Open Directory Setup Error

Similar Messages

• Open directory install error

  Hello,
  I have a MAC Mini with OSX 10.8.4 and Server 2.2.1 ,
  I am trying to configure Profile Manager on the Server.app but i encountered after a long time an  error :
  when i create Open Directory master .
  LDAP log:
  Jul 12 16:17:58 mdm.dom-ad-etandex.fr slapd[1970]: @(#) $OpenLDAP: slapd 2.4.28 (Apr 25 2013 19:11:59) $
                      [email protected]:/private/var/tmp/OpenLDAP/OpenLDAP-208.4~3/servers/slapd
  Jul 12 16:17:58 mdm.dom-ad-etandex.fr slapd[1970]: daemon: SLAP_SOCK_INIT: dtblsize=8192
  Jul 12 16:17:58 mdm.dom-ad-etandex.fr slapd[1970]: /etc/openldap/slapd_macosxserver.conf: line 228: invalid path: No such file or directory
  Jul 12 16:17:58 mdm.dom-ad-etandex.fr slapd[1970]: slapd stopped.
  sudo -changeip checkhostname is succesful even dig work.
  I tryied to reinstall Server.app , rm some directory but i still have this error...
  Does someone has any clue ?

  I have the exact same issue, same setup.

• Open Directory setup on 10.7.3

  Hi All,
  I am trying to setup test server with following services:
  DHCP
  DNS
  Open Directory
  Profile Manager
  Software Update
  But not having much of success. I have installed 10.7.3 on virtual machine (Using Fusion 4) on Mac Pro and given a 4 GB of RAM. This machine is running in its own bubble, it has no communication even with host. So I have configured DHCP and DNS services which seems to be working fine (I have confirmed with another client which can get IP and DNS server address from this server).
  Now whenever I have tried to run OD setup using both tools (Server App and Admin Tool), it takes forever to configure (more than 1 hour) and then it fails with error saying "check your network settings". I have checked and machine has proper IP address (tried both DHCP and Static) and also used "lookup" utility to resolve the DNS address both ways (forward and reverse).
  Is there anything that missing in my steps?
  Thanks,

  I don't have the exact message right now because I have deleted that virtual machine after getting that error message. I am going thru the setup again and I will record it if I get that message again.
  Would be able to tell me anything wrong with my setup? Here is what I have and what I am doing:
  Lion is installed on a virtual machine using VMware fusion.
  I haved added two NICs to that machine so that I can have one with static IP address and other hand NAT connection so that machine can I have outside communication for server install. I have tried to install with one NIC with static IP address but it won't let me install without internet connection.
  Then I go thru installing server component of Lion installation and once that is done then I have installed brand new Admin tools package.
  Then I disable the network connection and I use the Admin tool to install DHCP and DNS server so that it isolated environment which is free of any outside changes.
  Under the DHCP scope, I added my server to have a static IP address which was previously configured before installing the server component. And for DNS service I have added my machine as well.
  After rebooting the machine, I use the server App to configure OD service which ask me couple of question and get started on this setup but takes forever (like an hour or more).
  Do I need to do anthying else which might be required for this setup?
  Thanks for your help and sorry for the long and boring post,

• Open Directory setState error

  Hi,
  I had an Open Directory system working fine, rebooted my (Mac Mini 2011) server and now it refuses to start. I get:
  "An error occurred on the server while processing a command. The error occurred while processing a command of type 'setState' in plug-in 'servermgr_dirserv'"
  I had this error before on an old installation of OS X which I have since reinstalled.
  What's going on? Open Directory seems to me to be completely and utterly unstable, and not fit for purpose. All of a sudden it's stopped working and therefore I can't login using my normal username and password. What gives?!

