Previous 1 2 3 Next 35 Replies Latest reply: Jul 31, 2013 4:22 PM by slolifesux
pts Level 1 Level 1 (0 points)

I want to use open directory on my university lab network.  The server (10.8) is not in the same room as the clients (also 10.8). Each computer (server and clients) have their own external FQDN's and associated IP addresses.  I turned on Open Directory using on my sever.  I then go to a client and do: system preferences>users and groups>login options>Network account server: Join>open directory utility. From there I do File>connect.  When I type in the FQDN of the server, along with an admin account name and password, I get the following message:


Can't connect to server


Directory Services may not be installed on the remote server, they may be turned off, or the URL may have been entered incorrectly


None of this is true, unless "Directory Services" means something other than Open Directory.  So what am I missing here?



Also, I notice that when, on the server, I select Open Directory in, the on-off slide icon slides on as it appears (as it if was off until I selected Open Directory).  This behavior doesn't happen with any other service on 


Any ideas? 

  • pts Level 1 Level 1 (0 points)

    I should add that all the machines (server and clients) can log in to each other, via vnc, afp, ssh, etc., and they don't have trouble locating websites on the internet, etc.  So it isn't that the machines can't somehow see each other.  The server Open Directory just isn't responding to clients, even though claims Open Directory is running.

  • JaimeMagiera Level 2 Level 2 (305 points)

    Have you tried putting OpenDirectory into debug mode and looked at the logs to see what's happening? Have you tried making a query with ldapsearch or other such tool to see what results from a raw query of the server?

  • iToaster Level 3 Level 3 (735 points)

    What happens if you try joining the OD via ip

    Is it  an OD master


    Check the logs both server ande client side, see if they can give you any indication what's going on

  • redshift82r Level 2 Level 2 (325 points)

    pts, you need to set up your clients to connect via VPN. You can't do what you want any other way that I know of ( which doesn't mean that there isn't another way :) ).


    That way, open directory, DNS, etc will be just like they were connected locally and you're off and running.


    Good luck

  • iToaster Level 3 Level 3 (735 points)

    pts, looks like you've got bigger problems if your DNS is not working nothing else will work properly either


  • pts Level 1 Level 1 (0 points)

    Yes, but none of this is clear in the documentation. Actually, I don't see ANY documentation for ML server, only Lion Server.  Perhaps you know of something I don't about this?


    Regarding DNS specifically not working in my case, It's awfully annoying that the is so buggy with respect to this. A really useful program wouldn't say DNS was "on" unless it really was on.


    Any specific thoughts about what might be going on, such that says DNS is on, but it doesn't respond to any requests for DNS from outside?


    Thanks for any suggestions you might have.

  • JaimeMagiera Level 2 Level 2 (305 points)

    How do you know it's not on? You've not demonstrated one way or the other. All you've demonstrated is that you think client machines can't connect to either service. You've not done any of the leg work to really know what's going on. I see all sorts of supositions based on cursory, external observations. I'm sorry if this sounds terse, but it's a bit disingenous to blame the tools before you even know the details of what is happening.

  • pts Level 1 Level 1 (0 points)

    Well, of course, I don't know its not on. That's why I'm here asking questions.  What I do know is that it isn't working as the limited documentation I can find (much of it not from apple) suggests it should.  Sorry if I sound terse myself, but if Apple is going to release software that is supposed to make it easy to set things like this up, and make advertising claims like:


    "OS X Server is perfect for a studio, business, hobbyist, or school. It’s so easy to set up, who needs an IT department?"




    "Configuring OS X Server is almost as easy as configuring a desktop computer. Simply launch the Server app. An assistant walks you through the initial setup and helps verify network settings and define your administrator account. Next add users and groups and enable the network services you want to deliver to your organization." .pdf


    ...then they are going to have to expect frustrations like mine.


    Now, back to my problem (assuming you've made it this far): says DNS is on. I've posted various things about what the configuration page on says (not on this post, but my other one specifically about trying to get DNS to work).  However, when I set an outside machine (not behind my server's firewall) to use my server (the one that says DNS is running on) for DNS, it hangs and doesn't "work".  I'm sure something may be working, but it isn't working as Apple's advertisements (and itself) suggests.  So it isn't "disingenious" for me to blame the tools.  It literally says its on. It also isn't responding to clients, and there is nothing in the setup that would lead a reasonable person to expect that it shouldn't.  Better documentation from Apple would help. Did you say you knew where that might be?  I see this: but that is for 10.7, not 10.8. This is part of my frustration.


