Sitemap

Amicuk Programming Answers

Unable to authenticate with diradmin in Workgroup Manager

2015-10-11   Views:1

Advertisement

This has happened before, and I have no idea how it got fixed - too many independent variables... Anyway, I cannot authenticate the OD with diradmin even while using Workgroup Manager directly on the server. The setup: SLS 10.6.8 Split-brained DNS   

This has happened before, and I have no idea how it got fixed - too many independent variables...
Anyway, I cannot authenticate the OD with diradmin even while using Workgroup Manager directly on the server.
The setup:
SLS 10.6.8
Split-brained DNS
     Both public and private FQDNs are the same (myserver.mydomain.com). External DNS maps machine record to my static public IP address. Using an AirPort Extreme router, port fowarding services that I want open to the server. The router provides DHCP via NAT to the local network, with a fixed private IP assigned to the server. The server is running DNS with the same zones, machine records, services and aliases that the public IP DNS has, except mapped to the fixed private IP. DNS checks out with changeip, etc.
     The server is an OD master. Yesterday I exported it, demoted it, and restored it. All services (mail, web, etc.) seem to work fine (although I admit to not using Kerberos on AFP due to another issue).
     I have a wildcard certificate that is generated by GoDaddy (*.<mydomain>.com) which seems to work fine with the hosted websites.
This is what the password service error log says when I try to log in with diradmin in Workgroup Manager:
Jan 10 2012 14:01:32    AUTH2: {0x4bbe71ca6b8b45670000000200000002, diradmin} DHX authentication succeeded.
Jan 10 2012 14:01:32    KERBEROS-LOGIN-CHECK: user {0x4bbe71ca6b8b45670000000200000002, diradmin} is in good standing.
Jan 10 2012 14:01:32    KERBEROS-LOGIN-CHECK: user {0x4bbe71ca6b8b45670000000200000002, diradmin} authentication succeeded.
Looks good to me. But I still get the "Information Not Valid for This Server" followed by stuff about invalid login ID or password.
I did notice in the LDAP log:
Jan 10 14:13:12 <myserver> slapd[52283]: SASL [conn=18] Failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Key table entry not found)
And at the last bootup in the directory service error log:
2012-01-10 08:52:03 EST - T[0x00007FFF7027ACC0] - DNSServiceProcessResult returned -65563
The other thing I notice when I log into the library in Workgroup Manager FROM THE SERVER, even if I use the FQDN <myserver>.<mydomain>.com that Workgroup Manager says (in the title bar of the window) <myserver>.local.
I have googled the various errors and messages, and I get folks with all sorts of variations ("change the binding options", etc.) none of which either applied or worked.
Help?

The replay answer
Advertisement
Continuing on my quest... I found this Technical note from Apple about re-kerberizing:
http://support.apple.com/kb/HT3655
Interestingly, in step 3 where it says to remove realm information from kdc.conf, there wasn't any of my realm information. Argh!
So I completed all of the steps and executed the slapconfig command. This resulted in:
bash-3.2# slapconfig -kerberize -f --allow_local_realm diradmin <MYREALM>
diradmin's Password:
Could not resolve hostname <MYDOMAIN>
Skipping Kerberos configuration
Sounds like a dreaded DNS problem. It had been working correctly, but changeip -checkhostname confirmed a problem. Turns out that there were EXTERNAL DNS servers in the Network preferences in System Preferences as well as on the router. With my Split-brained DNS this caused problems (thank you again MrHoffman). So I changed them both to my DNS server INTERNAL IP address and added the external ones to the Forwarder IP Address in DNS. Now checkhostname -changeip returns a favorable result.
So after rebooting ran the slapconfig command again and got the same result. Argh. Cleared DNS caches. Still nothing.
So I tried nslookup.
nslookup <mydomain>
Server:                    10.0.8.2
Address:          10.0.8.2#53
** server can't find <mydomain>: SERVFAIL
Where 10.0.8.2 is the fixed INTERNAL IP address.
However, nslookup on using the fixed IP address yields:
bash-3.2# nslookup 10.0.8.2
Server:                    10.0.8.2
Address:          10.0.8.2#53
2.8.0.10.in-addr.arpa          name = <mydomain>.
Scratching head here... changeip -checkhostname works, nslookup on the IP address works, but nslookup on the host name fails.

Go to See the other 5 answers

Unable to authenticate with diradmin in Workgroup Manager

Category:DefaultRelease time:2015-10-11Views:130

This has happened before, and I have no idea how it got fixed - too many independent variables... Anyway, I cannot authenticate the OD with diradmin even while using Workgroup Manager directly on the server. The setup: SLS 10.6.8 Split-brained DNS   [More]

Unable to enable disk quotas in workgroup manager, X.4.8 server

Category:DefaultRelease time:-0001-11-30Views:130

I am trying to enable disk quotas in workgroup manager for our open directory users with mobile accounts. I select "sharing" ---> all ---> drive that home directories are stored on ---> select "Enable disk quotas on this volume.&qu[More]

Unable to authenticate as diradmin in WGM

Category:DefaultRelease time:-0001-11-30Views:130

Just installed the security Update 2011-002 for OS 10.6.7 Server. After the reboot I was able to login as diradmin into WGM but all settings were grayed out. I could not authenticate to /LDAPv3/127.0.0.1 any longer, using the lock in the top right co[More]

Open Directory - Unable to login Workgroup Manager

Category:DefaultRelease time:2015-10-11Views:130

I am unable to login to Workgroup Manager with my diradmin account. I know the password is correct. This is on Mac OS X Lion 10.7.2 Everything was working fine last night, but then it stopped functioning.  I am able to see all the users, but they are[More]

Workgroup Manager Won't Authenticate Anymore

Category:DefaultRelease time:-0001-11-30Views:130

I'm using 10.5.2 on both a client and a server and I'm seeing some weirdness with Workgroup Manager. Last week, I had no problem using workgroup manager on my machine to connect to the server. Today, WM is not allowing me (or any other admin accounts[More]

Authenticating Workgroup Manager to Active Directory.

Category:DefaultRelease time:2015-10-11Views:130

Dear all, I've searched the forums and Internet and tried various things that could help my situation but I'm still having issues. I am running 10.4.11 server 10.4.11 client machines. All machines and server are connected to Active Directory via the[More]

Can no longer change or Edit in Workgroup Manager

Category:DefaultRelease time:2015-10-11Views:130

I just moved and I was migrating my files to another computer and domain. No I can no longer authenticate to my workgroup manager to change anything. Here is what I did. Moved across the country Carbon Copied my 10.4 Server from my G5 tower to a G5 X[More]

Can't add in new users any more in Workgroup Manager

Category:DefaultRelease time:-0001-11-30Views:130

Hello all, You all might remember me from my other post about problems with the server - I gave up yesterday and reformatted the hard drive, reinstalled OSX and set everything up. All worked lovely and perfect. Put in a few users, worked fine. Could[More]

AD Users not showing up in Workgroup Manager

Category:DefaultRelease time:-0001-11-30Views:130

Hi, I'm configuring a new installation of 10.4 server on an Intel Xserve to integrate with an already existing AD domain and provide group policies to Mac users via OD. So far, the install has been so smooth, fast, and simple. The Xserve has been joi[More]

Workgroup Manager

Category:DefaultRelease time:-0001-11-30Views:130

When I create a new account in workgroup manager and type in a password for that user, it just resets the password to the diradmin's password. I have DNS configured and Kerberos is running. Is there anyway to fix this problem? And when I try to login[More]

Mobile users - unable to authenticate or log-in

Category:DefaultRelease time:-0001-11-30Views:130

I am having some difficulty in allowing mobile users to authenticate and log-in to thier notebooks when they are away from the network. Everything works great as long as they are attached. I think I have have configured the users correctly for mobile[More]

Hot
Hello all! i'm using Developer/2000 and trying to run a report in MS-Excel instead of run_product eg. host('C:\Program Files\Microsoft Office\OFFICE11\excel.exe'); This open excel but without the any records. What else do i need to add plz. Thnx in a [More]
Hi sdns, I want to read the zwostd info object data from zemployee master infoobject attribute list. For that i have selected  rule details of zwostd infoobject in transformation of info cube, then i am tring to select the read master data rule type. [More]
Any help is appreciatedNot technically, no, but around the beginning of when I got my tablet in July, an Assistive Touch type thing appeared, but I didn't download it. That was also in Japanese, but I couldn't figure out a way to delete it. However, [More]
Hi, I am using Oracle 10g Release 2 ... on Windows 2003 Standrad Edition.... Our application is running ... recently i got the error in my listener log file.... Checked listener status... What is the reason of this error? TNS-12518: TNS:listener coul [More]
I've shot some video on a Panaonic HDC-HS9, imported in original quality, edited it up, and want to export it in HD quality, for later use on DVD and YouTube HD. When I export it using the standard setting HD 1080x720 (in the export movie... option), [More]
My kik wont download at all ike there isnt even a download button what do i doHello ally1632, The following article provides troubleshooting steps that can help resolve most issues you may encounter with apps from the App Store. iOS: An app you insta [More]
Hi, Iu2019d like to exclude a table from time-based reduction. How can I do this ? Is there any manual how to do customizing in TDMS ? Regards p121848Thank you Markus for your annotation. AUFK is technically declared as an Master Data Table, but stor [More]
Hi i'm using the below code to copy a file and display the progress on screen. However the file copies ok by the progressbar is never shown. Can somebody please show me how to use the JProgressBar Component to copy a file and show the progress? Thank [More]
Hi , I am working on BPM project with many user task. When I deploy the project and after going to administration page of any of deployed Human Workflow ( I can the uri and other parameters relating to human workflow ) , I noted that the "HTTPS Port& [More]
I have developed a small app and have been trying to log in to itunesconnect with my Apple developer's account and password. I used to be able to do this fine before, but now it does not let me submit the app from XCode and it does not let me log in [More]