  Looking at the logs I'm getting these errors:
  [email protected]:/private/var/tmp/OpenLDAP/OpenLDAP-208.1~6/servers/slapd
  Sep 30 19:48:32 woz.private slapd[1629]: slap_add_listener: opened additional listener 'ldaps:///'
  Sep 30 19:48:32 woz.private slapd[1629]: bdb(dc=woz,dc=private): file id2entry.bdb has LSN 1/1837404, past end of log at 1/1693634
  Sep 30 19:48:32 woz.private slapd[1629]: bdb(dc=woz,dc=private): Commonly caused by moving a database from one database environment
  Sep 30 19:48:32 woz.private slapd[1629]: bdb(dc=woz,dc=private): to another without clearing the database LSNs, or by removing all of
  Sep 30 19:48:32 woz.private slapd[1629]: bdb(dc=woz,dc=private): the log files from a database environment
  Sep 30 19:48:32 woz.private slapd[1629]: bdb(dc=woz,dc=private): /var/db/openldap/openldap-data/id2entry.bdb: unexpected file type or format
  Sep 30 19:48:32 woz.private slapd[1629]: bdb_db_open: database "dc=woz,dc=private": db_open(/var/db/openldap/openldap-data/id2entry.bdb) failed: Invalid argument (22).
  Sep 30 19:48:32 woz.private slapd[1629]: backend_startup_one (type=bdb, suffix="dc=woz,dc=private"): bi_db_open failed! (22)
  Sep 30 19:48:32 woz.private slapd[1629]: bdb_db_close: database "dc=woz,dc=private": alock_close failed
  Sep 30 19:48:32 woz.private slapd[1629]: slapd stopped.

• Open Directory startup error

  Hi,
  10.8.2 / Server 2.2
  Attempting to turn Open Directory fails with the message:
  An error occurred on the server while processing a command.
  The error occurred while processing a command of type 'setState' in plug-in 'servermgr_dirserv'
  How can I resolve this?
  Thanks.

  Thanks for replying. It's a new install, and it worked for about 2 days before it stopped working. I'm not sure what changes I made to break OD.
  I'm probably not knowlegable enough to understand the log file, even if I knew where to look. Apple did position this as "server for the rest of us" with a low price, so I'm using it to learn. And since I'm using this to learn, I don't mind starting over. But as far as I can see I see no option of creating a new master database, only a replicate record.
  Again, thanks for replying.

• Open Directory authentication error

  Hi,
  I am trying to create a replica with 10.8 server.
  Steps:
  Create OD on server 1.
  Create Replica on server 2. All works fine
  Restore OD. Replica stop working. I get an error message saying that I cannot authentificate against diradmin on main OD.
  What is the step to either merge the database or create a new diradmin password. This is driving me nuts!
  Tks

  Get a working master with all your users first.
  Make sure DNS (forward and reverse) is correct from both locations.
  Then add the replica.
  There's a good chance the OD you are restoring has references to an older hostname or IP, this can break your setup.
  Depending on the size of your setup.. it may be less painful not to bother restoring your old OD and just create from users/groups scratch (leaving behind the possibility of bringing in issues related to your previous OD config).
  Its a hassle.. but looking for a needle in a haystack is also.

• Open directory replica error

  Hi.
  Just upgraded two 10.7 servers, one master and one replica to 10.8.2. Found replica was no longer a replica. Went to add it. Errors. Tried a preflight check. This is what it tod me.
  2012-12-18 03:40:28 +0000 NSMutableDictionary *_getRootDSE(const char *): rootDSE not found
  2012-12-18 03:40:28 +0000 Error: Unable to determine the master's software version.
  Any ideas? Thanks

  you can not mix versions of the os when doing a replica so
  10.4.x can only replicate 10.4.x
  10.5.x can only replicate 10.5.x
  it is in the docs.

• Exception in servermgr_accounts when creating open directory master...

