Open directory doesn't work

Yep, I said 'by default' and meant it: not that you can't. You have to change to serve All Clients in the drop down window in DNS settings, but it just seemed bad advice given your reticence to gain a basic understanding of how os x server works.

I suggested VPN to solve your problems because, a. You don't want to look at logs, you don't want to read the Hoffman labs os x DNS primer "because it looks like a bit of a slog", and most importantly to give you some security of access rather than opening your server up to the rest of the university, although im sure there are no hacker undergrads there......... You just want things to work like the advertising, which I guess is fair enough but as everyone points out, the software really DOES work as advertised. You just want to do something which doesn't fit in the "push button" box.

Having your clients connect via VPN ticks the "push button" box, but stop telling everyone here how you've been mislead by paying $20 for a pretty powerful bit of software and get on with implementing some of the myriad advice you've been given, and I'm sure you'll find everyone still more than helpful.

PTS, I've provided you help throughout this entire thread.

1). Have you tested the querying with the "host" command? No, you haven't.

2). Have you looked at the DNS logs to verify the service is running and fielding queries (local or otherwise)? No, you haven't

3). Did you make any attempt to read up on DNS as a service, such as reading online documentation or purchasing the aforemented book? No, you haven't.

4). In terms of OpenDirectoy, did you put the OD service into debugging mode and view the logs to see if it is accepting connections and if there are any problems? Did you try using ldapsearch? No, you haven't.

5). Did you post the logs from either service, after I offered to help you understand them? No, you haven't.

I haven't told you what to look for in the logs because there are many things that could be going on in the logs. It's not like you can go to a particular line and be "voilà!". You have to actually read them and spend some time understanding what the contents mean. That means web searches, websites, books, etc. This actually highlights the greater issue here... You refuse to do anything that involves *understanding* the service in question, or the server overall. I'm not going to tell you how to just "fix it", becuase that really doesn't "fix it" in the big picture. You really need to explain what you're trying to do and to understand what is going on in regards to those desires - particularly in terms of DNS - to be successful at managing a server. Server.app *does* work as advertised. It's designed to manage a small-to-mid workgroup server on a network. If you understood networking and DNS, you would understand why their "expected" configurations for Server.app make perfect sense for what it is advertised for. The fact that you're putting me down and attacking me, instead of following the suggestions provided to you, comes off as a defense mechanism. Well, quite frankly, it won't work here. I've been a contributing member of the OS X Server community since the first version was released over 12 years ago. You'll be hard pressed to find anyone who says I don't contribute. What I don't do is coddle people who think they are entitled to something. You aren't entitled to anything. People, myself included, have been very generous with their time. I understand you may be frustrated, but that gives you absolutely no right to put me down. It's rude, unprofessional and does not build anyone's confidence in your ability to troubleshoot.

<Edited By Host>

... and no, I do not work for Apple. Your conspiracy theories belong in the pile with Alex Jones and chemtrails people.

pts,

you really need to tone it down dude, lets see if we can actualy get this back to a helpful level, eh.

Most of what I know , I have learnt through reading the support posts of people like Jaime and following their advice, not dissing them.

If you are serious about trying to understand and co-operate with suggestions, then lets see you respond to the following without commentary. Its hard to get a handle on how much you do or don't know, so lets start from basic principals.

Most of your work is going to be done on the "Command Line Interface" via the "Terminal" application. When people like Jaime ask you the result of the "host" or the "snagglefax" command WITHOUT specifying , say "In Server.app", they mean: "enter this command at the CLI in Terminal" SO:

1. From the Applications Folder , select Utilities Folder and then open Terminal.app

2. It will respond with a funny little prompt like:

mylabs-server: ~ ptsadmin$

Most people shorthand the command line interface when asking you to enter a command by preceding it with a "$" sign

Here is another tip - type "man host" and this will tell you what the command actually does. Typing "man less"

will tell you all the navigation commands to use while you are in "man" , but type b for back, f for forward and q for quit at the : prompt and you can't go wrong.

So Step 3.

3. Enter this command from your cli

$ sudo changeip -checkhostname

Password: (enter your password)

Primary address = xx.xx.xx.xx

Current HostName = my-server.mydomain.com

DNS HostName = my-server.mydomain.com

The names match. There is nothing to change.

dirserv:success = "success"

The above changeip command is the equivalent of typing:

$ host my-server

my-server.mydomain.com has address 10.0.5.80

$ host 10.0.5.80

80.5.0.10.in-addr.arpa domain name pointer my-server.mydomain.com.

It shows that dns forward and reverse entries are correct.

So, If that is set up OK, please confirm step 4 is correct.

