Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >
Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >
Looks like no one’s replied in a while. To start the conversation again, simply
ask a new question.
We have a Mac Mini running OS/X Server 10.6 that's mainly used as a WikiServer, and its the sole OS/X server in a predominately Windows environment. The users authenticate through Active Directory to login to the WikiServer.
We now want it to work as a Jabber Chat Server that will serve both Window Clients and iChat Clients
A few months ago I didn't have any issues logging in through iChat, but I had all kinds of issues with Windows Clients and only one client seemed to work. It never seemed like it was working quite right. The Wiki server worked just fine though, and that's all we cared about at the time.
Now nothing I tested is connecting to iChat, and I have no idea when/how it broke completely. The Server log is filled with these messages that are similar to the login problems other people are having, but I'm not sure how it relates to the active directory setup I have. I don't see anything wrong with the DNS functionality, but I'm posting the results of the commonly asked for diagnostics anyways.
Here are the results of the commonly asked dns related diagnostics
wikiserver:~ jmecham$ sudo changeip -checkhostname
Primary address = 192.168.4.2
Current HostName = wikiserver.amgmicro.local
DNS HostName = wikiserver.amgmicro.local
The names match. There is nothing to change.
dirserv:success = "success"
A few months back I did disable CRAM-MD5 authentication, but somehow it got turned back on.
So I disabled it again, and now I can connect via iChat, Spark, Pandion 2.5 (but, not the latest version of 2.6).
I think I'm far from having a TRULY working system for the following reasons
1.) It thinks the Kerberbos realm is WIKISERVER.AMGMICRO.LOCAL, but the domain is AMGMICRO.LOCAL ? What should the realm be?
2.) In the iChat Host its configured as WIKISERVER.AMGMICRO.LOCAL and so people have to login with their username@wikiserver.amgmicro.local and not their email address.
3.) I had to add users from Active Directory into my Open Directory to get them to connect via ichat, but for the wikiserver I didn't have to. I think this is normal, but it does concern me. Maybe if I fixed #2 this wouldn't be necessary? I guess I'm a little confused on this one.
4.) Every attempt to use Kerberos for authentication has failed. Not sure if that can work without #1 being right.
In an effort to solve this problem I'm trying to get the so called magic triangle setup, but this effort is hindered by the quality of the documentation.
I'm using the Open
Directory_Adminv10.6.pdf as a guide
One Page 103 it says "Make sure you your active directory server and its DNA service is properly configured and running."
DNA service? umm, they mean DNS right?
So instead of a step by step guide they just have me refer to specific sections.
In step 7 it has me Kerberize services which refers to Page 207
On page 207 is says to do "sudo disconfigad -enablesso"
But, there is no disconfigad
I'm sure they meant dsconfigad
I still don't see anything about how it get iChat running in a magic triangle setup with Kerberos
Kerberos is so so so touchy.
Is there a dying necessity for using it to authenticate for ichat? If not, turn your cram-md 5 back on on your server (or under the ichat admin on the server, set the login type to "any" if that's ok with your IT) and turn the 'use kerkeros' option off in the client side ichat preferences.
That's what we had to do, anyhow, to get ours to work...:/
YMMV.
The internal domain is amgmicro.local, and the domain controller is Windows 2003
Basically it was like this before I disabled Kerberos on the OS/X Server
Active Directory domain = amgmicro.local
Active Directory Kerberos Realm = AMGMICRO.LOCAL
Open Directory Server Master = wikiserver.amgmicro.local
Open Directory Kerberos Realm = WIKISERVER.AMGMICRO.LOCAL
According to the Open Directory Admin pdf that wasn't a good way of having it. So I followed the magic triangle setup.
jinniferb wrote:
Kerberos is so so so touchy.
Is there a dying necessity for using it to authenticate for ichat? If not, turn your cram-md 5 back on on your server (or under the ichat admin on the server, set the login type to "any" if that's ok with your IT) and turn the 'use kerkeros' option off in the client side ichat preferences.
That's what we had to do, anyhow, to get ours to work...:/
YMMV.
There ins't a dying necessity for it, but in trying to get it to work I was hoping to spot other problems. I was also hoping to get it to a state where the next update doesn't kill it.
I'm also struggling in getting it to work with the newest version of Pandion. There was a known issue with it in a previous build version of 2.6, but supposedly its been fixed.
Right now I'm using Pandion 2.5 on Windows and iChat on OS/X.