  Just to give you some background, I'm new to Mac Os X Server. And I'm trying to get a mail/ical/web-server with "open directory" setup. The server is placed in a remote location, behind a NAT-firewall.
  I thought I hade everything setup, took a while to figure out the DNS-configs. But I managed to get everything working, and apply the server through a NetworkAccountServer on a client.
  When I wanted to setup some e-mail aliases for my e-mail accounts, I remembered I hade seen that in "Server Preferences".
  But when opening "Server Preferences" i got the following message:
  "Multiple errors occurred on the server while processing commands. Use the Console application to view the error messages.", I could access everything accept Users and Groups, when clicking these it tried to create a new open directory.
  The Console App shows this Message:
  2/4/11 1:15:31 AM servermgrd[3725] servermgr_accounts: noteDirectoryNodeAdded (reopening nodes)
  2/4/11 1:15:31 AM servermgrd[3725] * Terminating app due to uncaught exception 'NSUnknownKeyException', reason: '[<NSCFDictionary 0x102021680> valueForUndefinedKey:]: this class is not key value coding-compliant for the key VR.'
  * Call stack at first throw:
  0 CoreFoundation 0x00007fff878fc7b4 __exceptionPreprocess + 180
  1 libobjc.A.dylib 0x00007fff890ce0f3 objcexceptionthrow + 45
  2 CoreFoundation 0x00007fff87954969 -[NSException raise] + 9
  3 Foundation 0x00007fff87e61c92 -[NSObject(NSKeyValueCoding) valueForUndefinedKey:] + 245
  4 Foundation 0x00007fff87d915a8 -[NSObject(NSKeyValueCoding) valueForKey:] + 420
  5 Foundation 0x00007fff87d8d0f6 -[NSDictionary(NSKeyValueCoding) valueForKey:] + 173
  6 servermgr_accounts 0x00000001005799c1 scDynamicStoreNotificationCallback + 25876
  7 servermgr_accounts 0x0000000100579948 scDynamicStoreNotificationCallback + 25755
  8 servermgr_accounts 0x0000000100577648 scDynamicStoreNotificationCallback + 16795
  9 servermgr_accounts 0x0000000100573521 scDynamicStoreNotificationCallback + 116
  10 SystemConfiguration 0x00007fff82273dad rlsPerform + 115
  11 CoreFoundation 0x00007fff87899401 __CFRunLoopDoSources0 + 1361
  12 CoreFoundation 0x00007fff878975f9 __CFRunLoopRun + 873
  13 CoreFoundation 0x00007fff87896dbf CFRunLoopRunSpecific + 575
  14 Foundation 0x00007fff87dc08e4 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 270
  15 Foundation 0x00007fff87dc07c3 -[NSRunLoop(NSRunLoop) run] + 77
  16 servermgrd 0x0000000100003f13 0x0 + 4294983443
  17 servermgrd 0x0000000100001388 0x0 + 4294972296
  18 ??? 0x0000000000000002 0x0 + 2
  2/4/11 1:15:31 AM com.apple.launchd[1] (com.apple.servermgrd[3725]) Job appears to have crashed: Abort trap
  2/4/11 1:15:31 AM com.apple.ReportCrash.Root[3831] 2011-02-04 01:15:31.997 ReportCrash[3831:2a03] Saved crash report for servermgrd[3725] version ??? (???) to /Library/Logs/DiagnosticReports/servermgrd2011-02-04-011531localhost.crash
  2/4/11 1:15:32 AM edu.mit.Kerberos.kadmind[3848] kadmind: starting...
  2/4/11 1:15:33 AM Server Admin[1931] Error '-1' when applying directory role change
  2/4/11 1:15:34 AM com.apple.launchd[1] (edu.mit.Kerberos.kadmind[3848]) Exited with exit code: 2
  2/4/11 1:15:34 AM com.apple.launchd[1] (edu.mit.Kerberos.kadmind) Throttling respawn: Will start in 9 seconds
  2/4/11 1:15:34 AM com.apple.launchd[1] (edu.mit.Kerberos.krb5kdc) Throttling respawn: Will start in 9 seconds
  2/4/11 1:15:43 AM edu.mit.Kerberos.kadmind[3951] kadmind: starting...
  2/4/11 1:15:51 AM com.apple.launchd[1] (com.apple.suhelperd[4009]) Exited with exit code: 2
  I tried reseting the "Open Directory Service" in "Server Admin", by setting it to "standalone directory".
  It did stop the "Open directory", but the console was again showing the message above.
  With the server in stand-alone mode, I could access "Server Preferences" again, but as soon as I create an "Open Directory again", it fails with the above error, and I cant access the Open Directory from Server Preferences.
  To summarize, the message shows when:
  1. Creating an Open Directory Master.
  2. Removing a Open Directory Master.
  3. Entering Server Preferences with Open Directory Master running.
  A wierd thing is that the "Open directory" seems to be fine. I can manage it in "Workgroup manager", login to webmail, calenders, VPN etc. I just can't manage it from "Server Preferences".
  I did make som misstakes in the beginning (primarly not setting a proper host-name before creating the first "Open Directory", and also having a local-user with the same short-name as a user in the "Open Directory") But that should all solved now.
  Any Idea's on what could be wrong?
  Where else can I set e-mail aliases for my "Open Directory" users? Is it possible for them to administer aliases themselves?
  Thanks in advance!
  PS. Anyone have any tips on mail-forwarding to multiple external accounts? Do I really need to edit this manually in /etc/postfix/aliases? Is there anyway I can let my users administer forwarding?

  If anyone else has similar issues, I didn't find a solution. Re-installed the server from scratch...

