Binding problem

If all things between the devices is equal, you may simply have some bad preferences lingering on the machine. If time was the issue, 10.9.x should tell you that. However, it is worth confirming that your workstation in question is within time skew. The server and the workstation should be using the same time server.

If time is not the issue, you might want to try resetting the workstation's Open Directory settings. To do this, go to /Library/OpenDirectory. Move all the items in that folder to the Trash and reboot the machine. When it comes back up, try binding again (the items will restore to defaults).

If this is not successful, you can run OpenDirectory in debug mode to get more logging information. To do this, enter the following command to enable Directory Services debug logging:

sudo odutil set log debug

Examine the output in /var/log/opendirectoryd.log using the following command while attempting the bind:

tail -f /var/log/opendirectoryd.log

To return OpenDirectory to normal logging, use:

sudo odutil set log error

Reid

Apple Consultants Network

Author "Yosemite Server – Foundation Services" :: Exclusively available in Apple's iBooks Store

Author "Mavericks Server – Foundation Services" :: Exclusively available in Apple's iBooks Store

Author "Mavericks Server – Control and Collaboration" :: Exclusively available in Apple's iBooks Store

Hmm. If you log into the server, take a look to see if the device record still exists in the computers container. If it does, delete it from the server.

Maybe the device is having trouble overwriting an existing record.

You can view this by launching Server.app, going to the Tools menu and launching Directory Utility. Go to the Directory Editor tab and make sure you are viewing the LDAP domain. Change the popup to Computers. Is the machine record still present?

By any chance are your machines clones of one another of another master image? There is an issue when you clone devices and don't unique the local KDC.

Key distribution center. Run:

sudo ktutil list

On the workstations and look at the values with LKDC. You will see a GUID string (something like B4F927A0161517C51C7DE06FE2D14BB3D6B15FCE). Compare that against your multiple systems. If you cloned you might be duplicating what is supposed to be unique per device.

As with all problems, there are solutions.

You can recreate a new local KDC on your workstation by following these steps. Keep in mind, you don't need to do this on both devices as one can remain the current values.

1: Log in as local admin

2: Launch Keychain Access

3: Select the System Keychain.

4: Find the three items titled com.apple.kerberos.kdc and delete them.

5: Delete the existing keytab

sudo rm -R /etc/krb5.keytab

6: Recreate a new local KDC

sudo /usr/libexec/configureLocalKDC

7: Reboot

8: Running sudo ktutil list will show new values in the keytab file.

You now have a new, unique, local KDC on the device. This will allow both devices to auth bind to the domain without trampling over each other's records.

Reid

Apple Consultants Network

Author "Yosemite Server – Foundation Services" :: Exclusively available in Apple's iBooks Store

Author "Mavericks Server – Foundation Services" :: Exclusively available in Apple's iBooks Store

Author "Mavericks Server – Control and Collaboration" :: Exclusively available in Apple's iBooks Store

Hello,

Please excuse me for jumping in, but I'm seeing the same issues on two different machines. Not clones of each other, I did try the recommended solution and I'm still seeing the binding error message.

I am having a similar issue. I cannot bind at all to my server from the client. I did the above, and it did not work. My DNS checks out, but still won't bind. Can you help?

Possibly. What error are you getting on the attempt to bind? Do you see anything in your logs to suggest what the error is? When you say DNS checks out, what is your DNS syntax? You don't have to reveal your actual domain but I want to know is it a domain.local, host.domain.tld, etc.

I have a static ip (public), using an airport Extreme as my router, to a bridged DSL modem.

I've set up my server to a static private ip of 10.0.1.2, router is 10.0.1.1 Client is status private to 10.0.1.3

I put in all my credentials to bind, I know the password is correct, it appears to start to bind, and then I get the error below.

No log is created on the server when I try to bind.

Here is the error I get:

Here is my client error log:

23/1/15 21:22:22.869 com.apple.xpc.launchd[1]: (com.aladdin.hasplmd) Service only ran for 0 seconds. Pushing respawn out by 10 seconds.

23/1/15 21:22:22.871 ReportCrash[59897]: Saved crash report for hasplmd[59907] version ??? to /Library/Logs/DiagnosticReports/hasplmd_2015-01-23-212222_Patsy-4.crash

23/1/15 21:22:30.278 WindowServer[155]: _CGXGetWindowOrderingGroup: Operation on a window 0x3ea requiring rights 0x5 by caller System Preferences

23/1/15 21:22:30.280 com.apple.preferences.users.remoteservice[59810]: -[ODCAddServerSheetController handleOtherActionError: gotError: Error Domain=com.apple.OpenDirectory Code=5101 "existing connection is not authenticated or secure: password change denied" UserInfo=0x6080000751c0 {NSLocalizedDescription=existing connection is not authenticated or secure: password change denied, NSLocalizedFailureReason=Authentication server refused operation because the current credentials are not authorized for the requested operation.}, Authentication server refused operation because the current credentials are not authorized for the requested operation.

23/1/15 21:22:30.460 WindowServer[155]: window 3f5 is already attached to window 3ba

23/1/15 21:22:30.687 WindowServer[155]: window 3f5 is already attached to window 3ba

23/1/15 21:22:30.692 WindowServer[155]: window 3f5 is already attached to window 3ba

23/1/15 21:22:32.960 com.apple.xpc.launchd[1]: (com.aladdin.hasplmd[59908]) Service exited due to signal: Trace/BPT trap: 5

23/1/15 21:22:32.960 com.apple.xpc.launchd[1]: (com.aladdin.hasplmd) Service only ran for 0 seconds. Pushing respawn out by 10 seconds.

23/1/15 21:22:32.962 ReportCrash[59897]: Saved crash report for hasplmd[59908] version ??? to /Library/Logs/DiagnosticReports/hasplmd_2015-01-23-212232_Patsy-4.crash

23/1/15 21:22:42.969 com.apple.xpc.launchd[1]: (com.apple.ReportCrash.Root[59910]) Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.ReportCrash.DirectoryService

23/1/15 21:22:43.065 com.apple.xpc.launchd[1]: (com.aladdin.hasplmd[59909]) Service exited due to signal: Trace/BPT trap: 5

23/1/15 21:22:43.065 com.apple.xpc.launchd[1]: (com.aladdin.hasplmd) Service only ran for 0 seconds. Pushing respawn out by 10 seconds.

23/1/15 21:22:43.086 ReportCrash[59910]: Saved crash report for hasplmd[59909] version ??? to /Library/Logs/DiagnosticReports/hasplmd_2015-01-23-212243_Patsy-4.crash

23/1/15 21:22:53.159 com.apple.xpc.launchd[1]: (com.aladdin.hasplmd[59911]) Service exited due to signal: Trace/BPT trap: 5

23/1/15 21:22:53.159 com.apple.xpc.launchd[1]: (com.aladdin.hasplmd) Service only ran for 0 seconds. Pushing respawn out by 10 seconds.

Client Network settings:

Server DNS set up:

Server Network settings: