5 Replies Latest reply: Mar 10, 2011 12:07 PM by ClassicII
evets90 Level 1 Level 1 (0 points)
I set up my secondary Xserve as an Open Directory replica of my first Xserve, which is an Open Directory Master, now what I thought that meant was if the first server went down, the second one would pick up the slack and handle user logins and LDAP stuff until the first one came back online, but it seems that that doesn't happen with my setup.

*EDIT: I saw this:*
*http://discussions.apple.com/thread.jspa?threadID=2643462&tstart=0*
*And I noticed I didn't have my clients configured to point to the replica (they only point to the master) and supposedly the way OD works is you go replica first, and then fail over to master if the replica is down. Is this what my problem is?*

I checked out the situation and there are a few issues:

The primary OD Master server isn't Kerberized (says it's stopped), and I can't Kerberize it because when I hit "Kerberize..." and enter a login/password to kerberize it, it just loops that login prompt indefinitely and never gets past that, regardless of what account I enter (admin/root).

My LDAP database is sorta a hack-job of an LDAP from my old G5 Xserve which had a different DNS name (old one was scanvideoserver.website.com, current one is coffee.website.com), and I sorta had to hack the old LDAP to get it to work with the new one. I was wondering if that could be a root cause.

...or would DNS settings mess up the ability for a OD Replica to function?

Any help appreciated.

Intel Xserve 2011, Mac OS X (10.6.6)
  • 1. Re: Open Directory Replica not doing its job
    Camelot Level 8 Level 8 (45,790 points)
    And I noticed I didn't have my clients configured to point to the replica (they only point to the master) and supposedly the way OD works is you go replica first, and then fail over to master if the replica is down. Is this what my problem is?


    Yes. That is your problem. OD fails UP from replicas to masters if the replica goes away.

    If the master goes away any clients bound to it will fail to authenticate (there is no fail DOWN to replica servers).
  • 2. Re: Open Directory Replica not doing its job
    evets90 Level 1 Level 1 (0 points)
    Thanks a lot! I changed my clients to point to the replica and we'll see what happens.
  • 3. Re: Open Directory Replica not doing its job
    ClassicII Level 3 Level 3 (830 points)
    Wow...

    I was looking at the same thing this weekend. I was trying to test our OD Replica.

    To review clients should point to the replica???

    If the replica goes down the mast will take over and you will be able to log in and continue to work ?

    I always just figured that the replica was a stand by and would take over if for some reason the master went down.
  • 4. Re: Open Directory Replica not doing its job
    Douggo Level 4 Level 4 (2,740 points)
    I always just figured that the replica was a stand by and would take over if for some reason the master went down.


    I was just reading the OD documentation earlier this week pertaining to replication and what leapt out at me was that the purpose of the replicas is to distribute authentication requests to the replicas thus removing the load from the master for those requests. The master is there as the backup - not as the primary authentication server. Then if one looks at replicas being the source for other replicas downline, one can set up a rather redundant authentication load chain if one of the servers goes down.

    So, yes, clients should point to the replica(s).

    -Doug
  • 5. Re: Open Directory Replica not doing its job
    ClassicII Level 3 Level 3 (830 points)
    I found this in Apples own documentation.

    "Computers with v10.4 or v10.5 of Mac OS X or Mac OS X Server maintain a list of Open Directory replicas. If one of these computers can’t contact the Open Directory master for directory and authentication services, the computer connects to the nearest replica of the master."

    This is how I thought it worked.