• Open Directory and Mobile Home Folders

  Hi All,
  I am a bit confused about Open Directory and Mobile Accounts! here is our scenario. We have an Open Directory setup and all Accounts are set to mobile, accounts are almost 250+, my main problem is the Synchronization Conflicts, the accounts are automated to sync every 30 mins, the problem is every now and then schronization conflict windows popups, our users are complaining almost everytime, another problem is all of the users home folder has a qouta of 5GB, problem is there are users who excedd on the qouta some goes up to 60GB and 100GB, how do i solve this two problems. i am about to loose my mind. We setup like this in order for us to have a backup of all files of the users in case problem arises in the workstation. i have notice that synching file error comes up if you have temporary files used by any applications. the home folder of each user will exclude library, trash, music and entourage databse. Please Do help me.!!! Anyone who knows..?
  Environment
  OD Server - MacOS X Server Tiger 10.4.4
  Workstations - mix MacOS X Tiger 10.4.4 - 10.4.7
  AFP Home Folder - MacOS X Server Tiger 10.4.6 mounted Xsan Volume for home folders
  johnaris
  PLEASE HELP!

  Thanks for the info, by now i will look into that little utility that is very helpful (console!)
  Yes, I was thinking of synching our users at login and logout, the problem here is that, users here has bigger home folders.. mostly about 3GB, and it will took time to login a user, about 6-10 mins, depends on the network, we have networks users that that has slow networks and fast network on video editing users. What I did is that i excluded the Library in the synch options on each unit here, since we are not using Apple's Mail and iCal, it did minimize the synching error but the temp files and date discripancies are mostly that will generate an error, I am having really problems with this.
  thanks for the info i really appreciate it.

• Authentication Delays / Slow Authentication for Open Directory Users

  I'm experiencing delays when authenticating Open Directory users and it absolutely has me at my wit's end.
  The problem is quite simple: any time an Open Directory user authenticates his password there is a delay of at least 5-10 seconds. This goes for clients that are bound to the directory server and also authenticating locally on the server. Here are some examples:
  * On the server, there is a several second delay on the Login Window screen when trying to log in using an Open Directory account. Logging in as a local user is instantaneous.
  * In Workgroup manager, authenticating as the Directory Administrator takes several seconds.
  * On a remote computer, sharing the screen using an Open Directory user take several seconds and again, a local user is instantaneous. Screen sharing takes particularly long and often temporarily shows a sheet saying it has lost the connection with the server while authenticating.
  * Connecting with AFP takes several seconds when using an Open Directory login
  * On a client computer, unlocking the screen after sleep or screen saver takes several seconds for Open Directory users
  * Connecting with SSH does NOT exhibit the behavior
  In addition to all of this, I've seen periodic random unexplainable freezes for several seconds on client computers that are bound to the directory even when logged in as a local user account (and with no other users logged in.) For example, launching applications often results in a freeze. After unbinding the computer from the directory the problem goes away entirely.
  The history of the problem:
  Used Tiger Server for over a year = no problems
  Clean install of Leopard Server 10.5.0 back in October = no problems
  Update to Leopard Server 10.5.1 = no problems
  Then, all of the sudden one day several weeks back I started having problems. The server had been up for a few weeks. I didn't install any updates. I didn't change any configuration. Literally the only thing that I had done recently was unplug the Apple Cinema Display and keyboard+mouse that was connected to the server. Then I started having problems so I plugged the display, keyboard and mouse back in to troubleshoot it. I cleared the directory services caches on my server and clients and rebooted the Airport Base Station that's serving as my router and eventually the problem went away. I wish I could tell you which of those things resolved the problem but I have no idea. It was fine for a couple more weeks (and incidentally I once again unplugged the display, keyboard and mouse from the server). Then last week I started having problems again and this time no amount of rebooting, cache clearing, rebinding, troubleshooting using information in these forums or anything else will fix the problem. I only mention the display/keyboard/mouse thing because it's literally the only thing I changed around the time the problems started happening. I truly don't think it has anything to do with it.
  So in desperation I backed up and did a clean install today. Here's the process I used:
  0. Erase the disk
  1. Install Leopard Server 10.5.0 from the install DVD
  2. In the setup assistant, use the Advanced Configuration option but I didn't enable any services. Set up network settings and host name of myserver.mydomain.private.
  3. Reboot
  4. Use Software Update to update to 10.5.1 and Security Update 2007-009 v1.1
  5. Reboot
  6. Configure DNS (see below for detailed configuration)
  7. Reboot
  8. Change role to Open Directory Master
  9. Reboot
  ... and the problem is still there. Simply logging into the server GUI with the Directory Administrator account has the delay. Authenticating in Workgroup Manager has the delay. I haven't even bothered to set up AFP or any other users yet. I'm truly at my wit's end and I'm ready to chuck the server out the window.
  I've done a lot of googling and searching of these forums looking for answers. All of the responses seem to point to a problem with DNS or with the Kerberos realm. I believe all of my setup is correct. Here it is:
  == Basic Configuration ==
  OS: Mac OS X Server 10.5.1 (9B18) with Security Update 2007-009 v.1.1
  Services Enabled:
  DNS
  Open Directory
  (All other services are not yet enabled)
  == DNS Setup ==
  Primary Zone: mydomain.private.
  Allows zone transfer: no
  Nameservers: ns.mydomain.private.
  myserver (Machine) 10.0.22.201
  ns (Alias) myserver.mydomain.private.
  Reverse Zone: 22.0.10.in-addr.arpa.
  10.0.22.201 (Reverse Mapping) myserver.mydomain.private.
  Accept recursive queries from the following networks:
  localnets
  Forwarder IP Addresses:
  208.67.222.222
  208.67.220.220
  == Open Directory Setup ==
  Role: Open Directory Master
  LDAP Search Base: dc=myserver,dc=mydomain,dc=private
  Kerberos Realm: myserver.mydomain.private
  == Network Configuration ==
  Configure: Manually
  IP Address: 10.0.22.201
  Subnet Mask: 255.255.255.0
  Router: 10.0.22.1
  DNS Server: 127.0.0.1
  Search Domains: mydomain.private
  == Other Stuff ==
  Using 'changeip -checkhostname' verifies that the hostname and DNS hostname are both myserver.mydomain.private.
  I set the realm to myserver.mydomain.private (though the default was myserver.local) based on the advice of another poster to this forum. Kerberos.app reveals something interesting: the kdc and admin servers are both myserver.local and the domains are .local and local. I tried changing all instances of 'local' to 'mydomain.private' to see if that would solve the problem. No luck.
  I verified on a client that 'host myserver' and 'host 10.0.22.201' return proper DNS and reverse DNS resolutions.
  Hopefully one of the gurus out there will be able to help me out.
  Thanks,
  jeff

