build a privacy-enhanced ad-blocking proxy server.Privacy Enhancing Filtering Proxy and SSH Tunnel
Lion Server comes with its own web proxy, but chaining Squid and Privoxy together provides a capable and effective web proxy that can block ads and malicious scripts, and conceal information used to track you around the web. I've posted a simple way to build and use a privacy enhancing web proxy here. While you're at it, configure your OS and browsers to block Adobe Flash cookies and block Flash access to your camera, microphone, and peer networks. Read this WSJ article series to understand how this impacts your privacy. If you configure it to allow use for anyone on your LAN, be sure to open up ports 3128, 8118, and 8123 on your firewall.
If you've set up ssh and/or VPN as above, you can securely tunnel in to your proxy from anywhere. The syntax for ssh tunnels is a little obscure, so I wrote a little ssh tunnel script with a simpler flexible syntax. This script also allows secure tunnels to other services like VNC (port 5900). If you save this to a file ./ssht (and chmod a+x ./ssht), example syntax to establish an ssh tunnel through localhost:8080 (or, e.g., localhost:5901 for secure VNC Screen Sharing connects) looks like:
$ ./ssht 8080:[email protected]:3128
$ ./ssht 8080:alice@:
$ ./ssht 8080:
$ ./ssht 8018::8123
$ ./ssht 5901::5900 [Use the address localhost:5901 for secure VNC connects using OS X's Screen Sharing or Chicken of the VNC (sudo port install cotvnc)]
$ vi ./ssht
#!/bin/sh
# SSH tunnel to squid/whatever proxy: ssht [-p ssh_port] [localhost_port:][user_name@][ip_address][:remotehost][:remote_port]
USERNAME_DEFAULT=username
HOSTNAME_DEFAULT=domain.com
SSHPORT_DEFAULT=22
# SSH port forwarding specs, e.g. 8080:localhost:3128
LOCALHOSTPORT_DEFAULT=8080 # Default is http proxy 8080
REMOTEHOST_DEFAULT=localhost # Default is localhost
REMOTEPORT_DEFAULT=3128 # Default is Squid port
# Parse ssh port and tunnel details if specified
SSHPORT=$SSHPORT_DEFAULT
TUNNEL_DETAILS=$LOCALHOSTPORT_DEFAULT:$USERNAME_DEFAULT@$HOSTNAME_DEFAULT:$REMOT EHOST_DEFAULT:$REMOTEPORT_DEFAULT
while [ "$1" != "" ]
do
case $1
in
-p) shift; # -p option
SSHPORT=$1;
shift;;
*) TUNNEL_DETAILS=$1; # 1st argument option
shift;;
esac
done
# Get local and remote ports, username, and hostname from the command line argument: localhost_port:user_name@ip_address:remote_host:remote_port
shopt -s extglob # needed for +(pattern) syntax; man sh
LOCALHOSTPORT=$LOCALHOSTPORT_DEFAULT
USERNAME=$USERNAME_DEFAULT
HOSTNAME=$HOSTNAME_DEFAULT
REMOTEHOST=$REMOTEHOST_DEFAULT
REMOTEPORT=$REMOTEPORT_DEFAULT
# LOCALHOSTPORT
CDR=${TUNNEL_DETAILS#+([0-9]):} # delete shortest leading +([0-9]):
CAR=${TUNNEL_DETAILS%%$CDR} # cut this string from TUNNEL_DETAILS
CAR=${CAR%:} # delete :
if [ "$CAR" != "" ] # leading or trailing port specified
then
LOCALHOSTPORT=$CAR
fi
TUNNEL_DETAILS=$CDR
# REMOTEPORT
CDR=${TUNNEL_DETAILS%:+([0-9])} # delete shortest trailing :+([0-9])
CAR=${TUNNEL_DETAILS##$CDR} # cut this string from TUNNEL_DETAILS
CAR=${CAR#:} # delete :
if [ "$CAR" != "" ] # leading or trailing port specified
then
REMOTEPORT=$CAR
fi
TUNNEL_DETAILS=$CDR
# REMOTEHOST
CDR=${TUNNEL_DETAILS%:*} # delete shortest trailing :*
CAR=${TUNNEL_DETAILS##$CDR} # cut this string from TUNNEL_DETAILS
CAR=${CAR#:} # delete :
if [ "$CAR" != "" ] # leading or trailing port specified
then
REMOTEHOST=$CAR
fi
TUNNEL_DETAILS=$CDR
# USERNAME
CDR=${TUNNEL_DETAILS#*@} # delete shortest leading +([0-9]):
CAR=${TUNNEL_DETAILS%%$CDR} # cut this string from TUNNEL_DETAILS
CAR=${CAR%@} # delete @
if [ "$CAR" != "" ] # leading or trailing port specified
then
USERNAME=$CAR
fi
TUNNEL_DETAILS=$CDR
# HOSTNAME
HOSTNAME=$TUNNEL_DETAILS
if [ "$HOSTNAME" == "" ] # no hostname given
then
HOSTNAME=$HOSTNAME_DEFAULT
fi
ssh -p $SSHPORT -L $LOCALHOSTPORT:$REMOTEHOST:$REMOTEPORT -l $USERNAME $HOSTNAME -f -C -q -N \
&& echo "SSH tunnel established via $LOCALHOSTPORT:$REMOTEHOST:$REMOTEPORT\n\tto $USERNAME@$HOSTNAME:$SSHPORT." \
|| echo "SSH tunnel FAIL."
Maybe you are looking for
-
Dual boot Windows 8.1 with Yosemite
I'm attempting to dual boot Windows 8.1 on my parents iMac. I downloaded and successfully used Boot Camp 5 to partition the drive, giving the new section 50GB. I successfully installed Windows 8.1. Unfortunate now I cannot access the Yosemite partiti
-
Layout and euro sign in reports 2.5
Well my problem is that I can't get a good layout of my reports when I use different printers .My developing printer is a Xerox DC 220, and I use also a hp laserjet4 plus driver . I can't get a Standaard layout for printing my reports.I am daying to
-
Upgrading from 10.3.9 to Leopard 10.5.4
I have a 1.25 GHz PowerPC G4 1MB L3 cache and 512 MB DDR SDRAM. The specs say my machine can run Leopard 10.5.4 but is it worth it? I want to be able to update safari b/c videos don't work and I can't get any more java updates. My main concern is tha
-
Hi Friends, I want to display diffrent lights ( reg light icon or green or other) in table control column depends on some condition. Can you please help me on this. Thanks in Advance. Thanks & Regards, Murali Krishna K
-
Unable to install Premier Elements 12
I received a software download card to install photoshop elements 12 and premier elements 12 as a Christmas present. Having followed the instructions I have successfully installed photoshop elements 12 but have not been able to find the starting poin