-
All replies
-
Helpful answers
-
-
Jan 23, 2014 12:27 AM in response to Linc Davisby LeeElvin,Can you advise which logs you need, I have put the recent entries from the LDAP log below, the following two lines are added everytime a client tries to login
Jan 23 08:17:49 macserver.local slapd[2168]: => bdb_idl_delete_key: c_del id failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
Jan 23 08:17:49 macserver.local slapd[2168]: conn=3995 op=3: attribute "entryCSN" index delete failure
All of todays logs from LDAP are below, please advise any other logs you need.
Jan 23 07:40:48 macserver.local slapd[2168]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
Jan 23 07:40:48 macserver.local slapd[2168]: conn=3882 op=3: attribute "entryCSN" index delete failure
Jan 23 08:17:42 macserver.local slapd[2168]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
Jan 23 08:17:42 macserver.local slapd[2168]: conn=3969 op=3: attribute "entryCSN" index delete failure
Jan 23 08:17:47 macserver.local slapd[2168]: => bdb_idl_delete_key: c_del id failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
Jan 23 08:17:47 macserver.local slapd[2168]: conn=3977 op=3: attribute "entryCSN" index delete failure
Jan 23 08:17:47 macserver.local slapd[2168]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
Jan 23 08:17:47 macserver.local slapd[2168]: conn=3983 op=3: attribute "entryCSN" index delete failure
Jan 23 08:17:48 macserver.local slapd[2168]: => bdb_idl_delete_key: c_del id failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
Jan 23 08:17:48 macserver.local slapd[2168]: conn=3989 op=3: attribute "entryCSN" index delete failure
Jan 23 08:17:49 macserver.local slapd[2168]: => bdb_idl_delete_key: c_del id failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
Jan 23 08:17:49 macserver.local slapd[2168]: conn=3995 op=3: attribute "entryCSN" index delete failure
Jan 23 08:24:16 macserver.local slapd[2168]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
Jan 23 08:24:16 macserver.local slapd[2168]: conn=4009 op=3: attribute "entryCSN" index delete failure
Jan 23 08:24:17 macserver.local slapd[2168]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
Jan 23 08:24:17 macserver.local slapd[2168]: conn=4017 op=3: attribute "entryCSN" index delete failure
Jan 23 08:24:19 macserver.local slapd[2168]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
Jan 23 08:24:19 macserver.local slapd[2168]: conn=4023 op=3: attribute "entryCSN" index delete failure
Jan 23 08:24:20 macserver.local slapd[2168]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
Jan 23 08:24:20 macserver.local slapd[2168]: conn=4029 op=3: attribute "entryCSN" index delete failure
Jan 23 08:24:22 macserver.local slapd[2168]: => bdb_idl_insert_key: c_put id failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
Jan 23 08:24:22 macserver.local slapd[2168]: conn=4035 op=3: attribute "entryCSN" index add failure
Jan 23 08:24:26 macserver.local slapd[2168]: => bdb_idl_insert_key: c_put id failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
Jan 23 08:24:26 macserver.local slapd[2168]: conn=4041 op=3: attribute "entryCSN" index add failure
Jan 23 08:24:35 macserver.local slapd[2168]: => bdb_idl_insert_key: c_put id failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
Jan 23 08:24:35 macserver.local slapd[2168]: conn=4047 op=2: attribute "entryCSN" index add failure
Jan 23 08:24:39 macserver.local slapd[2168]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
Jan 23 08:24:39 macserver.local slapd[2168]: conn=4053 op=3: attribute "entryCSN" index delete failure
Jan 23 08:24:42 macserver.local slapd[2168]: => bdb_idl_insert_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
Jan 23 08:24:42 macserver.local slapd[2168]: conn=4059 op=2: attribute "entryCSN" index add failure
-
Jan 23, 2014 9:05 AM in response to LeeElvinby Linc Davis,I suggest you look at the messages written to the Open Directory Log on the server and also to the system log on both the server and the client when the connection fails.
-
Jan 27, 2014 12:21 AM in response to Linc Davisby LeeElvin,When trying to authenticate the following is added to system log on the server which shows an error that may mean something to you, from the list MACSERVER is the server name, j.abdy is the test user and bccscmac20 is the client machine.