  I gathered together some log information for when I try to authenticate user 'diradmin' in Workgroup Manager. You can see from the log messages that this authentication took 4 seconds. There's an interesting error message in slapd.log (see below) but it doesn't say what it's looking for in the keytab that it's not finding. Grr! I've provided a listing of the principles in my keytab. I haven't monkeyed around with it at all -- this is just what resulted from promoting the server to an Open Directory Master.
  == kdc.log ==
  Dec 30 18:21:48 myserver.mydomain.private krb5kdc[79](debug): handling authdata
  Dec 30 18:21:48 myserver.mydomain.private krb5kdc[79](debug): handling authdata
  Dec 30 18:21:48 myserver.mydomain.private krb5kdc[79](debug): .. .. ok
  Dec 30 18:21:48 myserver.mydomain.private krb5kdc[79](debug): .. .. ok
  Dec 30 18:21:48 myserver.mydomain.private krb5kdc[79](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) fe80::216:cbff:fea5:f3ce: ISSUE: authtime 1199060508, etypes {rep=16 tkt=16 ses=16}, [email protected] for krbtgt/[email protected]
  Dec 30 18:21:48 myserver.mydomain.private krb5kdc[79](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) fe80::216:cbff:fea5:f3ce: ISSUE: authtime 1199060508, etypes {rep=16 tkt=16 ses=16}, [email protected] for krbtgt/[email protected]
  Dec 30 18:21:52 myserver.mydomain.private krb5kdc[79](info): TGS_REQ (7 etypes {18 17 16 23 1 3 2}) fe80::216:cbff:fea5:f3ce: ISSUE: authtime 1199060508, etypes {rep=16 tkt=16 ses=16}, [email protected] for ldap/[email protected]
  Dec 30 18:21:52 myserver.mydomain.private krb5kdc[79](info): TGS_REQ (7 etypes {18 17 16 23 1 3 2}) fe80::216:cbff:fea5:f3ce: ISSUE: authtime 1199060508, etypes {rep=16 tkt=16 ses=16}, [email protected] for ldap/[email protected]
  == slapd.log ==
  Dec 30 18:21:48 myserver slapd[36]: <= bdbsubstringcandidates: (authAuthority) index_param failed (18)
  Dec 30 18:21:52 myserver slapd[36]: SASL [conn=20] Failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No principal in keytab matches desired name)
  == sudo klist -k ==
  Keytab name: FILE:/etc/krb5.keytab
  KVNO Principal
  3 afpserver/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4 D0DDB570D64ED88C5D06A78A34B7167C
  3 afpserver/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4 D0DDB570D64ED88C5D06A78A34B7167C
  3 afpserver/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4 D0DDB570D64ED88C5D06A78A34B7167C
  3 cifs/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4D0DDB 570D64ED88C5D06A78A34B7167C
  3 cifs/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4D0DDB 570D64ED88C5D06A78A34B7167C
  3 cifs/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4D0DDB 570D64ED88C5D06A78A34B7167C
  3 vnc/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4D0DDB5 70D64ED88C5D06A78A34B7167C
  3 vnc/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4D0DDB5 70D64ED88C5D06A78A34B7167C
  3 vnc/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4D0DDB5 70D64ED88C5D06A78A34B7167C
  3 cifs/[email protected]
  3 cifs/[email protected]
  3 cifs/[email protected]
  3 ldap/[email protected]
  3 ldap/[email protected]
  3 ldap/[email protected]
  3 xgrid/[email protected]
  3 xgrid/[email protected]
  3 xgrid/[email protected]
  3 vpn/[email protected]
  3 vpn/[email protected]
  3 vpn/[email protected]
  3 ipp/[email protected]
  3 ipp/[email protected]
  3 ipp/[email protected]
  3 xmpp/[email protected]
  3 xmpp/[email protected]
  3 xmpp/[email protected]
  3 XMPP/[email protected]
  3 XMPP/[email protected]
  3 XMPP/[email protected]
  3 host/[email protected]
  3 host/[email protected]
  3 host/[email protected]
  3 smtp/[email protected]
  3 smtp/[email protected]
  3 smtp/[email protected]
  3 nfs/[email protected]
  3 nfs/[email protected]
  3 nfs/[email protected]
  3 http/[email protected]
  3 http/[email protected]
  3 http/[email protected]
  3 HTTP/[email protected]
  3 HTTP/[email protected]
  3 HTTP/[email protected]
  3 pop/[email protected]
  3 pop/[email protected]
  3 pop/[email protected]
  3 imap/[email protected]
  3 imap/[email protected]
  3 imap/[email protected]
  3 ftp/[email protected]
  3 ftp/[email protected]
  3 ftp/[email protected]
  3 afpserver/[email protected]
  3 afpserver/[email protected]
  3 afpserver/[email protected]

