Open directory replica error

Similar Messages

• Creating Open Directory Replica fails with Server Admin Error Value 1127

  Hallo,
  I have seen a lot of similar threads here and they were helpful up to a certain point, but in the end, they did not solve my problem.
  Currently, it comes down to this. The Server Admin Error message ist really meaningless and I could not find a single for the error value on the whole wide web. As such, I switched to the command line versions of the tools involved to geht more meaningful results. It worked. Specifically, creating a replica of an openldap master means using slapconfig.
  When executing
  slapconfig -createreplica master.ourdomain.com diradmin
  as root on the prospective replica machine, I get the following error message:
  ssh command failed with status 127
  That command is not allowed with the root account via public key authentication.
  That makes perfect sense to me, but how is it meant to work then?
  Executing slapconfig as admin tells me that this tool is to be executed as root. On the other hand, root login via ssh is not allowed in Mac OS X by default, which seems fine to me. I even changed /etc/sshd_config on the Open Directory Master machine to "PermitRootLogin yes". However, neither reloading ssh using launchctl nor restarting the whole server made this setting operational. Trying to login from command line as root still tells me:
  root login is not permitted to this machine via public key authentication.
  While this is the current state where I need help urgently, I changed some other things before. I tell about to exclude these issues as possible reason of failure. I got this message for quite a while:
  Replica Setup failed : This machine does not have a valid computer name
  I was sure, this machine meant the target machine, the open directory master, because the domain had changed there once before I had taken over responsibility as an admin in this environment. And in fact, changeip disguised an issue there. The command proposed by changeip to fix the situation did not seem appropriate because this machine is multihomed with a public and a private IP adress. Proper name resolution is available for both interfaces including reverse lookup. I dont like this setup, but it was the only way to get mail service running smoothly. Running changeip on the machine itself using these arguments
  changeip /LDAPv3/127.0.0.1 internalIP internalIP old.ours.com current.ours.com
  reported success in updating password server, open directory, both interfaces, hostconfig (which in fact did not change) and samba. It reported an issue with kadmin which is related to Kerberos (we dont use Kerberos yet).
  Changing the hostname of the server using changeip did not solve the issue. I then found the hint to check with scutil. This showed that the Hostname was not set on the prospective replica machine. (A question aside: in how many place is the hostname stored? The traditional /etc/hostname has gone, but seems to be replaces with several other configuration files and databases. I cant see this as an advantage). Setting the hostname using scutil worked fine. However, it did not solve the problem either. At least, slapconfig now started to complain about not being able to log in as root instead of failing from the start.
  I also checked all log files on bboth machines that might have to do with openldap, as there are /var/log/slapd.log, /var/log/system.log and /Library/Log/slapconfig.log. I also checked the log of th layer on top of openldap which is /Library/Log/DirectoryService.server.log. None of them revealed anything noticeable beside a lot of of entries that I have googled in the last few hours and which all dont seem to be associated with the problem in question.
  I will take a break now, but I have to fix this until tomorrow and I hope to get the ultimate hint from you, dear reader.
  Thanks and bye, Christian Völker

  ssh command failed with status 127
  That command is not allowed with the root account via public key authentication.
  Initial OD replication takes place via 'ssh'. If you have 'sshd' configured on the OD Master to authenticate with public keys then the OD replica will not be able to communicate with the OD Master via 'ssh'. You must configure the OD Master to use 'ssh' with password authentication and root login enabled.
  Demote the replica back to standalone. Stop any services that you may have running on the primary network interface. Then stop any services that you may have running on the secondary network interface. In the 'Network' System Prefpane remove the IP number from the secondary interface then deactivate the secondary network interface.
  Assign the private IP address and hostname that you wish to use for the replica to the primary network interface. Assign the 'public' IP number to the secondary interface. Check the DNS to see that the IP address and hostname for the primary network interface resolve both forward and reverse for the hostname of the replica that you have chosen. If it does not, fix your DNS before proceeding.
  In the 'Sharing' System Prefpane, change the name of the machine to the hostname (server.domain.tld) of the replica that you have chosen. Then use 'changeip -checkhostname' to see if the IP/hostname matches. Fix it if it doesn't.
  Then configure the /etc/sshd_config file on the OD master like this:
  \# Authentication:
  PermitRootLogin yes
  PasswordAuthentication yes
  PubkeyAuthentication no
  and the /etc/ssh_config file on the OD replica like this:
  PasswordAuthentication yes
  PubkeyAuthentication no
  Then from the OD replica as the 'root' user issue:
  slapconfig -createreplica <ODMasterIPorFQDN> <diradmin user>
  Make sure that the 'diradmin' user's password contains only alpha-numeric characters -no 'option-characters' or symbols, change it first if it does. Once the process completes, reactivate the secondary interface for the 'public' IP and check the configuration of services that will be using that IP, then start your other services. Secure the 'ssh' service on both machines to disable password authentication and 'root' logins.