Jan 27 08:13:10 macserver.local kdc[2142]: AS-REQ j.abdy@MACSERVER.LOCAL from 10.49.23.20:63853 for krbtgt/MACSERVER.LOCAL@MACSERVER.LOCAL
Jan 27 08:13:10 macserver.local kdc[2142]: AS-REQ j.abdy@MACSERVER.LOCAL from 10.49.23.20:63853 for krbtgt/MACSERVER.LOCAL@MACSERVER.LOCAL
Jan 27 08:13:10 macserver.local kdc[2142]: Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ
Jan 27 08:13:10 macserver.local kdc[2142]: AS-REQ j.abdy@MACSERVER.LOCAL from 10.49.23.20:55453 for krbtgt/MACSERVER.LOCAL@MACSERVER.LOCAL
Jan 27 08:13:10 --- last message repeated 1 time ---
Jan 27 08:13:10 macserver.local kdc[2142]: Client sent patypes: ENC-TS
Jan 27 08:13:10 macserver.local kdc[2142]: ENC-TS pre-authentication succeeded -- j.abdy@MACSERVER.LOCAL
Jan 27 08:13:10 macserver.local kdc[2142]: Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
Jan 27 08:13:10 macserver.local kdc[2142]: Requested flags: forwardable
Jan 27 08:13:11 macserver.local kdc[2142]: TGS-REQ j.abdy@MACSERVER.LOCAL from 10.49.23.20:65349 for host/bccscmac20.local@MACSERVER.LOCAL [canonicalize, forwardable]
Jan 27 08:13:11 macserver.local kdc[2142]: Searching referral for bccscmac20.local
Jan 27 08:13:11 macserver.local kdc[2142]: Server not found in database: krbtgt/LOCAL@MACSERVER.LOCAL: no such entry found in hdb
Jan 27 08:13:11 macserver.local kdc[2142]: Failed building TGS-REP to 10.49.23.20:65349
Jan 27 08:13:11 macserver.local kdc[2142]: TGS-REQ j.abdy@MACSERVER.LOCAL from 10.49.23.20:63443 for host/bccscmac20.local@MACSERVER.LOCAL [forwardable]
Jan 27 08:13:11 macserver.local kdc[2142]: Server not found in database: host/bccscmac20.local@MACSERVER.LOCAL: no such entry found in hdb
Jan 27 08:13:11 macserver.local kdc[2142]: Failed building TGS-REP to 10.49.23.20:63443
-
Jan 27, 2014 12:50 AM in response to Linc Davisby LeeElvin,On client system log for same time when user tried to log in
2014-01-27 08:16:14 +0000 SecurityAgent[122]: User info context values set for j.abdy
2014-01-27 08:16:14 +0000 opendirectoryd[22]: GSSAPI Error: Miscellaneous failure (see text (Server (krbtgt/49.16.11@MACSERVER.LOCAL) unknown (negative cache))
2014-01-27 08:16:14 +0000 authorizationhost[175]: Failed to authenticate user <j.abdy> (error: 9).
-
Jan 27, 2014 12:52 AM in response to Linc Davisby LeeElvin,In case this also helps you, latest entries from Open Directory Log
2014-01-22 11:43:08.009688 GMT - 1651.9482.9484.9486, Node: /LDAPv3/127.0.0.1, Module: search - failed to retrieve password for credential
2014-01-22 11:43:08.009954 GMT - 1651.9482.9484.9486 - Client: automount, UID: 0, EUID: 0, GID: 0, EGID: 0
2014-01-22 11:43:08.009954 GMT - 1651.9482.9484.9486, Node: /LDAPv3/127.0.0.1, Module: ldap - failed to retrieve password for credential
2014-01-22 11:43:08.197450 GMT - 1627.9496 - Client: Directory Utili, UID: 501, EUID: 501, GID: 20, EGID: 20
2014-01-22 11:43:08.197450 GMT - 1627.9496, Node: /LDAPv3/127.0.0.1 - failed to retrieve password for credential
2014-01-22 11:43:08.197762 GMT - 1627.9496 - Client: Directory Utili, UID: 501, EUID: 501, GID: 20, EGID: 20
2014-01-22 11:43:08.197762 GMT - 1627.9496, Node: /LDAPv3/127.0.0.1, Module: ldap - failed to retrieve password for credential
2014-01-22 11:43:08.200395 GMT - Unregistered node with name '/LDAPv3/127.0.0.1'
2014-01-22 11:44:38.741495 GMT - Registered subnode with name '/LDAPv3/127.0.0.1'
2014-01-22 11:44:39.978030 GMT - 1345.10075.10076 - Client: servermgrd, UID: 0, EUID: 0, GID: 0, EGID: 0
2014-01-22 11:44:39.978030 GMT - 1345.10075.10076, Module: ldap - failed to retrieve password for credential
2014-01-22 11:44:45.029489 GMT - 43.10101 - Client: opendirectoryd, UID: 0, EUID: 0, GID: 0, EGID: 0
2014-01-22 11:44:45.029489 GMT - 43.10101, Module: ldap - failed to retrieve password for credential
2014-01-22 11:44:55.030459 GMT - 43.10202 - Client: opendirectoryd, UID: 0, EUID: 0, GID: 0, EGID: 0
2014-01-22 11:44:55.030459 GMT - 43.10202, Module: ldap - failed to retrieve password for credential
2014-01-22 11:45:10.040924 GMT - 43.10229 - Client: opendirectoryd, UID: 0, EUID: 0, GID: 0, EGID: 0
2014-01-22 11:45:10.040924 GMT - 43.10229, Module: ldap - failed to retrieve password for credential
2014-01-22 11:45:30.041772 GMT - 43.10249 - Client: opendirectoryd, UID: 0, EUID: 0, GID: 0, EGID: 0
