Go Back   MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Reply
 
Thread Tools Search this Thread Display Modes
Old Nov 27, 2012, 03:14 PM   #1
Truffy
macrumors 6502a
 
Truffy's Avatar
 
Join Date: May 2005
Location: somewhere outside your window...
OD network users cannot authenticate

I recently had a lot of errors on two ML servers acting as OD Master/Replica, so decided to reinstall from scratch. One is running OS X 10.8.2, the other 10.8. Both are vanilla installs (going so far as to recreate the RAID), and both have the latest version of server.app installed.

Network users cannot authenticate.

Running slapconfig -ver gives the following errors on both machines:
Code:
bubbles:~ administrator$ sudo slapconfig -ver
2012-11-27 20:17:31 +0000 command: /usr/libexec/slapd -T cat -c -f /etc/openldap/slapd.conf -s ou=macosxodconfig,cn=config,dc=test249,dc=home
2012-11-27 20:17:31 +0000 Error execing slapcat: 50b51fdb /etc/openldap/slapd_macosxserver.conf: line 303: unknown directive <TLSCertificatePassphrase> inside backend database definition.
          slapcat: bad configuration file!
LDAP Setup Tool (slapconfig), Apple, Inc.,  Version 1.2
Obviously ou=macosxodconfig,cn=config,dc=test249,dc=home is wrong, but I don't know where this setting is held to correct it to ou=macosxodconfig,cn=config,dc=server,dc=domain,dc=tld

Opening slapd_macosxserver.conf shows the last four lines to be:
Code:
TLSCertificateFile      /etc/certificates/server.mydomain.LONGHASH.cert.pem
TLSCACertificateFile    /etc/certificates/server.mydomain.LONGHASH.chain.pem
TLSCertificateKeyFile   /etc/certificates/server.mydomain.LONGHASH.key.pem
TLSCertificatePassphrase        "Mac OS X Server certificate management.LONGHASH"
I can 'fix' the second error by commenting out that last line. But that just results in a new and exciting error:
Code:
bubbles:~ administrator$ sudo slapconfig -ver
2012-11-27 20:43:00 +0000 command: /usr/libexec/slapd -T cat -c -f /etc/openldap/slapd.conf -s ou=macosxodconfig,cn=config,dc=test249,dc=home
2012-11-27 20:43:00 +0000 Error execing slapcat: slapcat: slap_init no backend for "ou=macosxodconfig,cn=config,dc=test249,dc=home"
LDAP Setup Tool (slapconfig), Apple, Inc.,  Version 1.2
Incidentally, all this is being run on the Master, but identical errors on the Replica.
__________________
Too much stuff
Not enough stuff
Truffy is offline   0 Reply With Quote
Old Nov 28, 2012, 09:27 PM   #2
motorboating
macrumors newbie
 
Join Date: Nov 2012
Before you go anywhere, is your DNS configured correctly on both boxes?

Code:
sudo changeip -checkhostname
90% of the time it's DNS with authentication problems.

However, you're showing errors in the LDAP configuration. If you absolutely want to change that yourself, at the command line, you're going to need to delve in to LDAP admin. You should hopefully also be able to change it in Server Admin, but you absolutely have to have DNS functioning fully before LDAP or it's just not gonna play ball.
motorboating is offline   0 Reply With Quote
Old Nov 29, 2012, 10:21 AM   #3
Truffy
Thread Starter
macrumors 6502a
 
Truffy's Avatar
 
Join Date: May 2005
Location: somewhere outside your window...
Quote:
Originally Posted by motorboating View Post
Before you go anywhere, is your DNS configured correctly on both boxes?

Code:
sudo changeip -checkhostname
90% of the time it's DNS with authentication problems.
I checked DNS before starting OD, but just to make sure I just double-checked and both hosts resolve correctly.
Quote:
Originally Posted by motorboating View Post
However, you're showing errors in the LDAP configuration. If you absolutely want to change that yourself, at the command line, you're going to need to delve in to LDAP admin. You should hopefully also be able to change it in Server Admin, but you absolutely have to have DNS functioning fully before LDAP or it's just not gonna play ball.
I only have server.app installed, and it seems to be pretty rudimentary in what can actually be configured. Unless I've missed something, server.app seems to be limited to switching OD on/off and creating a replica. Actual configuration seems to be hamstrung.

Which leaves me with the command line. Where should I start looking (I've already tried /etc/openldap/slapd.conf and /etc/openldap/slapd_macosxserver.conf)?
__________________
Too much stuff
Not enough stuff
Truffy is offline   0 Reply With Quote
Old Nov 29, 2012, 10:31 AM   #4
motorboating
macrumors newbie
 
Join Date: Nov 2012
Quote:
Originally Posted by Truffy View Post
I checked DNS before starting OD, but just to make sure I just double-checked and both hosts resolve correctly.
Rather than slow you down, it can help to just check DNS before every step. You never know when it might decide to screw itself up and cause you untold pain. It's a sadist on OS X Server.

Quote:
Originally Posted by Truffy View Post
I only have server.app installed, and it seems to be pretty rudimentary in what can actually be configured. Unless I've missed something, server.app seems to be limited to switching OD on/off and creating a replica. Actual configuration seems to be hamstrung.

Which leaves me with the command line. Where should I start looking (I've already tried /etc/openldap/slapd.conf and /etc/openldap/slapd_macosxserver.conf)?
LDAP configuration isn't held in flat files, you need to edit via the database connection using the relevant command line tools. Extract and create a backup of your config first!
motorboating is offline   0 Reply With Quote
Old Nov 29, 2012, 04:06 PM   #5
Truffy
Thread Starter
macrumors 6502a
 
Truffy's Avatar
 
Join Date: May 2005
Location: somewhere outside your window...
Quote:
Originally Posted by motorboating View Post
LDAP configuration isn't held in flat files, you need to edit via the database connection using the relevant command line tools. Extract and create a backup of your config first!
Thanks. Is there a primer on this, or a guide to the CLI tools that I should use (slapconfig?)?
__________________
Too much stuff
Not enough stuff
Truffy is offline   0 Reply With Quote
Old Nov 29, 2012, 07:53 PM   #6
motorboating
macrumors newbie
 
Join Date: Nov 2012
Quote:
Originally Posted by Truffy View Post
Thanks. Is there a primer on this, or a guide to the CLI tools that I should use (slapconfig?)?
There's no specific primers I know for OS X Server, but I haven't looked. I'd get a book, or at least a trial of Safari Books to get access to their LDAP admin books.
motorboating is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Network users can't login justin071894 Mac OS X Server, Xserve, and Networking 9 May 15, 2014 08:04 PM
Is it possible to authenticate domain users while off the network? dpinsent OS X Mavericks (10.9) 1 May 1, 2014 06:11 AM
Move Users folder to network drive Jexta OS X 10.8 Mountain Lion 0 Jan 31, 2013 10:07 PM
Multiple users accessing network drive NutFlush920 Mac OS X 10.7 Lion 0 Jun 24, 2012 12:03 AM
Best Network Drive for home users? hagi Buying Tips and Advice 2 Jun 23, 2012 12:52 PM

Forum Jump

All times are GMT -5. The time now is 11:40 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC