Workgroup Manager Problem (omnigroup)

Lance Westerhoff lance at mac.com
Wed Oct 3 09:54:42 PDT 2007 

Hello All-

Ok...that's odd...the problem "fixed itself" by this morning when I  
came in to work on it.  Last night when I went to bed it didn't  
work...this morning it did.  It looks like the gremlins (or a cronjob  
of some sort) were on my side this time.

-Lance

On Oct 2, 2007, at 11:40 PM, Lance Westerhoff wrote:

>
> Hello All-
>
> Sorry you you receive this twice...I haven't had any luck fixing  
> the problem and I am trying to widen my search radius!
>
> I'm have a problem with Workgroup Manager (LDAP) on OS X Server  
> (10.4) and I'm hoping for some insights.  I looked around the  
> archives and I saw others with similar problems, but answers to  
> those problems did not seem to address mine.
>
> Anyway within WM, I can successfully authenticate as diradmin (and  
> root and my admin account), but I can't add any more users.   
> Basically, I can connect to the server just fine in Workgroup  
> Manager, but the "New User" button is grayed out as is most of the  
> information for each account.  I'm not sure what could be going on  
> here as everything else with the Server tools (Server admin et al)  
> and Sharing seems to work fine and as expected.   After looking  
> around the following manual, I noticed that my problem was most  
> likely associated with Kerberos as noted on page 83:  http:// 
> images.apple.com/server/docs/Open_Directory_v10.4.pdf
>
> Since we just changed ISPs, it appears that the kerberos domain has  
> changed.  Therefore, after getting Open Directory "Kerberized",  
> everything should have worked...but unfortunately it did  
> not....even after a good ol' fashioned restart.  Below are the log  
> entries we get.
>
> The "Server not found in Kerberos database" in system.log is of  
> obvious concern.  It only happens once as repeated attempts to  
> authenticate only result in the "Required Policies not  
> supported...." error.  Since we only have one OS X Server box that  
> is itself both the DNS and the OpenDirectory server, I don't know  
> why this this "server not found in kerberos db" error would occur.   
> I'm new to kerberos, but this seems strange.  Is there a way to  
> rebuild this database based upon this new realm?  The forward/ 
> reverse lookup seems to work fine using both nslookup and dig (aka  
> the Network Utility), so I don't think to problem rests within our  
> DNS.
>
> In the ApplePasswordServer log, the AUTH2 line is successful while  
> the KERBEROS-LOGIN-CHECK line is not again suggesting a problem  
> with Kerberos...but Kerberos is running just fine (according to the  
> OpenDirectory overview)...
>
> /var/log/system.log:
> Oct  2 10:15:47 HOST DirectoryService[70]: GSSAPI Error:  
> Miscellaneous failure (Server not found in Kerberos database)
> ...
> Oct  2 10:17:28 mail DirectoryService[70]: DSLDAPv3PlugIn: Required  
> Policies not Supported: No ClearText, Man-In-The-Middle, Packet  
> Signing, Packet Encryption. LDAP Connection for Node 127.0.0.1 denied.
>
> /Library/Logs/PasswordService/ApplePasswordServer.Server.log
> Oct  2 2007 10:17:13    RSAVALIDATE: success.
> Oct  2 2007 10:17:13    AUTH2: {0x469b8ee7034e9ad00000000200000002,  
> root} DHX authentication succeeded.
> Oct  2 2007 10:17:28    KERBEROS-LOGIN-CHECK: user  
> {0x469b8ee7034e9ad00000000200000002, root} authentication failed.
> Oct  2 2007 10:17:28    QUIT: {no user} disconnected.
>
> Thank you for any insights!
>
> -Lance
> ____________________
> Lance M. Westerhoff, Ph.D.
> General Manager
> QuantumBio Inc.
>
> WWW:    http://www.quantumbioinc.com
> Email:    lance at quantumbioinc.com
>
> Phone:   814-235-6908
> Fax:        814-235-6909
>
>
> _______________________________________________
> MacOSX-admin mailing list
> MacOSX-admin at omnigroup.com
> http://www.omnigroup.com/mailman/listinfo/macosx-admin

More information about the MacOSX-admin mailing list