You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Gerben Wierda
Gerben Wierda Author
User level: Level 2
293 points

How do I remove authenticated Open Directory binding to itself?

In attempts to solve my file sharing issues I have at some point on macOS Mojave + Server, using Directory Utility, bound the Open Directory server to itself using Directory Utility (I was quite desperate). Now, with all the changes I made I was able to get the client machine use authenticated binding to the server machine and now SMB file sharing works. So far so good, but I cannot change the passwords of users anymore. When I try, I get the following error:


existing connection is not authenticated and the old password is not present: password change denied


DNS is ok. What I can find is that in the past one could 'rekerberize' the server but that information is old (Mavericks) so I don't want to try.


I was looking at removing the local authenticated binding on macOS Mojave Server. But in Directory Utility that is greyed out. And I do not dare to remove/recreate the LDAP server with Directory Utility on a production server yet (very scared).


Is there a way to remove the authenticated binding of the server computer to its own OD server?

Posted on Jan 12, 2020 4:27 AM

Reply
Question marked as Top-ranking reply
User profile for user: Gerben Wierda
Gerben Wierda Author
User level: Level 2
293 points

Posted on Jan 12, 2020 5:31 AM

While trying to get this done I accidentally found a way to do this:

  1. On the server, in Directory Utility, in Services/LDAPv3 I tried to add another copy of the local server (127.0.0.1). The same name was not accepted so I went manual, created it with the name localhost
  2. This was created, but then it turned out that it had overwritten the previous OD. All my users, everything was gone. Panic.
  3. I stopped OD in Server.app
  4. Ran "sudo slapconfig -destroyldapserver" in Terminal
  5. Ran "sudo slapconfig -restoredb 20200112-albus-odbackup.sparseimage" (I did make a backup before I went mucking about)


My OD is now up and running again, the users are back it took Server.app a while to sync with reality) and the authenticated binding between the server and itself is gone. /LDAPv3/127.0.0.1 only shows one computer, so I'll need to reauthenticate the client machine.

View in context

Similar questions

2 replies
Question marked as Top-ranking reply
User profile for user: Gerben Wierda
Gerben Wierda Author
User level: Level 2
293 points

Jan 12, 2020 5:31 AM in response to Gerben Wierda

While trying to get this done I accidentally found a way to do this:

  1. On the server, in Directory Utility, in Services/LDAPv3 I tried to add another copy of the local server (127.0.0.1). The same name was not accepted so I went manual, created it with the name localhost
  2. This was created, but then it turned out that it had overwritten the previous OD. All my users, everything was gone. Panic.
  3. I stopped OD in Server.app
  4. Ran "sudo slapconfig -destroyldapserver" in Terminal
  5. Ran "sudo slapconfig -restoredb 20200112-albus-odbackup.sparseimage" (I did make a backup before I went mucking about)


My OD is now up and running again, the users are back it took Server.app a while to sync with reality) and the authenticated binding between the server and itself is gone. /LDAPv3/127.0.0.1 only shows one computer, so I'll need to reauthenticate the client machine.

Reply

How do I remove authenticated Open Directory binding to itself?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up