    My guess is that OS X Server is not configured to allow outside (not behind the server's own firewall) queries about DNS.  This, I'm sorry to say to all you much-more-IT-savy people than I, is not at all obvious to someone like myself, hence my questions here to you all.  If there is some configuration file I need to edit, outside of, by all means, tell me about it.


    Finally, regarding your comment to check the logs, I will certainly do this when I get time (this isn't what I get paid to do, so I'm working on this while I can). However, I fully expect that I won't know what I'm looking at, or how to interpret it.  This is why I've been trying to get some intuitive understanding of what is likely going on first, because staring at log messages tends to be unproductive if you don't really know what you are looking for.


    In any case, I do appreciate those who have tried to give me hints about what might be the problem, as I work through all this. I'm sure you can understand the frustration of someone who put faith in Apple's advertising that it would be easy as pie.

  • iToaster Level 3 Level 3 (735 points)

    Sorry pts but I agree with Jamie you can't expect osx server to have any control over anything outside of the LAN it's connected. To do that you would have to configure that yourself on whatever hardware is controlling your WAN access

    Your lack of understanding is not apples yours or anyone else's fault. You can't blame the tools for your lack of understanding


    Apples instructions are  I suppose "easy as pie" as long as you stay inside the box as soon as you step outside you have to have a certain level of understanding how things work

    I guess one mans pie is another's mans cardiac arrest


    This forum is user to user no official apple presence

    I would venture to say you need to explain clearly what your trying to do and what you have done

    No one here has the time to go all Sherlock Holmes on posts and try to deduce what you're  trying to achieve


    I suppose a certain level of expertise is also expected in the server and enterprise forums 'cause we've had it pretty much all to ourselfs for years. Now those pesky soho server types are muscling in, the times they are a changin. I know I'm guilty of thinking the other guy knows what he's talking about 'cause I sure don't

    So don't be to hard on us

  • JaimeMagiera Level 2 Level 2 (305 points)

    pts, I'm sorry but you are being disingenuous to blame the software before you even know what the problem is. Note that the promotional materials say "almost as easy to configure as a desktop machine...". That's the basic confirugation. There is no guarantee that there won't be other things that need to be done. If you expect foundational services such as DNS to just "work", you will be in for a surprise. There are a lot of things that can be different on a machine, and on a network, that affect a service. As someone administering a server, your full time job or not, you'll have to get into the habit of cracking open on a log and, on occasion, the Consider it an opportunity to get good at Mac OS X Server administration. Back to the trouble shooting: It should only take you a few seconds to look at the server log, or run the "host" command from the terminal. These basic things could tell you a lot. Yes, you might have to google, or ask here what those things mean, but that's all part of the learning process. Feel free to post the result of those endeavors.

  • Mark23 Level 3 Level 3 (975 points)

    If you just change 10.7 into 10.8 you'll get:

    All the documentation in one place

  • pts Level 1 Level 1 (0 points)

    Doh!  Thanks for pointing that out, Mark23.  I find it bizzarre that Apple doesn't have this linked here:

    Look under: Documentation

    It takes you to 10.7


    Regarding whether it is disingenious to blame software that claims to work when it doesn't, I guess we'll have to agree to disagree. I have no problems with people giving hints about what to look for, but I do have problems with people saying "look in the logs" and "Its more complicated than Apple said".  All of this may be true, but it doesn't follow that the software is doing what it is supposed to do. It patently isn't.


    Now on to looking at logs for... ??


    I actually got some good help on another thread on here. Apparently will not set up DNS access by outside the server.  If the server is also serving an internal network, then requests from those machines will be allowed, but it won't, by default, respond to requests from the outside world.  VPN seems to be the only way to go, unless I can figure out what configuration files need to be changed. 

  • JaimeMagiera Level 2 Level 2 (305 points)

    No, you continue to misunderstand. It's easy to configure the service. The issue is that there are a myriad of factors beyond Apple's control in terms of all the things in between the machine providing the service and the client. Also, there are a myriad of ways a server and client can be configured that would change the setup. It has nothing to do with Apple wrongly promoting something. If you think that having to look at logs is somehow indicative of a bad system, you completely misunderstand how server administration works. Again, you haven't proved it isn't working. You've done absolutely *none* of the things necessary to verify what the issue is. Nothing. Zero. Zilch. Can you prove that the poster was correct that you can't provide DNS outside your network? I challenge that claim and have proof. Here is a lookup from a (university) network to my completely separate  personal business network running 10.8 Server. Works fine.


    amber:~ jaimelm$ host amber has address


    amber:~ jaimelm$ host

    Using domain server:





  has address


    Please refrain from framing this as an issue of things not working properly until you've actually done your homework.

Previous 1 2 3 Next