• Open Directory Replica Over VPN

  Hey All,
  I've got two servers, one in the office running as our Open Directory Master and one that I've placed in a remote data centre as our new web/e-mail box that I'm hoping to make a OD Replica before I move these services out to it.
  After a lot of blood/sweat/tears/coffee I was able to get it connected back to the office over site-to-site VPN with our Linksys RV082 in the office and using raccoon on the remote Tiger Server with the help of s2svpnadmin.
  I've got DNS configured on both and can ping back and forth, resolve back and forth, the VPN tunnel is running quite beautifully as if they were right beside each other on the same switch.
  The remote is on the 192.168.4.x subnet and our internal is on the local 192.168.1.x subnet. Really works well.
  But...
  When I try to make the remote box a replica of our OD Master things seem to go well, but shortly after it's done the initial 'replication' the remote box reverts back into standalone mode and I can't login to it using any directory users. (The local OD Master stays humming along just fine)
  I've found this post that mentions a very similar situation:
  http://discussions.apple.com/thread.jspa?threadID=1173913&tstart=221
  Basically it appears that the Directory Service doesn't like to talk over Tiger Server's own VPN implementation.
  I tried replicating the issue on a remote client's Tiger xServe connecting to their SonicWall and I was able to replicate over to them just fine and it sticks, so it makes me think it's definitely something about the VPN service on Tiger Server.
  This remote box is in a data centre so I want to avoid having to buy and install a dedicated hardware device to solve this problem if I can (not even sure if they'd let me). It seems silly that they wouldn't have tested this configuration as I have to expect that it would be a common one.
  Any help or insight you could offer would be invaluable! Thanks!

  Hey Leif,
  The remote box has a public IP and then I've created an internal duplicate running at 192.168.4.1 with itself as the 'router/gateway'. This seems to work.
  I can ping 'to' the remote box from the office side over the VPN tunnel by pinging '192.168.4.1'.
  And from the remote box I can ping back to the office but only after I add a route:
  route add -net 192.168.1.0/24 192.168.4.1
  ...on the remote machine.
  After that I can get traffic back and forth. It seems to work perfectly.
  I can connect using just about any service I want over the VPN, ex. AFP and things work as if the box was in the office, it's nice.
  My OD Master on the local side is also my Primary DNS Server, the remote box doubles as a Secondary DNS Slave.
  I use views in my DNS to handle both private and public traffic (we're a small business so getting the most out of our gear is important), I can ask both boxes about themselves in both public and private views and they respond correctly.
  Box A: (In The Office)
  (Internal)
  boxa.domain.com has address 192.168.1.170
  170.1.168.192.in-addr.arpa domain name pointer boxa.domain.com.
  (External)
  boxa.domain.com has address 215.25.xx.xx
  xx.xx.25.215.in-addr.arpa domain name pointer boxa.domain.com.
  (Testing Localhost)
  localhost has address 127.0.0.1
  1.0.0.127.in-addr.arpa domain name pointer localhost.
  Box B: (In The Datacentre)
  (Internal)
  boxb.domain.com has address 192.168.4.1
  1.4.168.192.in-addr.arpa domain name pointer boxb.domain.com.
  (External)
  boxb.domain.com has address 216.46.xx.xx
  xx.xx.46.216.in-addr.arpa domain name pointer boxb.domain.com.
  (Testing Localhost)
  localhost has address 127.0.0.1
  1.0.0.127.in-addr.arpa domain name pointer localhost.
  I'm convinced it's something on the remote box as I can get the replication to work reliably when trying another box whose VPN is handled by a dedicated device. I've seen posts like this one:
  http://blog.aaronmarks.com/?p=31
  That seem to discuss similar issues.

• Open Directory Setup Error

  I attempted to set up the Open Directory on Lion Server.  I entered all the information and clicked the Setup button.  It said it had an error while setting it up and that I should restart the Server to fix it.  I did that and now when I go to connect, I get the message "An error occurred while attempting to bind diradmin to 192.168.1.90.  Please try again."  Now what?  Is there a way to clear the settings and start over?  Mac Mini - Server 10.7.2.

  I just encountered this error.  "An error occurred while attempting to bind diradmin to ' and the my local IP address.
  What fixed it for me was to set the IP address to 127.0.0.1 (which means the current machine) rather than the current machine's actual IP address.  Of course it should be the same thing, but it seems to be picky!

• Open Directory setState error

  Hi,
  I had an Open Directory system working fine, rebooted my (Mac Mini 2011) server and now it refuses to start. I get:
  "An error occurred on the server while processing a command. The error occurred while processing a command of type 'setState' in plug-in 'servermgr_dirserv'"
  I had this error before on an old installation of OS X which I have since reinstalled.
  What's going on? Open Directory seems to me to be completely and utterly unstable, and not fit for purpose. All of a sudden it's stopped working and therefore I can't login using my normal username and password. What gives?!

  Looking at the logs I'm getting these errors:
  [email protected]:/private/var/tmp/OpenLDAP/OpenLDAP-208.1~6/servers/slapd
  Sep 30 19:48:32 woz.private slapd[1629]: slap_add_listener: opened additional listener 'ldaps:///'
  Sep 30 19:48:32 woz.private slapd[1629]: bdb(dc=woz,dc=private): file id2entry.bdb has LSN 1/1837404, past end of log at 1/1693634
  Sep 30 19:48:32 woz.private slapd[1629]: bdb(dc=woz,dc=private): Commonly caused by moving a database from one database environment
  Sep 30 19:48:32 woz.private slapd[1629]: bdb(dc=woz,dc=private): to another without clearing the database LSNs, or by removing all of
  Sep 30 19:48:32 woz.private slapd[1629]: bdb(dc=woz,dc=private): the log files from a database environment
  Sep 30 19:48:32 woz.private slapd[1629]: bdb(dc=woz,dc=private): /var/db/openldap/openldap-data/id2entry.bdb: unexpected file type or format
  Sep 30 19:48:32 woz.private slapd[1629]: bdb_db_open: database "dc=woz,dc=private": db_open(/var/db/openldap/openldap-data/id2entry.bdb) failed: Invalid argument (22).
  Sep 30 19:48:32 woz.private slapd[1629]: backend_startup_one (type=bdb, suffix="dc=woz,dc=private"): bi_db_open failed! (22)
  Sep 30 19:48:32 woz.private slapd[1629]: bdb_db_close: database "dc=woz,dc=private": alock_close failed
  Sep 30 19:48:32 woz.private slapd[1629]: slapd stopped.

• Open Directory startup error

  Hi,
  10.8.2 / Server 2.2
  Attempting to turn Open Directory fails with the message:
  An error occurred on the server while processing a command.
  The error occurred while processing a command of type 'setState' in plug-in 'servermgr_dirserv'
  How can I resolve this?
  Thanks.

  Thanks for replying. It's a new install, and it worked for about 2 days before it stopped working. I'm not sure what changes I made to break OD.
  I'm probably not knowlegable enough to understand the log file, even if I knew where to look. Apple did position this as "server for the rest of us" with a low price, so I'm using it to learn. And since I'm using this to learn, I don't mind starting over. But as far as I can see I see no option of creating a new master database, only a replicate record.
  Again, thanks for replying.

• Open directory install error

  Hello,
  I have a MAC Mini with OSX 10.8.4 and Server 2.2.1 ,
  I am trying to configure Profile Manager on the Server.app but i encountered after a long time an  error :
  when i create Open Directory master .
  LDAP log:
  Jul 12 16:17:58 mdm.dom-ad-etandex.fr slapd[1970]: @(#) $OpenLDAP: slapd 2.4.28 (Apr 25 2013 19:11:59) $
                      [email protected]:/private/var/tmp/OpenLDAP/OpenLDAP-208.4~3/servers/slapd
  Jul 12 16:17:58 mdm.dom-ad-etandex.fr slapd[1970]: daemon: SLAP_SOCK_INIT: dtblsize=8192
  Jul 12 16:17:58 mdm.dom-ad-etandex.fr slapd[1970]: /etc/openldap/slapd_macosxserver.conf: line 228: invalid path: No such file or directory
  Jul 12 16:17:58 mdm.dom-ad-etandex.fr slapd[1970]: slapd stopped.
  sudo -changeip checkhostname is succesful even dig work.
  I tryied to reinstall Server.app , rm some directory but i still have this error...
  Does someone has any clue ?

  I have the exact same issue, same setup.

• Open Directory authentication error

  Hi,
  I am trying to create a replica with 10.8 server.
  Steps:
  Create OD on server 1.
  Create Replica on server 2. All works fine
  Restore OD. Replica stop working. I get an error message saying that I cannot authentificate against diradmin on main OD.
  What is the step to either merge the database or create a new diradmin password. This is driving me nuts!
  Tks

  Get a working master with all your users first.
  Make sure DNS (forward and reverse) is correct from both locations.
  Then add the replica.
  There's a good chance the OD you are restoring has references to an older hostname or IP, this can break your setup.
  Depending on the size of your setup.. it may be less painful not to bother restoring your old OD and just create from users/groups scratch (leaving behind the possibility of bringing in issues related to your previous OD config).
  Its a hassle.. but looking for a needle in a haystack is also.

• Unable to replicate Open Directory server

  I have a Master OD server that is currently being replicated to an offsite OD.
  But im looking to run a dedicated Mini for the offsite, but i cannot get the new mini to replicate.
  The slapconf log says the credentials are invalid. and exits with error code=69
  I have reset the directory admin password. made sure the network settings were all correct and the hostname and DNS name are correct.
  the OS and server versions are identical between the 2 servers.
  Anyone have any thoughts???

  Can't Create Replica in Open Directory
  Failed to setup Open Directory Replica.
  Still not possible to create OD Replic under Lion Server

• Open Directory Server appears as /LDAPv3/127.0.0.1, not as /LDAPv3/FQDN

  I am running Mac OS X Server 10.4.7 and when I setup my Open Directory Master it shows in Directory Access Utility and Workgroup Manager as /LDAPv3/127.0.0.1.
  This not make sense since a nslookup anwers correctly for IP address and Hostname. So, I think it would shows as /LDAPv3/FQDN
  If I change the field "Server Name or IP Address" in LDAPv3 section of Directory Access Utility to the FDQN, Workgroup Manager shows /LDAPv3/FQDN and works perfectly, but if I try to create an Open Directory Replica in another server, I receive a message "Unable to Authenticate on Server as Directory Admin"

  Thanks for your answer Ralph!
  Really I get my other server promoted to an OD Replica when my OD Master appears as /LDAPv3/127.0.0.1, but I was in doubt about this when I go to the Replica's WGM Sharing pane to set User's folder as an Automount Point in /LDAPv3 Directory because it shows as /LDAPv3/127.0.0.1
  Maybe I am wrong, but in the Replica's server this will point to the localhost directory. This assumption is correct?