• OS X Server and Open Directory

  I am trying to use a Mac Mini as an Open Directory domain, however it fails on the Open Directory Setup.
  The exact error from the log is a below:
      Server[308]: An error occurred while configuring webiken as a directory server:
            Error Domain=XSActionErrorDomain Code=78 "Server returned a non-zero status code" UserInfo=0x7fb826114140 {NSLocalizedDescription=Server returned a non-zero status code}
  Any ideas to what this may be?
  FYI: I think this is due to my network configuration.  I connect to the internet via Wifi and I have a switch for LAN traffic, but there's no way to give the switch internet access.  Is there anyway I can limit the LAN traffic to only use ethernet (en0) and internet traffic to only use WiFi?

  Hi,
  Not sure this will help, but OSX uses the top Interface for Internet...
  10.5.x/10.6.x/10.7.x instructions...
  System Preferences>Network, click on the little gear at the bottom next to the + & - icons, (unlock lock first if locked), choose Set Service Order.
  The interface that connects to the Internet should be dragged to the top of the list.

• Open directory in mavericks server.

  Setting up mavericks server - open directory displays error " server was successfully configured as a directory server but an error occurred" I have tried everything. Can anyone help ?

  Does the server show up in the Server list as (Master)?  If so, delete it, make absolutely sure your DNS set up and try again.
  Even though I hsve a fully qualified Domain name, SERVER.DOMAIN.COM and my reverse lookup set weith my ISP. if I do a lookup for the IP of my server it returns server.domain.com, found Open Directory was much happier if  I used the DNS server on the Server Itselfl
  In Server DNS created a Primary Zone for my doman, domain.com. Then a Machine A Record for server,domain.com. It automatically made a nameserer record of server.domain.com and the Reverse Zone and server mapping for reverse lookup. Then set it to perform lookups for this server only. Then set 127.0.0.1 as the First DNS server in System Network Settings before any ISP DNS Servers. Then for good measure also entered my ISPs DNS servers in as forwarding servers. Then setup Open Directory with the correct domain with no errors.

