Apple Event: May 7th at 7 am PT

Learn more

Add to your calendar 

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Trbl_Shooter
Trbl_Shooter Author
User level: Level 1
1 points

Unable to get OD running.

I've recently installed a new small office network for a friend and am having a difficult time getting the Open Directory service running.

Configuration:

10.6 Server on a Mac Pro
DHCP (Pro is acting as the main router. Static Gateway plugged into en0 and our switch is plugged into en1)
NAT
DNS (has single machine record with both the internal IP and static external IP)
Open Directory

Here is the issue. Whenever I go to set up a new standalone OD I get the expected "Kerberos will be unavailable" warnning, followed by the new Directory Administrator page, once I enter the credentials for the new administrator for the directory I get a message saying that there was an error and OD was unable to set up. Co I check the Configuration logs and this is what I get:

+2011-03-13 13:44:06 -0700 - command: /usr/sbin/mkpassdb -setcomputeraccount 0x4d7d2c966b8b45670000001c0000001c+
+2011-03-13 13:44:06 -0700 - Setting SASL realm to <OpenDirectory.J3HhbF>+
+2011-03-13 13:44:06 -0700 - command: /usr/sbin/mkpassdb -setrealm OpenDirectory.J3HhbF+
+2011-03-13 13:44:06 -0700 - Copied file from /etc/openldap/slapd.conf to /etc/openldap/slapd.conf.backup.+
+2011-03-13 13:44:08 -0700 - command: /usr/bin/net getlocalsid+
+2011-03-13 13:44:08 -0700 - Removed file at path /var/db/openldap/openldap-data/DB_CONFIG.+
+2011-03-13 13:44:08 -0700 - Starting LDAP server (slapd)+
+2011-03-13 13:44:28 -0700 - Error: The slapd process did not start.+
+2011-03-13 13:44:28 -0700 - Stopping LDAP server (slapd)+
+2011-03-13 13:44:28 -0700 - Removed file at path /var/run/slapconfig.lock.+
+2011-03-13 15:05:39 -0700 - slapconfig -createldapmasterandadmin+
+2011-03-13 15:05:39 -0700 - Creating password server slot+
+2011-03-13 15:05:39 -0700 - command: /usr/sbin/mkpassdb -a -u diradmin -p -q+
+2011-03-13 15:05:39 -0700 - command: /usr/sbin/mkpassdb -a -u root -p -q+
+2011-03-13 15:05:39 -0700 - command: /usr/sbin/mkpassdb -a -u macpro-e80688cf855e.local$ -p -q+
+2011-03-13 15:05:39 -0700 - command: /usr/sbin/mkpassdb -setcomputeraccount 0x4d7d3fb36b8b45670000001f0000001f+
+2011-03-13 15:05:39 -0700 - Setting SASL realm to <OpenDirectory.K6MYwW>+
+2011-03-13 15:05:39 -0700 - command: /usr/sbin/mkpassdb -setrealm OpenDirectory.K6MYwW+
+2011-03-13 15:05:39 -0700 - Copied file from /etc/openldap/slapd.conf to /etc/openldap/slapd.conf.backup.+
+2011-03-13 15:05:41 -0700 - command: /usr/bin/net getlocalsid+
+2011-03-13 15:05:41 -0700 - Removed file at path /var/db/openldap/openldap-data/DB_CONFIG.+
+2011-03-13 15:05:41 -0700 - Starting LDAP server (slapd)+
+2011-03-13 15:06:01 -0700 - Error: The slapd process did not start.+
+2011-03-13 15:06:01 -0700 - Stopping LDAP server (slapd)+
+2011-03-13 15:06:01 -0700 - Removed file at path /var/run/slapconfig.lock.+

Any suggestions would be greatly appreciated. I am beyond perplexed at this point as I have set up a Mac Mini server with OD and never encountered any issue.

Mac Pro, Mac OS X (10.6.6)

Posted on Mar 13, 2011 3:28 PM

Reply
Question marked as Best reply
User profile for user: Antonio Rocco
Antonio Rocco
User level: Level 6
12,284 points

Posted on Mar 13, 2011 3:59 PM

Hi

According to the log you're trying to create a Kerberos Realm called OpenDirectory.K6MYwW and in addition the Server's hostname appears to be macpro-e80688cf855e.local. Neither of these are what I would call 'normal'. Apart from the serious DNS issues you appear to have, using .local as the TLD will cause promotion to OD Master to fail every time. Even if you managed it you will have serious stability problems thereafter.

Before you go any further you have to make sure DNS is correctly configured otherwise none of this will ever work well if at all.

If you have an existing hardware device at your Network's edge use that for NAT instead of what's built-in. I'm advising this not because OSX Server is not capable of NAT - because it is - it's because it's far simpler to get things going initally. Once you have a stable server working as desired you can look at those options later on if you want to? If you want to persist with making the Server act as a Gateway then configure the external facing NIC first. At the same time make sure there are appropriate A and PTR Records created for the desired Server's hostname. This will be something either your ISP or yourself can do. The PTR is something only your ISP can do. Whatever hostname you decide at that time make sure you stick with it. If you decide to change your mind later on this could potentially cause serious instability issues for your server and more often than not involve a format and reinstall for the inexperienced and unwary. Don't connect the internal facing NIC until after you've got those steps right first. You'd probably want to run Split DNS thereafter.

Tony
View in context
2 replies
Question marked as Best reply
User profile for user: Antonio Rocco
Antonio Rocco
User level: Level 6
12,284 points

Mar 13, 2011 3:59 PM in response to Trbl_Shooter

Hi

According to the log you're trying to create a Kerberos Realm called OpenDirectory.K6MYwW and in addition the Server's hostname appears to be macpro-e80688cf855e.local. Neither of these are what I would call 'normal'. Apart from the serious DNS issues you appear to have, using .local as the TLD will cause promotion to OD Master to fail every time. Even if you managed it you will have serious stability problems thereafter.

Before you go any further you have to make sure DNS is correctly configured otherwise none of this will ever work well if at all.

If you have an existing hardware device at your Network's edge use that for NAT instead of what's built-in. I'm advising this not because OSX Server is not capable of NAT - because it is - it's because it's far simpler to get things going initally. Once you have a stable server working as desired you can look at those options later on if you want to? If you want to persist with making the Server act as a Gateway then configure the external facing NIC first. At the same time make sure there are appropriate A and PTR Records created for the desired Server's hostname. This will be something either your ISP or yourself can do. The PTR is something only your ISP can do. Whatever hostname you decide at that time make sure you stick with it. If you decide to change your mind later on this could potentially cause serious instability issues for your server and more often than not involve a format and reinstall for the inexperienced and unwary. Don't connect the internal facing NIC until after you've got those steps right first. You'd probably want to run Split DNS thereafter.

Tony
Reply

Unable to get OD running.

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up