Skip navigation

Open directory doesn't work

5824 Views 35 Replies Latest reply: Jul 31, 2013 4:22 PM by slolifesux RSS
1 2 3 Previous Next
pts Calculating status...
Currently Being Moderated
Aug 18, 2012 1:20 PM

I want to use open directory on my university lab network.  The server (10.8) is not in the same room as the clients (also 10.8). Each computer (server and clients) have their own external FQDN's and associated IP addresses.  I turned on Open Directory using on my sever.  I then go to a client and do: system preferences>users and groups>login options>Network account server: Join>open directory utility. From there I do File>connect.  When I type in the FQDN of the server, along with an admin account name and password, I get the following message:


Can't connect to server


Directory Services may not be installed on the remote server, they may be turned off, or the URL may have been entered incorrectly


None of this is true, unless "Directory Services" means something other than Open Directory.  So what am I missing here?



Also, I notice that when, on the server, I select Open Directory in, the on-off slide icon slides on as it appears (as it if was off until I selected Open Directory).  This behavior doesn't happen with any other service on 


Any ideas? 

  • JaimeMagiera Level 2 Level 2 (285 points)
    Currently Being Moderated
    Aug 18, 2012 3:04 PM (in response to pts)

    Have you tried putting OpenDirectory into debug mode and looked at the logs to see what's happening? Have you tried making a query with ldapsearch or other such tool to see what results from a raw query of the server?

  • iToaster Level 3 Level 3 (560 points)
    Currently Being Moderated
    Aug 18, 2012 4:10 PM (in response to pts)

    What happens if you try joining the OD via ip

    Is it  an OD master


    Check the logs both server ande client side, see if they can give you any indication what's going on

  • redshift82r Level 2 Level 2 (325 points)
    Currently Being Moderated
    Aug 18, 2012 4:21 PM (in response to pts)

    pts, you need to set up your clients to connect via VPN. You can't do what you want any other way that I know of ( which doesn't mean that there isn't another way :) ).


    That way, open directory, DNS, etc will be just like they were connected locally and you're off and running.


    Good luck

  • iToaster Level 3 Level 3 (560 points)
    Currently Being Moderated
    Aug 19, 2012 3:49 PM (in response to pts)

    pts, looks like you've got bigger problems if your DNS is not working nothing else will work properly either


  • JaimeMagiera Level 2 Level 2 (285 points)
    Currently Being Moderated
    Aug 19, 2012 7:42 PM (in response to pts)

    How do you know it's not on? You've not demonstrated one way or the other. All you've demonstrated is that you think client machines can't connect to either service. You've not done any of the leg work to really know what's going on. I see all sorts of supositions based on cursory, external observations. I'm sorry if this sounds terse, but it's a bit disingenous to blame the tools before you even know the details of what is happening.

  • iToaster Level 3 Level 3 (560 points)
    Currently Being Moderated
    Aug 20, 2012 3:56 AM (in response to pts)

    Sorry pts but I agree with Jamie you can't expect osx server to have any control over anything outside of the LAN it's connected. To do that you would have to configure that yourself on whatever hardware is controlling your WAN access

    Your lack of understanding is not apples yours or anyone else's fault. You can't blame the tools for your lack of understanding


    Apples instructions are  I suppose "easy as pie" as long as you stay inside the box as soon as you step outside you have to have a certain level of understanding how things work

    I guess one mans pie is another's mans cardiac arrest


    This forum is user to user no official apple presence

    I would venture to say you need to explain clearly what your trying to do and what you have done

    No one here has the time to go all Sherlock Holmes on posts and try to deduce what you're  trying to achieve


    I suppose a certain level of expertise is also expected in the server and enterprise forums 'cause we've had it pretty much all to ourselfs for years. Now those pesky soho server types are muscling in, the times they are a changin. I know I'm guilty of thinking the other guy knows what he's talking about 'cause I sure don't

    So don't be to hard on us

  • JaimeMagiera Level 2 Level 2 (285 points)
    Currently Being Moderated
    Aug 20, 2012 8:47 AM (in response to pts)

    pts, I'm sorry but you are being disingenuous to blame the software before you even know what the problem is. Note that the promotional materials say "almost as easy to configure as a desktop machine...". That's the basic confirugation. There is no guarantee that there won't be other things that need to be done. If you expect foundational services such as DNS to just "work", you will be in for a surprise. There are a lot of things that can be different on a machine, and on a network, that affect a service. As someone administering a server, your full time job or not, you'll have to get into the habit of cracking open on a log and, on occasion, the Consider it an opportunity to get good at Mac OS X Server administration. Back to the trouble shooting: It should only take you a few seconds to look at the server log, or run the "host" command from the terminal. These basic things could tell you a lot. Yes, you might have to google, or ask here what those things mean, but that's all part of the learning process. Feel free to post the result of those endeavors.

  • Mark23 Level 3 Level 3 (975 points)
    Currently Being Moderated
    Aug 20, 2012 2:29 PM (in response to pts)

    If you just change 10.7 into 10.8 you'll get:

    All the documentation in one place

  • JaimeMagiera Level 2 Level 2 (285 points)
    Currently Being Moderated
    Aug 20, 2012 4:47 PM (in response to pts)

    No, you continue to misunderstand. It's easy to configure the service. The issue is that there are a myriad of factors beyond Apple's control in terms of all the things in between the machine providing the service and the client. Also, there are a myriad of ways a server and client can be configured that would change the setup. It has nothing to do with Apple wrongly promoting something. If you think that having to look at logs is somehow indicative of a bad system, you completely misunderstand how server administration works. Again, you haven't proved it isn't working. You've done absolutely *none* of the things necessary to verify what the issue is. Nothing. Zero. Zilch. Can you prove that the poster was correct that you can't provide DNS outside your network? I challenge that claim and have proof. Here is a lookup from a (university) network to my completely separate  personal business network running 10.8 Server. Works fine.


    amber:~ jaimelm$ host amber has address


    amber:~ jaimelm$ host

    Using domain server:





  has address


    Please refrain from framing this as an issue of things not working properly until you've actually done your homework.

1 2 3 Previous Next


More Like This

  • Retrieving data ...

Bookmarked By (0)


  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.