Using OS X server open directory with QNAP
Just purchased a QNAP TS-451u for a network running a 10.10 OS X server with Open Directory.
Open directory works fine, users can use it to logon to their machines and authenticate against a shared volume on the Mac Server using SMB or AFP.
I've configured the QNAP to use LDAP authentication and linked it to the Mac Server, all appears to be fine, the QNAP can see users and groups. I can assign these users and groups to shares. Users can access these shares and authenticate with their OD credentials using AFP.
However SMB does not connect, I don't even get a password box.Switching off LDAP on the QNAP allows SMB connection using a local account.
I've tried speaking to QNAP support and the QNAP forums but have had no joy. QNAP support keep telling me I need to import the Samba schema into my LDAP server, but its already there??
When a user tries to connect the below is shown in the Mac server log.
Any help would be appreciated.
"
May 28 15:44:28 MacServer.local kdc[72]: Searching referral for MacServer.local
May 28 15:44:28 MacServer.local kdc[72]: Server not found in database: krbtgt/LOCAL@MacServer.LOCAL: no such entry found in hdb
May 28 15:44:28 MacServer.local kdc[72]: Failed building TGS-REP to 127.0.0.1:56411
May 28 15:44:28 MacServer.local kdc[72]: TGS-REQ MacServer.local$@MacServer.LOCAL from 127.0.0.1:58240 for host/MacServer.local@MacServer.LOCAL [forwardable]
May 28 15:44:28 MacServer.local kdc[72]: Server not found in database: host/MacServer.local@MacServer.LOCAL: no such entry found in hdb
May 28 15:44:28 MacServer.local kdc[72]: Failed building TGS-REP to 127.0.0.1:58240
May 28 15:44:28 MacServer.local kdc[72]: TGS-REQ MacServer.local$@MacServer.LOCAL from 127.0.0.1:55503 for ldap/MacServer.local@MacServer.LOCAL [canonicalize, forwardable]
May 28 15:44:28 MacServer.local kdc[72]: TGS-REQ MacServer.local$@MacServer.LOCAL from 127.0.0.1:63887 for ldap/MacServer.local@MacServer.LOCAL [forwardable]
May 28 15:44:29 MacServer.local kdc[72]: AS-REQ MacServer.local$@MacServer.LOCAL from 127.0.0.1:55939 for krbtgt/MacServer.LOCAL@MacServer.LOCAL
May 28 15:44:29 --- last message repeated 1 time ---
May 28 15:44:29 MacServer.local kdc[72]: Client sent patypes: REQ-ENC-PA-REP
May 28 15:44:29 MacServer.local kdc[72]: user has no SRP keys
May 28 15:44:29 MacServer.local kdc[72]: Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ
May 28 15:44:29 MacServer.local kdc[72]: AS-REQ MacServer.local$@MacServer.LOCAL from 127.0.0.1:63435 for krbtgt/MacServer.LOCAL@MacServer.LOCAL
May 28 15:44:29 --- last message repeated 1 time ---
May 28 15:44:29 MacServer.local kdc[72]: Client sent patypes: ENC-TS, REQ-ENC-PA-REP
May 28 15:44:29 MacServer.local kdc[72]: ENC-TS pre-authentication succeeded -- MacServer.local$@MacServer.LOCAL
May 28 15:44:29 MacServer.local kdc[72]: DSUpdateLoginStatus: Unable to synchronize login time for MacServer.local$: 77009
May 28 15:44:29 MacServer.local kdc[72]: Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
May 28 15:44:29 MacServer.local kdc[72]: Requested flags: forwardable
May 28 15:44:29 MacServer.local kdc[72]: TGS-REQ MacServer.local$@MacServer.LOCAL from 127.0.0.1:63389 for host/MacServer.local@MacServer.LOCAL [canonicalize, forwardable]
May 28 15:44:29 MacServer.local kdc[72]: Searching referral for MacServer.local
May 28 15:44:29 MacServer.local kdc[72]: Server not found in database: krbtgt/LOCAL@MacServer.LOCAL: no such entry found in hdb
May 28 15:44:29 MacServer.local kdc[72]: Failed building TGS-REP to 127.0.0.1:63389
May 28 15:44:29 MacServer.local kdc[72]: TGS-REQ MacServer.local$@MacServer.LOCAL from 127.0.0.1:51171 for host/MacServer.local@MacServer.LOCAL [forwardable]
May 28 15:44:29 MacServer.local kdc[72]: Server not found in database: host/MacServer.local@MacServer.LOCAL: no such entry found in hdb
May 28 15:44:29 MacServer.local kdc[72]: Failed building TGS-REP to 127.0.0.1:51171
May 28 15:44:29 MacServer.local kdc[72]: TGS-REQ MacServer.local$@MacServer.LOCAL from 127.0.0.1:55109 for ldap/MacServer.local@MacServer.LOCAL [canonicalize, forwardable]
May 28 15:44:29 MacServer.local kdc[72]: TGS-REQ MacServer.local$@MacServer.LOCAL from 127.0.0.1:60683 for ldap/MacServer.local@MacServer.LOCAL [forwardable]
May 28 15:44:29 MacServer.local servermgr_accounts[79740]: -[AccountsRequestHandler doProcessInputWithRequest:context:lockFileFD:]: 'error' key does not contain archived NSError object. (errorKeyContents = UNEXPECTED_COMMAND)
May 28 15:44:29 MacServer.local servermgr_xcode[79681]: response: {
}
m.apple.DeviceManagement.postgres): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.