• Application launches fail after wake up from sleep when switching from one open directory to another

  I take my MacBook Pro back and forth from home to work.  Open Directory is set up at both locations running on Snow Leopard server.  These two locations are entirely separate domains and IP networks.  The only thing that is the same is my username and password, which is the same in both locations.
  If I put my machine to sleep in one location and move to the other location and wake it up, I can usually launch one application, then no other applications launch and the machine is pretty much frozen up except for mouse cursor movement.  Using command-shift-escape and relaunching the finder doesn't help.
  It is as if the launch daemon has been made inoperative.  Apps just sit and bounce.
  Should one be able to log in one one network with open directory. Close all applications, move to an entirely different network, and wake up from sleep and continue working?  The login/password is identical on both open directory setups.
  Both home and work are set up so the users can "travel" and the machines are not "bound" to the open directory server.
  I've started using the "other" login box to login in which I think keeps the machine more independent of open directory and that seems to work better for moving between networks.
  Any ideas and/or comment welcome.
  (my DNS seems fine in both environments.  running changeip gets "success" in both places)

  After reading another post that popped up under "More Like This" after I posted this I may have found at least a temporary fix.  Unplugging and reseating the MDP adapter in the MacPro didn't accomplish anything but unplugging/reseating the HDMI plug in the Viewsonic brought it back to life.
  I guess I can live with this but it would be nice knowing that there's a more permanent fix for this.

• 10.7.2: still can't replicate 10.6 Open Directory or restore from backup

  I am trying to migrate my Open Directory (OD) database from an Xserve running 10.6.8 to an iMac running 10.7.2 now. As before the update to 10.7.2, I am unable to make the Lion server an OD replica of the OD database running on Snow Leopard.
  This is what I do (please let me know, if anyting I do is wrong):
  On the Snow Leopard Server (SLS) in the Server Admin utility, I go to the Open Directory service, the "Archive" subsection, choose a target directory for "Archive In", and click on the Archive button. I am then asked to name my archived database and provide a password. Let's say, it is "OD Archive," the file generated will be "OD Archive.sparseimage".
  I copy this Sparseimage to the deskop of my Leopard Server (LS).
  I then open the same place in the Server Admin utility on the LS. In the "Restore from" section I browse to the LS desktop and "Choose" the saved Sparseimage. I click on "Restore," at which point I am asked for the password of the archived OD database. When I supply it, it appears that my OD archive is being imported.
  However, going into the Workgroup Manager on the LS, and logging in as diradmin, into /LDAPv3/127.0.0.1, shows no users from my SLS having been migrated. Why has this still not been fixed?
  Likewise, when I try to make the LS an Open Directory replica of the SLS, I again, even after this updated informed that my OD database admin credentials are incorrect, when they are not. I had surely expeced a fix for this by the time we reached 10.7.2.

  Historically you have not been able to mix versions between an Open Directory Master and Replica, that is both would either have to be Snow Leopard, or both would have to be Lion.
  I have not tried upgrading to Lion this way (I am currently leaving my servers on Snow Leopard) but I can suggest the following based on experiences with Snow Leopard Servers.
  As you already appear to have done, in Snow Leopard Server make an Archive of your Open Directory setup
  Make sure you also have a backup of the entire Snow Leopard Server so you can go back to it if you can't successfully move to Lion
  Setup the hostname, IP address and DNS records (which might mean setting up a DNS server) for the new Lion Server
  Check this using the command line
  sudo changeip -checkhostname
  Make the new Lion Server in to a new empty Open Directory Master
  Test this new Open Directory Master by creating a test user and then deleting afterwards
  Now move on to the restoring of the Open Directory Archive, when I did this last time, I found that I was given two choices, either to completely replace the Open Directory with the one from the Archive, or to merge the two together. I found that trying to replace failed and resulted in an empty Open Directory like you report, I found that chosing merge did work successfully
  If the above still does not work, then you might have to consider the following alternative approach.
  On the Snow Leopard Server in Workgroup Manager export all the user accounts except the Admin and DirAdmin accounts
  Optionally export all the Groups
  Optionally export all the Computer Groups
  Setup the new Lion Server
  Create a new empty Open Directory
  Import the files exported from Workgroup Manager
  This will not keep the original passwords. You will have to set a password for each account.

