Error creating Open Directory Replica in Mountain Lion

Exact same problem here, any help muchoo appreciated!!!

Chris,

Can you provide me with the process you used to determine the Magic Triangle and what steps you took to correct it.

I have the exact same error messages and problem that you had. However, I don't see where I have an AD bind occuring on either server.

Thanks.

Don

I've had the same problem. There was no AD binding anywhere in the mix. I enabled root on both systems, tested ssh. Both systems are running 10.8.3. I thought it might be something from the directory I restored. So I setup a new OD Master on a completely different 10.8.3 server and tried to create a replica of that. Same error. I've tried using other 10.8.3 servers to create replicas of the original OD Master and they all have the same error.

Same problem here! I have no AD binding and 2 Freshly installed Servers.

You would think that two fresh servers would do it. But I've tried as well with two clean as a whistle 10.8.3 servers and it is no go. I have opened a case with Apple Enterprise and suggest you do to. If enough of us complain they may actually fix the problem.

I think my problem may be the .local dns im stuck with.

/usr/sbin/slapconfig -preflightreplica 172.16.2.23 diradmin

Can someone run the above command and post the output?

Sorry ment to say run it on the intended replica.

Also is the replica completely failing to bind or does it error out in the server app but is it listed in the replica tree?

I'm asuming the Ip is the OD master.

rich-loc-a03:~ localadmin$ sudo /usr/sbin/slapconfig -preflightreplica 10.178.239.51 diradmin

10.178.239.51's Password:

2013-05-14 17:37:44 +0000 NSMutableDictionary *_getRootDSE(const char *): rootDSE not found

2013-05-14 17:37:44 +0000 Error: Unable to determine the master's software version.

Its odd the OD master shows that is has a replica but the replica got and error and show nothing in the server app

I tryed this earlyer off my expermental servers 10.178.239.60 is my test OD master (curently getting a clean 10.8 install)

rich-loc-a03:~ localadmin$ sudo slapconfig -createreplica 10.178.239.60 diradmin

2013-05-14 16:24:28 +0000 slapconfig -createreplica

diradmin's Password:

2013-05-14 16:24:35 +0000 command: /usr/sbin/sso_util info -r /LDAPv3/ldap://10.178.239.60 -p

2013-05-14 16:24:35 +0000 1 Creating computer record for replica

2013-05-14 16:24:49 +0000 command: /usr/sbin/slapconfig -delkeychain /LDAPv3/127.0.0.1 rich-loc-a03.sbc-district.local$

2013-05-14 16:24:49 +0000 Added computer password to keychain

2013-05-14 16:24:49 +0000 2 Creating ldap replicator user

2013-05-14 16:24:52 +0000 ServerID for this replica 2

2013-05-14 16:24:53 +0000 command: /usr/bin/sntp -s time.apple.com.

2013-05-14 16:24:53 +0000 3 Updating local replica configuration

2013-05-14 16:24:53 +0000 4 Gathering replication data from the master

2013-05-14 16:24:53 +0000 5 Copying master database to new replica

2013-05-14 16:24:53 +0000 Removed directory at path /var/db/openldap/openldap-data.

2013-05-14 16:24:54 +0000 Starting LDAP server (slapd)

2013-05-14 16:24:54 +0000 Waiting for slapd to start

2013-05-14 16:24:56 +0000 slapd started

2013-05-14 16:24:56 +0000 Stopping LDAP server (slapd)

2013-05-14 16:25:01 +0000 command: /usr/sbin/slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d

2013-05-14 16:25:01 +0000 command: /usr/sbin/slapadd -c -w -l /var/db/openldap/openldap-data/backup.ldif

2013-05-14 16:25:02 +0000 command: /usr/sbin/slapadd -c -w -b cn=authdata -l /var/db/openldap/authdata/authdata.ldif

2013-05-14 16:25:02 +0000

2013-05-14 16:25:02 +0000 5192655e slapd is running in import mode - only use if importing large data

5192655e bdb_monitor_db_open: monitoring disabled; configure monitor database to enable

2013-05-14 16:25:02 +0000 6 Starting new replica

2013-05-14 16:25:02 +0000 Starting LDAP server (slapd)

2013-05-14 16:25:02 +0000 Waiting for slapd to start

2013-05-14 16:25:02 +0000 slapd started

2013-05-14 16:25:02 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi

2013-05-14 16:25:02 +0000 command: /usr/bin/ldapsearch -x -LLL -H ldapi://%2Fvar%2Frun%2Fldapi -b cn=config -s base olcServerID

2013-05-14 16:25:02 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi

2013-05-14 16:25:02 +0000 Starting password server

2013-05-14 16:25:03 +0000 7 Enabling local Kerberos server

2013-05-14 16:25:03 +0000 Configuring Kerberos server, realm is RICH-LOC-A00.SBC-DISTRICT.LOCAL

