Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

ERROR PasswordServer – NotFound

Connected to our OD Master server, Server Admin is reporting “Error PasswordService – NotFound” for the replica server in the Open Directory (settings) menu. I have confirmed that replication is still functional as well as authentication to the replica server. I am not quite sure what problems this might indicate, but I haven’t seen it effect anything. Nevertheless, I would like to get this error message cleared up.

On the replica server the Password Server Replication Log indicates “unable to reach 10.0.10.145” which is the OLD IP address that the OpenDirectory Master last had. I opened Workgroup Manager and used the inspector tab to look for the old IP address, just hoping to replace it with the master’s current IP address. However, I could not find it. I assume that this error message is what’s causing OpenDirectory to report “Error PasswordService – Not Found”.

Where might I find the old IP address that the Replica server is trying to connect to?

XServe, Mac OS X (10.4.10)

Posted on Sep 6, 2007 12:01 PM

Reply
9 replies

Sep 7, 2007 1:59 PM in response to OMC-IT

Hi

Master and Replica creation is logged in /Library/Logs/slapconfig.log. If you view both logs (on the Master and the Replica) you will see that pretty much everything is logged. By everything this would also mean the IP addresses of both the Master and Replica. The IP addresses of both the Master and Replica are written to the slapd_macosxserver.conf file. There should be a copy of this on the Replica also.

sudo cat /etc/openldap/slapd_macosxserver.conf

This should show the information you want. Its quite a large file. You can edit the file using nano.

nano /etc/openldap/slapd_macosxserver.conf

Or you can use a Text Editor and do it manually. Log in as root first and then select the Go Menu > Go to Folder and key in /etc, proceed from there.

Please note: Whenever you edit any of these files ALWAYS MAKE SURE you make a backup of the file/files first.

sudo cp /etc/openldap/slapd_macosxserver.conf /etc/openldap/slapd_macosxserver.conf.bk

Tony

Sep 7, 2007 2:57 PM in response to Antonio Rocco

After checking the slapd_macosserver.conf on both the master and replica, I can say that the correct IP's are listed. However, the replica's "applepasswordserver.replication.log" still reports "unable to reach 10.0.10.13". Here is an excerpt from the log file:

Sep 7 2007 16:49:17 Keberos database dump failed
Sep 7 2007 16:49:27 Unable to reach 10.0.10.13.
Sep 7 2007 16:49:27 Unable to reach 10.0.10.13.
Sep 7 2007 16:49:27 DoSync: the next replication will occur on 09/08/2007 at 12:00:00 AM
Sep 7 2007 16:49:32 updating replica list with on-disk changes
Sep 7 2007 16:50:22 Synchronizing with "Parent"
Sep 7 2007 16:50:22 Keberos database dump failed

This is repeated over and over again every minute.

Sep 8, 2007 12:32 AM in response to OMC-IT

is the password service running?

On the master in terminal run

ps auxw | grep PasswordService

If its not running thats an issue.

LDAP needs to have this running or else somethings will not work.
PasswordService
kadmind
krb5kdc
slapd
DirectoryService

If the service is you can run a log on the Directory service
sudo killall -USR1 DirectoryService
tail -f /Library/Logs/DirectoryService/DirectoryService.debug.log

Then check the logs for any errors or error #'s. Man DirectoryService will show what the #'s represent.

As always make sure DNS is running 100% correctly forward and reverse and the FQDN is not a .local. To check in terminal type Hostname.

Sep 8, 2007 2:03 AM in response to OMC-IT

Hi

Now I am confused? The OP lists 10.0.10.145 as the original IP and now it lists 10.0.10.13? What IP address does the OD Master and Replica have?

You could also try removing the Replica as essentially nothing will be lost as everything is a copy of what is on the Master. Once the Replica has been removed you can view the slapd.log and create the Replica again. Hopefully the error message will disappear. As ever make sure you have an effective and up-to-date backup.

Tony

Sep 10, 2007 6:08 AM in response to rkovelman

I'm not familiar with the first command you listed, but I typed it in terminal and several lines were returned on the master. One line includes my username, some values, and maybe a start time for the service. The other line shows the root with, some values, and start time. They both end "PasswordService -n". I'm not sure what it all means, but I'm assuming that the service is running based on what's reported.

I'm not sure how to tell if the other services you listed are running.

The master's system log reports the same DNS error every 30 minutes:
Date Time XServeG5 servermgrd: servermgr_dns: no name available via DNS for 10.0.10.141
Date Time XServeG5 servermgrd: servermgr_dns: no hostname set and unable to detect via DNS, services may not function properly - user changeip to repair

The replica reports the same DNS errors, but of course with its IP.

Will the changeip command do anything that can't be done through System Prefs Network? I don't understand what the log asks me to do with the changeip command. Sys Prefs shows the correct DNS server as well as backup DNS.

Finally, when I type "hostname" in terminal it reports back a .local name. This is true for the replica as well. Can the FQDN be changed independently of the local host name? System Preferences shows the local host name as a .local, and of course I can't remove the .local when I go to edit. Is there a different place to change the FQDN?

Sep 10, 2007 6:18 AM in response to Antonio Rocco

Sorry for the confusion Antonio. I made a typo in my first post and forgot to mention that.

The original IP of the master was 10.0.10.13. It is now 10.0.10.141. The replica's PasswordService Replication log indicates that it can't reach the old IP address of .13 when it should be trying to reach .141. I don't understand as the replica receives OD updates, so it's obviously connecting to the .141.

I thought about removing the replica, then re-adding it. I just didn't want to go through the hassle if it was not going to help. I may just do it for the time being to see what happens.

Look forward to hearing back. Thanks, guys.

Sep 10, 2007 6:58 AM in response to OMC-IT

You can hand-edit the file at /var/db/authserver/authserverreplicas and remove or change the old .13 address. It's a live file, so you'll need to take PasswordService offline to edit.

Get a root terminal and do:

1. nest -stoppasswordserver
2. make a backup copy of the replica file
3. edit the file, fix the .13 IPs, remove any key-value pairs with ReplicaStatus = NotFound.
4. nest -startpasswordserver

Sep 10, 2007 8:28 AM in response to Steven Simon

I opened up the "authserverreplicas" file on the master and found that the primary IP was listed as .13. Also, I found the key "replicastatus = notfound" and deleted it. I started the passwordserver back up and forced replication. I expected the "authserverreplicas" file on the replica to then mirror what was on the master, but it did not. I had to change the primary IP on the replica as well. Since making these changes, the Password Replication Log no longer reports the wrong IP. Also, Server Admin is reporting "ok" status for the replica.

I will continue to monitor the log and make sure it's free of errors.

Out of curiosity, any thoughts on the DNS errors I have?

Thanks guys.

Message was edited by: OMC-IT

ERROR PasswordServer – NotFound

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.