• Creating Open Directory Replica fails with Server Admin Error Value 1127

  Hallo,
  I have seen a lot of similar threads here and they were helpful up to a certain point, but in the end, they did not solve my problem.
  Currently, it comes down to this. The Server Admin Error message ist really meaningless and I could not find a single for the error value on the whole wide web. As such, I switched to the command line versions of the tools involved to geht more meaningful results. It worked. Specifically, creating a replica of an openldap master means using slapconfig.
  When executing
  slapconfig -createreplica master.ourdomain.com diradmin
  as root on the prospective replica machine, I get the following error message:
  ssh command failed with status 127
  That command is not allowed with the root account via public key authentication.
  That makes perfect sense to me, but how is it meant to work then?
  Executing slapconfig as admin tells me that this tool is to be executed as root. On the other hand, root login via ssh is not allowed in Mac OS X by default, which seems fine to me. I even changed /etc/sshd_config on the Open Directory Master machine to "PermitRootLogin yes". However, neither reloading ssh using launchctl nor restarting the whole server made this setting operational. Trying to login from command line as root still tells me:
  root login is not permitted to this machine via public key authentication.
  While this is the current state where I need help urgently, I changed some other things before. I tell about to exclude these issues as possible reason of failure. I got this message for quite a while:
  Replica Setup failed : This machine does not have a valid computer name
  I was sure, this machine meant the target machine, the open directory master, because the domain had changed there once before I had taken over responsibility as an admin in this environment. And in fact, changeip disguised an issue there. The command proposed by changeip to fix the situation did not seem appropriate because this machine is multihomed with a public and a private IP adress. Proper name resolution is available for both interfaces including reverse lookup. I dont like this setup, but it was the only way to get mail service running smoothly. Running changeip on the machine itself using these arguments
  changeip /LDAPv3/127.0.0.1 internalIP internalIP old.ours.com current.ours.com
  reported success in updating password server, open directory, both interfaces, hostconfig (which in fact did not change) and samba. It reported an issue with kadmin which is related to Kerberos (we dont use Kerberos yet).
  Changing the hostname of the server using changeip did not solve the issue. I then found the hint to check with scutil. This showed that the Hostname was not set on the prospective replica machine. (A question aside: in how many place is the hostname stored? The traditional /etc/hostname has gone, but seems to be replaces with several other configuration files and databases. I cant see this as an advantage). Setting the hostname using scutil worked fine. However, it did not solve the problem either. At least, slapconfig now started to complain about not being able to log in as root instead of failing from the start.
  I also checked all log files on bboth machines that might have to do with openldap, as there are /var/log/slapd.log, /var/log/system.log and /Library/Log/slapconfig.log. I also checked the log of th layer on top of openldap which is /Library/Log/DirectoryService.server.log. None of them revealed anything noticeable beside a lot of of entries that I have googled in the last few hours and which all dont seem to be associated with the problem in question.
  I will take a break now, but I have to fix this until tomorrow and I hope to get the ultimate hint from you, dear reader.
  Thanks and bye, Christian Völker

  ssh command failed with status 127
  That command is not allowed with the root account via public key authentication.
  Initial OD replication takes place via 'ssh'. If you have 'sshd' configured on the OD Master to authenticate with public keys then the OD replica will not be able to communicate with the OD Master via 'ssh'. You must configure the OD Master to use 'ssh' with password authentication and root login enabled.
  Demote the replica back to standalone. Stop any services that you may have running on the primary network interface. Then stop any services that you may have running on the secondary network interface. In the 'Network' System Prefpane remove the IP number from the secondary interface then deactivate the secondary network interface.
  Assign the private IP address and hostname that you wish to use for the replica to the primary network interface. Assign the 'public' IP number to the secondary interface. Check the DNS to see that the IP address and hostname for the primary network interface resolve both forward and reverse for the hostname of the replica that you have chosen. If it does not, fix your DNS before proceeding.
  In the 'Sharing' System Prefpane, change the name of the machine to the hostname (server.domain.tld) of the replica that you have chosen. Then use 'changeip -checkhostname' to see if the IP/hostname matches. Fix it if it doesn't.
  Then configure the /etc/sshd_config file on the OD master like this:
  \# Authentication:
  PermitRootLogin yes
  PasswordAuthentication yes
  PubkeyAuthentication no
  and the /etc/ssh_config file on the OD replica like this:
  PasswordAuthentication yes
  PubkeyAuthentication no
  Then from the OD replica as the 'root' user issue:
  slapconfig -createreplica <ODMasterIPorFQDN> <diradmin user>
  Make sure that the 'diradmin' user's password contains only alpha-numeric characters -no 'option-characters' or symbols, change it first if it does. Once the process completes, reactivate the secondary interface for the 'public' IP and check the configuration of services that will be using that IP, then start your other services. Secure the 'ssh' service on both machines to disable password authentication and 'root' logins.