• 10.7.2: still can't replicate 10.6 Open Directory or restore from backup

  I am trying to migrate my Open Directory (OD) database from an Xserve running 10.6.8 to an iMac running 10.7.2 now. As before the update to 10.7.2, I am unable to make the Lion server an OD replica of the OD database running on Snow Leopard.
  This is what I do (please let me know, if anyting I do is wrong):
  On the Snow Leopard Server (SLS) in the Server Admin utility, I go to the Open Directory service, the "Archive" subsection, choose a target directory for "Archive In", and click on the Archive button. I am then asked to name my archived database and provide a password. Let's say, it is "OD Archive," the file generated will be "OD Archive.sparseimage".
  I copy this Sparseimage to the deskop of my Leopard Server (LS).
  I then open the same place in the Server Admin utility on the LS. In the "Restore from" section I browse to the LS desktop and "Choose" the saved Sparseimage. I click on "Restore," at which point I am asked for the password of the archived OD database. When I supply it, it appears that my OD archive is being imported.
  However, going into the Workgroup Manager on the LS, and logging in as diradmin, into /LDAPv3/127.0.0.1, shows no users from my SLS having been migrated. Why has this still not been fixed?
  Likewise, when I try to make the LS an Open Directory replica of the SLS, I again, even after this updated informed that my OD database admin credentials are incorrect, when they are not. I had surely expeced a fix for this by the time we reached 10.7.2.

  Historically you have not been able to mix versions between an Open Directory Master and Replica, that is both would either have to be Snow Leopard, or both would have to be Lion.
  I have not tried upgrading to Lion this way (I am currently leaving my servers on Snow Leopard) but I can suggest the following based on experiences with Snow Leopard Servers.
  As you already appear to have done, in Snow Leopard Server make an Archive of your Open Directory setup
  Make sure you also have a backup of the entire Snow Leopard Server so you can go back to it if you can't successfully move to Lion
  Setup the hostname, IP address and DNS records (which might mean setting up a DNS server) for the new Lion Server
  Check this using the command line
  sudo changeip -checkhostname
  Make the new Lion Server in to a new empty Open Directory Master
  Test this new Open Directory Master by creating a test user and then deleting afterwards
  Now move on to the restoring of the Open Directory Archive, when I did this last time, I found that I was given two choices, either to completely replace the Open Directory with the one from the Archive, or to merge the two together. I found that trying to replace failed and resulted in an empty Open Directory like you report, I found that chosing merge did work successfully
  If the above still does not work, then you might have to consider the following alternative approach.
  On the Snow Leopard Server in Workgroup Manager export all the user accounts except the Admin and DirAdmin accounts
  Optionally export all the Groups
  Optionally export all the Computer Groups
  Setup the new Lion Server
  Create a new empty Open Directory
  Import the files exported from Workgroup Manager
  This will not keep the original passwords. You will have to set a password for each account.

• Open directory in mavericks server.

  Setting up mavericks server - open directory displays error " server was successfully configured as a directory server but an error occurred" I have tried everything. Can anyone help ?

  Does the server show up in the Server list as (Master)?  If so, delete it, make absolutely sure your DNS set up and try again.
  Even though I hsve a fully qualified Domain name, SERVER.DOMAIN.COM and my reverse lookup set weith my ISP. if I do a lookup for the IP of my server it returns server.domain.com, found Open Directory was much happier if  I used the DNS server on the Server Itselfl
  In Server DNS created a Primary Zone for my doman, domain.com. Then a Machine A Record for server,domain.com. It automatically made a nameserer record of server.domain.com and the Reverse Zone and server mapping for reverse lookup. Then set it to perform lookups for this server only. Then set 127.0.0.1 as the First DNS server in System Network Settings before any ISP DNS Servers. Then for good measure also entered my ISPs DNS servers in as forwarding servers. Then setup Open Directory with the correct domain with no errors.