May 28 15:44:32 MacServer.local BeAnywhereDaemon[37659]: ProcessKeepAlive - Received keep alive packet...
May 28 15:44:33 MacServer.local devicemgrd[482]: Failed (errno=13) to open log file at "/Library/Logs/ProfileManager/devicemgrd.log". Using syslog() instead.
May 28 15:44:33 MacServer.local devicemgrd[482]: 0:: [482] [2015/05/28 15:44:33.868] Waiting for postgres to startup....
1
May 28 15:44:37 MacServer.local BeAnywhereDaemon[37659]: ProcessKeepAlive - Received keep alive packet...
May 28 15:44:40 MacServer.local servermgr_status[79753]: Connected to the Notify Service
May 28 15:44:41 MacServer com.apple.xpc.launchd[1] (com.apple.DeviceManagement.postgres[79799]): Service could not initialize: 14C109: xpcproxy + 14045 [1344][63706214-56DC-3155-B46F-D4F21C9B1C0B]: 0xd
May 28 15:44:41 MacServer com.apple.xpc.launchd[1] (com.apple.DeviceManagement.postgres): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.
May 28 15:44:42 MacServer.local BeAnywhereDaemon[37659]: ProcessKeepAlive - Received keep alive packet...
May 28 15:44:43 MacServer.local nsurlstoraged[223]: realpath() returned NULL for /var/root/Library/Caches/com.apple.servermgrd.plugin
May 28 15:44:47 MacServer.local BeAnywhereDaemon[37659]: ProcessKeepAlive - Received keep alive packet...
May 28 15:44:51 MacServer com.apple.xpc.launchd[1] (com.apple.DeviceManagement.postgres[79842]): Service could not initialize: 14C109: xpcproxy + 14045 [1344][63706214-56DC-3155-B46F-D4F21C9B1C0B]: 0xd
May 28 15:44:51 MacServer com.apple.xpc.launchd[1] (com.apple.DeviceManagement.postgres): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.
May 28 15:44:52 MacServer.local BeAnywhereDaemon[37659]: ProcessKeepAlive - Received keep alive packet...
May 28 15:44:54 MacServer.local BeAnywhereDaemon[37659]: UpdateIP call successful...
May 28 15:44:54 MacServer.local kdc[72]: AS-REQ diradmin@MacServer.LOCAL from 127.0.0.1:55371 for krbtgt/MacServer.LOCAL@MacServer.LOCAL
May 28 15:44:54 --- last message repeated 1 time ---
May 28 15:44:54 MacServer.local kdc[72]: Client sent patypes: REQ-ENC-PA-REP
May 28 15:44:54 MacServer.local kdc[72]: user has no SRP keys
May 28 15:44:54 MacServer.local kdc[72]: Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ
May 28 15:44:54 MacServer.local kdc[72]: AS-REQ diradmin@MacServer.LOCAL from 127.0.0.1:54142 for krbtgt/MacServer.LOCAL@MacServer.LOCAL
May 28 15:44:54 MacServer.local sandboxd[432] ([72]): kdc(72) deny file-read-data /private/etc/krb5.conf
May 28 15:44:54 MacServer.local kdc[72]: AS-REQ diradmin@MacServer.LOCAL from 127.0.0.1:54142 for krbtgt/MacServer.LOCAL@MacServer.LOCAL
May 28 15:44:54 MacServer.local kdc[72]: Client sent patypes: ENC-TS, REQ-ENC-PA-REP
May 28 15:44:54 MacServer.local kdc[72]: ENC-TS pre-authentication succeeded -- diradmin@MacServer.LOCAL
May 28 15:44:54 MacServer.local kdc[72]: DSUpdateLoginStatus: Unable to synchronize login time for diradmin: 77009
May 28 15:44:54 MacServer.local kdc[72]: Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
May 28 15:44:54 MacServer.local kdc[72]: Requested flags: forwardable"
iMac, OS X Yosemite (10.10)