Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Midknight32
Midknight32 Author
User level: Level 1
5 points

Open Directory intermittently stops responding

I'm trying to figure out how to get OD working reliably.


I've had a mac mini running OD and file services as primary authentication adn user managemetn.


I'm now running AD for user auth, and a standalone OD mac mini (10.9.x) with no other purpose in life but to be the OD master, on a new - ish Mac mini that hasn't evinced drive errors.


Nevertheless, OD simply gives up on an intermittent basis. I usually figure this out when I load system preferences and I cant get a list of replicas. Or when binding a new computer and it throws an error.


Rebooting clears the problem - for a little while. I can bind, the Server.app behaves properly, etc.


I also make sure to not leave a user session or server.app running, but log all the way back out.


Now - is there any way to verify the integrity of the db (and fix it)? Or to export/reimport the db without losing all my bindings and management settings in workgroup manager, but get a cleaner running copy?

G5, Mac OS X (10.4.8)

Posted on Oct 6, 2014 7:12 PM

Reply
4 replies
User profile for user: Linc Davis
Linc Davis
User level: Level 10
209,541 points

Oct 7, 2014 9:29 AM in response to Midknight32

Many Open Directory problems can be resolved by taking the following steps. Test after each one, and back up all data before making any changes.

1. The OD master must have a static IP address on the local network, not a dynamic address.

2. You must have a working DNS service, and the server's hostname must match its fully-qualified domain name. To confirm, select the server by name in the sidebar of the Server application window, then select the Overview tab. Click the Edit button on the Host Name line. On the Accessing your Server sheet, Domain Name should be selected. Change the Host Name, if necessary. The server must have at least a three-level name (e.g. "server.yourdomain.com"), and the name must not be in the ".local" top-level domain, which is reserved for Bonjour.

3. The primary DNS server used by the server must be 127.0.0.1 (that is, itself) unless you're using another server for internal DNS. The only DNS server set on the clients should be the internal one, which they should get from DHCP if applicable.

4. Follow these instructions to rebuild the Kerberos configuration on the master.

5. If you use authenticated binding, check the validity of the master's certificate. The common name must match the hostname and domain name. Deselecting and then reselecting the certificate in Server.app has been reported to have an effect in some cases. Otherwise delete all certificates and create new ones.

6. Unbind and then rebind the clients in the Users & Groups preference pane. Use the fully-qualified domain name of the master.

7. Reboot the master and the clients.

8. Don't log in to the server with a network user's account.

9. Disable any internal firewalls in use, including third-party "security" software.

10. If you've created any replica servers, delete them.

11. As a last resort, export all OD users. In the Open Directory pane of Server, delete the OD server. Then recreate it and import the users. Ensure that the UID's are in the 1001+ range.

Reply
User profile for user: Midknight32
Midknight32 Author
User level: Level 1
5 points

Oct 7, 2014 9:50 AM in response to Linc Davis

1. The OD master must have a static IP address on the local network, not a dynamic address.

Check

2. You must have a working DNS service, and the server's hostname must match its fully-qualified domain name. To confirm, select the server by name in the sidebar of the Server application window, then select the Overview tab. Click the Edit button on the Host Name line. On the Accessing your Server sheet, Domain Name should be selected. Change the Host Name, if necessary. The server must have at least a three-level name (e.g. "server.yourdomain.com"), and the name must not be in the ".local" top-level domain, which is reserved for Bonjour.

Check

3. The primary DNS server used by the server must be 127.0.0.1 (that is, itself) unless you're using another server for internal DNS. The only DNS server set on the clients should be the internal one, which they should get from DHCP if applicable.

Using active directory, but valid DNS all the way around

4. Follow these instructions to rebuild the Kerberos configuration on the master.

5. If you use authenticated binding, check the validity of the master's certificate. The common name must match the hostname and domain name. Deselecting and then reselecting the certificate in Server.app has been reported to have an effect in some cases. Otherwise delete all certificates and create new ones.

6. Unbind and then rebind the clients in the Users & Groups preference pane. Use the fully-qualified domain name of the master.


I'll look into the above, but I'm really trying to avoid rebinding 60+ machines yet again.


7. Reboot the master and the clients.

It works for a while and then just gives up. As stated - rebooting clears it - for a while.

Is there a way - I have not yet looked at the kerberos instructions - to validate the validity of the database and repair it without rebinding/losing everything?


8. Don't log in to the server with a network user's account.

Local admin all the way....

9. Disable any internal firewalls in use, including third-party "security" software.

none in effect or on.

10. If you've created any replica servers, delete them.

Done this, and back. Can try it again....

11. As a last resort, export all OD users. In the Open Directory pane of Server, delete the OD server. Then recreate it and import the users. Ensure that the UID's are in the 1001+ range.

Reply

Open Directory intermittently stops responding

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up