Weird Authentication Issues - Suddenly

Question

Level 1

35 points

Weird Authentication Issues - Suddenly

I've been running a SLS for over a year very nicely. A month or so ago I changed the FQDN and it's been running very happily and been very stable since then. It runs iCal, iChat, AFP shares and Mail. It's also the DNS and OD server for the network. I always access the server using either Server Admin or VNC from a client machine. It's a Mac Mini server.

I have only made a very small number of changes and one of them has delivered extremely screwy authentication behaviour.

Used the 10.6.8 supplemental update
Stored the Lion install app on a network share
Upgraded _clients_ only to LIon
Downloaded and began using the 10.7 server admin, and WGM app for the _clients_ only
Pointed a test Lion Server at the DNS and OD

One of those changes has caused the following set of issues:

I can _only_ log into VNC using a local (to the server) admin account
I can _only_ log into the server at the login pane using an OD _user_ account - admin accounts either local or OD will not authenticate
I can log in with Server Admin using any Admin account
I can't of course get into anything meaningful in the Console
I can only repair permissions on the boot drive, I can't repair permissions on the other internal drive and of the two external drives I can only repair permissions on 1 of them. I cannot un-mount those drives and I can't repair them. There are no shares active on those drives

What is working is everything else on the server!

This is NOT a DNS issue. The DNS has been and continues to operate faultlessly.

Any suggestions are most welcome. This is a real pain and I don't want to have to blow away the server and start again.

Posted on Jul 27, 2011 2:39 PM

Reply

Answer 1

Jul 27, 2011 3:03 PM in response to Pelorus1

Hi

Just my opinion but I would not have used a newer version of the Server's Administration Tools on an older Server. Now this may all be co-incidental but what you're describing does sound - pretty much - what I've seen others have experienced in the past when doing something similar. Apple do have a KB article which discusses Server Admin Tools compatibility:

http://support.apple.com/kb/HT1822

The article does say you can use 10.7 Tools on a 10.6 Server. However if you were to call Apple Enterprise Support (or take the ACSA Advanced Courses) they advise (and teach) not to do this as you may experience unexpected behaviour depending on what Services you have running. This usually means Open Directory and associated Services as well as Mail. If it was a simple File Server (and nothing else) you'd probably get away with it?

FWIW there are always DNS issues (even though you think there aren't) when changing the hostname on a mature OD Master. Especially if you've restored an archived LDAP Database (assuming you even managed this in 10.6?) after making the change.

Not sure where you can go with this apart from trying the last resort restart and hoping for the best? Perhaps someone may post soon and offer you something more hopeful?

Apologies I could not offer anything useful.

Tony

Reply

Answer 2

Pelorus1 Author

Level 1

35 points

Jul 27, 2011 6:23 PM in response to Antonio Rocco

G'day Tony,

thanks for the response. As far as the OD Master is concerned I blew it away when I changed the FQDN - it didn't want to play ball so I blew it away and started again from scratch - new users the lot. I didn't restore from an archive.

It's interesting that Apple are saying you can use the 10.7 tools in their KB article which I read very carefully before I did use it. There is no other option if you have Lion clients - the 10.6 tools are reportedly no compatible and get blown away in the upgrade.

I'm hanging out here for some suggestions!

Regards

P1

Reply