2013-05-14 16:25:03 +0000 command: /usr/sbin/sso_util configure -x -k -r RICH-LOC-A00.SBC-DISTRICT.LOCAL -f /LDAPv3/ldapi://%2Fvar%2Frun%2Fldapi -a diradmin -p **** -v 1 all

2013-05-14 16:25:04 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi

2013-05-14 16:25:04 +0000 Stopping LDAP server (slapd)

2013-05-14 16:25:05 +0000 Starting LDAP server (slapd)

2013-05-14 16:25:05 +0000 Waiting for slapd to start

2013-05-14 16:25:05 +0000 slapd started

2013-05-14 16:25:05 +0000 8 Enabling syncprov overlay on the replica

2013-05-14 16:25:05 +0000 command: /usr/bin/ldapsearch -x -LLL -H ldapi://%2Fvar%2Frun%2Fldapi -b cn=config objectClass=olcSyncProvConfig dn

2013-05-14 16:25:05 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi

2013-05-14 16:25:05 +0000 adding new entry "olcOverlay=syncprov,olcDatabase={1}bdb,cn=config"

2013-05-14 16:25:05 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi

2013-05-14 16:25:05 +0000 adding new entry "olcOverlay=syncprov,olcDatabase={2}bdb,cn=config"

2013-05-14 16:25:05 +0000 9 Adding replica to master

2013-05-14 16:25:06 +0000 Configuring multimaster for (rich-loc-a03.sbc-district.local) with ServerID (2)

2013-05-14 16:25:06 +0000 Remote server (rich-loc-a00.sbc-district.local) ID: 1

2013-05-14 16:25:06 +0000 command: /usr/bin/ldapsearch -x -LLL -H ldapi://%2Fvar%2Frun%2Fldapi -b dc=rich-loc-a00,dc=sbc-district,dc=local uid=_ldap_replicator dn

2013-05-14 16:25:06 +0000 command: /usr/bin/ldapsearch -x -LLL -H ldapi://%2Fvar%2Frun%2Fldapi -b cn=config -s base olcServerID

ServerID: 2

2013-05-14 16:25:06 +0000 command: /usr/bin/ldapsearch -x -LLL -H ldapi://%2Fvar%2Frun%2Fldapi -b cn=config objectClass=olcSyncProvConfig dn

2013-05-14 16:25:06 +0000 default realm: RICH-LOC-A00.SBC-DISTRICT.LOCAL

2013-05-14 16:25:06 +0000 Configuring multimaster

2013-05-14 16:25:06 +0000 command: /usr/bin/ldapsearch -x -LLL -H ldapi://%2Fvar%2Frun%2Fldapi -b cn=config -s base olcServerID

2013-05-14 16:25:06 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi

2013-05-14 16:25:06 +0000 modifying entry "cn=config"

modifying entry "olcDatabase={1}bdb,cn=config"

modifying entry "olcDatabase={2}bdb,cn=config"

2013-05-14 16:25:06 +0000 Stopping LDAP server (slapd)

2013-05-14 16:25:36 +0000 Starting LDAP server (slapd)

2013-05-14 16:25:36 +0000 Waiting for slapd to start

2013-05-14 16:25:38 +0000 slapd started

2013-05-14 16:25:38 +0000 Updating ldapreplicas on rich-loc-a00.sbc-district.local as diradmin

2013-05-14 16:25:39 +0000 Updating ldapreplicas record

2013-05-14 16:25:51 +0000 Unable to set credentials on the master: 2100 Connection failed to the directory server.

2013-05-14 16:25:51 +0000 Unable to set credentials on the master: 2100 Connection failed to the directory server. (error = 69)

2013-05-14 16:25:51 +0000 Deleting Cert Authority related data

2013-05-14 16:25:51 +0000 No intCAIdentity, not removing int CA from keychain

2013-05-14 16:25:51 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd.plist

2013-05-14 16:25:51 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd-helper.plist

2013-05-14 16:25:51 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertadmin.plist

2013-05-14 16:25:51 +0000 Updating ldapreplicas on primary master

2013-05-14 16:26:03 +0000 ODNode *CopyPrimaryMasterNode(BOOL): Unable to set credentials: 2100 Connection failed to the directory server.

2013-05-14 16:26:03 +0000 Primary master node is nil!

2013-05-14 16:26:03 +0000 Unable to locate ldapreplicas record: 0 (null)

2013-05-14 16:26:03 +0000 Error setting read ldap replicas array: 0 (null)

2013-05-14 16:26:03 +0000 Error setting write ldap replicas array: 0 (null)

2013-05-14 16:26:03 +0000 ODRecord *_getODRecord(ODNode *, NSString *, NSString *, NSArray *): ODNodeRef parameter error

2013-05-14 16:26:03 +0000 int _removeReplicaFromConfigRecord(ODNode *, NSString *): ODRecord not found

2013-05-14 16:26:03 +0000 Error synchronizing ldapreplicas: 0 (null)

2013-05-14 16:26:03 +0000 Removing self from the database

2013-05-14 16:26:04 +0000 Warning: An error occurred while re-enabling GSSAPI.