• Open Directory: "Unable to load replica list"

  I'm currently running Mavericks Server 3.1 on my Mac Mini at the home network. I had some issues with the client logins and went for local accounts on the clients instead. Today I finally wanted to fix the problem and go all Open Directory. But the Open Directory service was shut off when I opened the server software. I tried to turn it on but got a message saying "Unable to load replica list". I updated the software to the latest 3.1 but are still having the same issue. I never had any replica list, I only had a standard one from the start, but it seems I can't do anyhing there now.
  LDAP log:
  Mar 21 22:48:38 xxYY.com slapd[172]: @(#) $OpenLDAP: slapd 2.4.28 (Nov 12 2013 12:02:47) $
  [email protected]:/private/var/tmp/OpenLDAP/OpenLDAP-491.1~1/servers/slapd
  Mar 21 22:48:38 xxYY.com.com slapd[172]: daemon: SLAP_SOCK_INIT: dtblsize=8192
  Mar 21 22:48:39 xxYY.com.com slapd[172]: TLS: found identity in keychain using identity preference.
  Mar 21 22:48:42 xxYY.com.com slapd[172]: slap_add_listener: opened additional listener 'ldaps:///'
  Mar 21 22:48:42 xxYY.com.com slapd[172]: bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
  Mar 21 22:48:44 xxYY.com.com slapd[172]: slapd starting
  Mar 21 22:48:44 xxYY.com.com slapd[172]: daemon: posting com.apple.slapd.startup notification
  Mar 21 22:48:54 xxYY.com.com slapd[172]: => bdb_idl_delete_key: c_del id failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
  Mar 21 22:48:54 xxYY.com.com slapd[172]: conn=1022 op=3: attribute "entryCSN" index delete failure
  Mar 21 22:50:02 xxYY.com.com slapd[172]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
  Mar 21 22:50:02 xxYY.com.com slapd[172]: conn=1042 op=3: attribute "entryCSN" index delete failure
  I don't understand any of this other than the obvious failure words. Can anyone understand this and help me here?

  This procedure is a diagnostic test. It makes no changes to your data. If you have more than one user account, you must be logged in as an administrator to carry out these instructions.
  Please triple-click anywhere in the line below on this page to select it:
  sudo /usr/libexec/slapd -Tt | pbcopy
  Copy the selected text to the Clipboard by pressing the key combination command-C.
  Launch the built-in Terminal application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.
  Paste into the Terminal window by pressing the key combination command-V. I've tested these instructions only with the Safari web browser. If you use another browser, you may have to press the return key after pasting. You'll be prompted for your login password. Nothing will be displayed when you type it. If you don’t have a login password, you’ll need to set one before you can run the command. You may get a one-time warning to be careful. Confirm. You don't need to post the warning.
  If you see a message that your username "is not in the sudoers file," then you're not logged in as an administrator. Log in as one and start over.
  Wait for a new line ending in a dollar sign ($) to appear below what you entered.
  The output of the command will be automatically copied to the Clipboard. If the command produced no output, the Clipboard will be empty. Paste into a reply to this message.
  The Terminal window doesn't show the output. Please don't copy anything from there.