4. $ sudo serveradmin settings dns:forwarders:_array_index:0 = "xx.yy.zz.aa" where xx.yy.zz.aa is the address of the universities dns server

Now you are going to look at the dns log while you attempt a connection from one of the clients.

5. Confirm that the network setup for one of your clients is set up to point to the tcp ip address of myserver.mydomain.com and that the search domain is set to myserver.mydomain.com

try using safari on the remote machine and do a google search for something. Then come back or ssh in to your server and:

5. $ tail /library/logs/named.log

This will print out the end of your named.log (dns)

and report back with the output and results to date.

PTS... I believe there's much more going on with your server than you're aware. The fact is, even though OS X server is supposed to be totally simple and made so that you don't need an IT department, it's based on systems that people spend A LOT of money learning how to operate. DNS, Directory Services, Apache, Postgre SQL to name a few.

If you aren't understanding what your server is or isn't doing, and you can't find techy type documentation, but really want to learn, then take a class!

Exitcertified has many campuses around the US and Canada. Lynda.com has a great online classroom thing where you can pick the specific topic to learn about and watch that particular lesson.

Lastly, it seems to me that the initial setup of your server may have gone awry. Where and how is nearly impossible to diagnose without actually sitting in front of your server and sifting through the log files. What you said about looking for "something" in the haystack with no idea of what that somethis is, is true. However people with experience really don't know what they're looking for either. That said... The experience factor comes into play. An experienced techy would be able to look at those log files and recognize lines of report that look "off".

My hope is that you'll read this and understand that maybe this problem is out of your ball park. I suggest that you take your router and your server, put it in a box and make an appointment to bring it down to an apple genius. Or perhaps get in touch with another Educator that has experience with apple server product. You'll truley need to have someone look at it if you can't figure out what the problem actually is. At least that way, you'll be able to look over that persons shoulder and gain some valued knowledge. Next time the problem happens, you'll recognize it and be able to help the next person to come along!

-Graham

pts:

> I turned on Open Directory using server.app on my sever. I then go to a client and do: system preferences>users and groups>login options>Network account server: Join>open directory utility. From there I do File>connect. When I type in the FQDN of the server, along with an admin account name and password, I get the following message:

Can't connect to server

If you have not gotten this working as expected make sure:

- that you're running Open Directory on your server

- that you have 'allow remote administration using server' checkbox enabled

- that you connect to your server as Directory Administrator user

So, what did you want to accomplish by connected to your server in proxy mode via Directory Utility?

still no luck pts??

I'm in the same situation that pts! I admit that my knowledge is zero ... but I had a mac mini with lion server, and server.app automatically did its job ... I updated to the ML server and the service could not start the same way!

Have you put OpenDirectory into debug mode to see what the error is?

07-Sep-2012 19:33:30.435 exiting

07-Sep-2012 19:33:30.900 zone 0.0.127.in-addr.arpa/IN/com.apple.ServerAdmin.DNS.public: loaded serial 1997022700

07-Sep-2012 19:33:30.900 zone 1.168.192.in-addr.arpa/IN/com.apple.ServerAdmin.DNS.public: loaded serial 2012090713

07-Sep-2012 19:33:30.901 zone localhost/IN/com.apple.ServerAdmin.DNS.public: loaded serial 42

07-Sep-2012 19:33:30.901 zone org/IN/com.apple.ServerAdmin.DNS.public: loaded serial 2012090713

07-Sep-2012 19:33:30.901 managed-keys-zone ./IN/com.apple.ServerAdmin.DNS.public: loading from master file 7f737fd4dc4fec34dd276a5842ba8a5370c4a8ddba94a5002e26b5e8d7122d44.mkeys failed: file not found

07-Sep-2012 19:33:30.901 managed-keys-zone ./IN/com.apple.ServerAdmin.DNS.public: loaded serial 0

07-Sep-2012 19:33:30.902 running

07-Sep-2012 19:33:30.902 zone 1.168.192.in-addr.arpa/IN/com.apple.ServerAdmin.DNS.public: sending notifies (serial 2012090713)

07-Sep-2012 19:33:30.902 zone org/IN/com.apple.ServerAdmin.DNS.public: sending notifies (serial 2012090713)

inuvem:~ admin$ sudo changeip -checkhostname

Password:

Primary address = 192.168.1.65

Current HostName = inuvem.org

DNS HostName = inuvem.org

The names match. There is nothing to change.

dirserv:success = "success"

inuvem:~ admin$ host inuvem.org

inuvem.org has address 192.168.1.65

Do you mean the DNS or the OpenDirectory service doesn't start properly? What is the actual manifestation of the problem? (users can't login?)