2013-05-14 16:26:05 +0000 Stopping LDAP server (slapd)

2013-05-14 16:26:35 +0000 Stopping password server

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/openldap-data/__db.001.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/openldap-data/__db.002.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/openldap-data/__db.003.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/openldap-data/__db.004.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/openldap-data/__db.005.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/openldap-data/__db.006.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/openldap-data/altSecurityIdentities.bdb.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/openldap-data/apple-config-realname.bdb.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/openldap-data/apple-generateduid.bdb.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-memberguid.bdb.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-nestedgroup.bdb.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-realname.bdb.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/openldap-data/cn.bdb.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/openldap-data/DB_CONFIG.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/openldap-data/dn2id.bdb.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/openldap-data/entryCSN.bdb.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/openldap-data/entryUUID.bdb.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/openldap-data/gidNumber.bdb.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/openldap-data/givenName.bdb.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/openldap-data/id2entry.bdb.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/openldap-data/ipHostNumber.bdb.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000001.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/openldap-data/macAddress.bdb.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/openldap-data/memberUid.bdb.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/openldap-data/objectClass.bdb.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/openldap-data/ou.bdb.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/openldap-data/sn.bdb.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/openldap-data/uid.bdb.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/openldap-data/uidNumber.bdb.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/authdata/__db.001.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/authdata/__db.002.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/authdata/__db.003.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/authdata/__db.004.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/authdata/__db.005.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/authdata/__db.006.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/authdata/alock.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/authdata/authdata.ldif.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/authdata/authGUID.bdb.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/authdata/DB_CONFIG.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/authdata/dn2id.bdb.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/authdata/draft-krbPrincipalAliases.bdb.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/authdata/draft-krbPrincipalName.bdb.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/authdata/entryCSN.bdb.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/authdata/entryUUID.bdb.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/authdata/id2entry.bdb.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/authdata/log.0000000001.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/openldap/authdata/objectClass.bdb.

2013-05-14 16:26:35 +0000 Removed directory at path /var/db/openldap/authdata.

2013-05-14 16:26:35 +0000 Removed file at path /etc/openldap/slapd_macosxserver.conf.

2013-05-14 16:26:35 +0000 Removed file at path /etc/openldap/slapd.conf.

2013-05-14 16:26:35 +0000 Removed file at path /etc/openldap/rootDSE.ldif.

2013-05-14 16:26:35 +0000 Removed file at path /var/db/dslocal/nodes/Default/groups/com.apple.access_dsproxy.plist.

2013-05-14 16:26:35 +0000 Removed directory at path /etc/openldap/slapd.d/cn=config.

2013-05-14 16:26:35 +0000 Removed file at path /etc/openldap/slapd.d/cn=config.ldif.

2013-05-14 16:26:35 +0000 Removed directory at path /etc/openldap/slapd.d.

2013-05-14 16:26:35 +0000 Removed directory at path /etc/openldap/slapd.d.backup/cn=config.

2013-05-14 16:26:35 +0000 Removed file at path /etc/openldap/slapd.d.backup/cn=config.ldif.

2013-05-14 16:26:35 +0000 Removed directory at path /etc/openldap/slapd.d.backup.

2013-05-14 16:26:35 +0000 Stopping password server

2013-05-14 16:26:35 +0000 Removed file at path /etc/ntp_opendirectory.conf.

2013-05-14 16:26:35 +0000 Removed file at path /Library/Preferences/com.apple.openldap.plist.

2013-05-14 16:26:35 +0000 Attempting to remove principal _ldap_replicator@RICH-LOC-A00.SBC-DISTRICT.LOCAL

2013-05-14 16:26:35 +0000 command: /usr/bin/kdestroy --principal=_ldap_replicator@RICH-LOC-A00.SBC-DISTRICT.LOCAL

2013-05-14 16:26:35 +0000 Destroying ldap principal failed: 1 stdout = { } stderr = { kdestroy: Can't find cache for _ldap_replicator@RICH-LOC-A00.SBC-DISTRICT.LOCAL: Principal _ldap_replicator@RICH-LOC-A00.SBC-DISTRICT.LOCAL not found in any credential cache

}

Bingo, exact same on mine every time despite numerous rebuilds. Good news is I solved it, bad news is remembering how!

I will have to look up my notes tonight for you guys. But the problem is related to authentication to the master. Some have stipulated I is related to the use if self signed certs.

Google self signed certificate and open directing binding that may bring up the article. I will try and find my notes over the next hour or so.

Good luck!

I was thinking it was related to self signed certificates I'll work on it and posts a fix if i get it working.

Also have a read of krypted.com on OD, it's a great site.

This is the fix that worked for me!!

On the Master change the following in /etc/sshd_config

Authentication: PermitRootLogin yes PasswordAuthentication yes PubkeyAuthentication no

and on the OD replica like this:

PasswordAuthentication yes PubkeyAuthentication no