• I can't start a open directory, it gives an error saying: check network config

  Hi,
  to begin with, i'm dutch so sorry for my bad writing.
  Setup:
  Mac mini OSX server mountion lion 10.8.5
  local users
  cisco rvs4000
  I'm having an issue since i changed my networks WANIP because we got a new and better internet line.
  Also the new inviroment comes with a new router.
  Now here's the problem, since this change i couldn't set up a VPN L2TP connection anymore..
  So i looked at the VPN log, but there wasn't any text referring to a VPN L2TP connection. And yes i forwarded ervery port,
  UDP 1701,500,4500 and the ESP 50 protocol is forwarded by the cisco router with the standard VPN passtrough option.
  The next thing i tried is setting up an PPTP connection, after this i got the error: identity is not accepted. this time the VPN log gives me
  an error:
  0x0> <magic 0x628df8e6> <pcomp> <accomp>]
  Thu Oct 17 12:42:33 2013 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x2b13fb41> <pcomp> <accomp>]
  Thu Oct 17 12:42:33 2013 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x2b13fb41> <pcomp> <accomp>]
  Thu Oct 17 12:42:33 2013 : sent [LCP EchoReq id=0x0 magic=0x2b13fb41]
  Thu Oct 17 12:42:33 2013 : sent [CHAP Challenge id=0x2f <7b651c211c2065155c574d41732c394e>, name = "server.xxxxxx.private"]
  Thu Oct 17 12:42:33 2013 : rcvd [LCP EchoReq id=0x0 magic=0x628df8e6]
  Thu Oct 17 12:42:33 2013 : sent [LCP EchoRep id=0x0 magic=0x2b13fb41]
  Thu Oct 17 12:42:33 2013 : rcvd [LCP EchoRep id=0x0 magic=0x628df8e6]
  Thu Oct 17 12:42:33 2013 : rcvd [CHAP Response id=0x2f <eb158db194714bbd1f17f0aeae993927000000000000000012f827aea75c2b6cb2dbcbbd3bfabb 1bb6a7534d96d956f300>, name = "vpnuser"]
  Thu Oct 17 12:42:33 2013 : DSAuth plugin: unsupported authen authority: recved Kerberosv5;;vpnuser@LKDC:SHA1.F0E4A62A66239C74E50793F3F30997F086074A1E;LKDC:SHA1 .F0E4A62A66239C74E50793F3F30997F086074A1E, want ApplePasswordServer
  Thu Oct 17 12:42:33 2013 : DSAuth plugin: MPPE key required, but its retrieval failed.
  Thu Oct 17 12:42:34 2013 : sent [CHAP Failure id=0x2f "S=4E4083190FD57B13DA38015F52FE14F8F594766A M=Access granted"]
  Thu Oct 17 12:42:34 2013 : CHAP peer authentication failed for vpnuser
  Thu Oct 17 12:42:34 2013 : sent [LCP TermReq id=0x2 "Authentication failed"]
  Thu Oct 17 12:42:34 2013 : Connection terminated.
  Thu Oct 17 12:42:34 2013 : PPTP disconnecting...
  Thu Oct 17 12:42:34 2013 : PPTP disconnected
  2013-10-17 12:42:34 CEST       --> Client with address = 192.168.1.205 has hungup
  When i googled for this problem all the awnsers were based on OD users and my in situation there were only local users.
  So i thought if i just add all my users ( 10 local users ) to an OD it should fix my problem but here comes the next thing.
  When i tried to configure an Open directory it gives me an error that the OD couldn't finish and to check my network settings.
  sudo changeip -checkhostname gives me the right adress, dns seems to be ok. The error that console constantly gives is:
  servermgd: servermgr_accounts: got error 5000 trying to auth to local LDAP node
  and
  WARING found KDC certificate
  and
  ntdp: GetConfig: Couldn't open </private/etc/ntp_opendirectory.conf
  I'm stuck at this point, never seen this problem before.. someone knows a fix or work around for this??
  thanks in advance

  To check the local network for some of the common configuration problems, launch Terminal.app and issue the following diagnostic command:
  sudo changeip -checkhostname
  That'll report some local configuration information and then either no errors detected and no changes required, or it'll point to whatever configuration errors or issues it might detect.  That doesn't catch everything, but it catches the common errors.
  FWIW, 192.168.0.0/24 and 192.168.1.0/24 are poor choices for the local network, as VPNs are based on IP routing and IP routing gets tangled when the same subnet is used on both ends of the VPN. 192.168.0.0/24 and 192.168.1.0/24 are near ubiquitous in home networks and coffee shops.

• Open directory error 4001 occurred

  When trying to add a new user I get an error message of:
  "User creation failed
  The server reported the error 'Open Directory error 4001 occurred' while trying to create the user."
  I can find nothing about this error and what it means. I've Googled and searched the Snow Leopard server documentation.
  This is a recent, clean install of Snow Leopard server (installed about a week ago) with all updates so it is now running 10.6.1. I had no problem adding 7 other accounts on days 1 and 2 after the install, but now cannot add another.
  Any help greatly appreciated.
  Thanks

  Not sure what happened, but I rebooted the server and now everything appears to be working again.
  I'm wondering if this problem was caused by changes I made to the DNS server (also running on this server)? Maybe Open Directory cannot handle certain DNS changes without restarting?