2014-01-22 11:45:30.041772 GMT - 43.10249, Module: ldap - failed to retrieve password for credential
2014-01-22 11:45:53.046906 GMT - 43.10331 - Client: opendirectoryd, UID: 0, EUID: 0, GID: 0, EGID: 0
2014-01-22 11:45:53.046906 GMT - 43.10331, Module: ldap - failed to retrieve password for credential
2014-01-22 11:45:58.055452 GMT - 43.10375 - Client: opendirectoryd, UID: 0, EUID: 0, GID: 0, EGID: 0
2014-01-22 11:45:58.055452 GMT - 43.10375, Module: ldap - failed to retrieve password for credential
2014-01-22 11:46:08.062984 GMT - 43.10387 - Client: opendirectoryd, UID: 0, EUID: 0, GID: 0, EGID: 0
2014-01-22 11:46:08.062984 GMT - 43.10387, Module: ldap - failed to retrieve password for credential
2014-01-22 11:46:23.092382 GMT - 43.10421 - Client: opendirectoryd, UID: 0, EUID: 0, GID: 0, EGID: 0
2014-01-22 11:46:23.092382 GMT - 43.10421, Module: ldap - failed to retrieve password for credential
2014-01-22 11:46:29.283736 GMT - 43.10432 - Client: opendirectoryd, UID: 0, EUID: 0, GID: 0, EGID: 0
2014-01-22 11:46:29.283736 GMT - 43.10432, Module: ldap - failed to retrieve password for credential
2014-01-22 11:46:31.446733 GMT - Module: AppleODClientLDAP - AppleODClientLDAP: notification fired: slapd shutdown for /LDAPv3/ldapi://%2Fvar%2Frun%2Fldapi
2014-01-22 11:46:31.446760 GMT - Module: AppleODClientLDAP - AppleODClientLDAP: notification fired: slapd shutdown for /LDAPv3/127.0.0.1
2014-01-22 11:46:33.461470 GMT - Unregistered node with name '/LDAPv3/127.0.0.1'
2014-01-22 11:49:01.190515 GMT - Module: AppleODClientLDAP - AppleODClientLDAP: notification fired: slapd shutdown for /LDAPv3/ldapi://%2Fvar%2Frun%2Fldapi
2014-01-22 11:49:12.900644 GMT - Module: AppleODClientLDAP - AppleODClientLDAP: notification fired: slapd shutdown for /LDAPv3/ldapi://%2Fvar%2Frun%2Fldapi
2014-01-22 11:49:12.900680 GMT - Module: AppleODClientLDAP - AppleODClientLDAP: notification fired: slapd shutdown for /LDAPv3/ldapi://%2Fvar%2Frun%2Fldapi
2014-01-22 11:49:20.037611 GMT - Registered subnode with name '/LDAPv3/127.0.0.1'
2014-01-22 11:54:07.129427 GMT - 2545.16493 - Client: smbd, UID: 0, EUID: 0, GID: 0, EGID: 0
2014-01-22 11:54:07.129427 GMT - 2545.16493, Module: SystemCache - Negative entry was not found after adding to cache
-
-
Jan 29, 2014 1:27 AM in response to Linc Davisby LeeElvin,I have discovered this is a DNS related issue. If I change the DNS on Mac Server and Mac Client to the Windows DNS server it all works but if I use the Mac DNS server I am unable to log in.
The Mac DNS server is setup to forward requests to the Windows DNS server if it cannot resolve an address so surely it shouldn't make a difference.
I have resolved the login issue by using a different DNS server but it doesn't explain why the Mac DNS server isn't functioning correctly.
-
-
Jan 29, 2014 8:06 AM in response to Linc Davisby LeeElvin,I have tried that and get a message showing the names match and nothing needs to change.
I have discovered that the Mac Server can use it's own DNS server the problem seems to be with the client.
When the client uses the Mac Server DNS it won't log in but when it uses the Windows Server DNS it does log in. The Mac client I am testing was a fresh install yesterday.
-
Jan 29, 2014 1:33 PM in response to LeeElvinby Linc Davis,You seem to be using a domain name in the "local" TLD. That won't work. Redo the setup and use the "private" TLD.
-
Feb 16, 2014 3:51 AM in response to LeeElvinby Cerf-Volant,My issue is identical to yours .
What do you mean by the Windows DNS Server ?
-
Feb 17, 2014 12:15 AM in response to Cerf-Volantby LeeElvin,The main network where I work is a Microsoft Windows client / server network run by Windows Server which runs it's own DNS.
When I was setting up the MacServer I wanted to setup the server to be self contained and not rely on the Windows network but for some reason the DNS on the Mac server doesn't work correctly with the mac, may be a configuration issue I don't know as I haven't had time to look into it further, I just know that changing the DNS settings on the network card resolved the issue.
If you are only running the Mac Server then this will not be an option, it is allowing me to get things working while I find the cause of the problem.