iTim2009

Q: Open Directory: Can't add users remotely

I am having issues adding users to Open Directory from within the Server app. It only occurs when I'm connecting to the server remotely, not when I'm on the serving machine itself.

 

After adding a user, I get:

 

Operation is not supported by the directory node.

 

I looked around here and all I saw was an ambiguous instruction to check the OD certificate. Now OD creates a code-signing cert when I create a master, but under Certificates in Server, it doesn't use it, and I can't assign that certificate to the OD service. The only certificates I can assign to the OD service are a self-signed cert, a verified Class 2 IV cert (StartCom), and the proverbial 'none'.

 

 

Any suggestions?

Posted on Mar 16, 2016 9:02 AM

Close

Q: Open Directory: Can't add users remotely

  • All replies
  • Helpful answers

  • by iTim2009,

    iTim2009 iTim2009 Mar 16, 2016 5:49 PM in response to iTim2009
    Level 1 (13 points)
    Servers Enterprise
    Mar 16, 2016 5:49 PM in response to iTim2009

    It would appear to be an issue with server not accept its own code signing certificate?

     

    I go to Certificates > Custom Configuration > and Directory Services is using my StartSSL certificate instead of the code signing certificate it created. It won't let me assign that certificate to the service.

     

    Can anyone help? I can't find any answers anywhere.

  • by iTim2009,

    iTim2009 iTim2009 Mar 16, 2016 8:35 PM in response to iTim2009
    Level 1 (13 points)
    Servers Enterprise
    Mar 16, 2016 8:35 PM in response to iTim2009

    Adding some logs:

     

    From the LDAP log when attempting to add a user TESTTEST from another Mac on the same network:

    Mar 16 22:30:14 server.itim.co slapd[4568]: odusers_response: processing response to add of uid=TESTUSER,cn=users,dc=server,dc=itim,dc=co
    Mar 16 22:30:14 server.itim.co slapd[4568]: odusers_response: entryUUID fc423ab9-9954-4204-b2a4-2a1d7f80d219
    Mar 16 22:30:14 server.itim.co slapd[4568]: odusers_response: Found uuid: 8fa80c20-ebf0-11e5-b23a-ac87a3168dcf
    

     

    Also from the LDAP log, this repeats itself… a lot:

    Mar 16 22:27:57 server.itim.co slapd[4568]: conn=2434 op=0 do_extended: unsupported operation "1.3.6.1.4.1.1466.20037"
    Mar 16 22:28:19 server.itim.co slapd[4568]: conn=2519 op=0 do_extended: unsupported operation "1.3.6.1.4.1.1466.20037"
    Mar 16 22:28:20 server.itim.co slapd[4568]: conn=2521 op=0 do_extended: unsupported operation "1.3.6.1.4.1.1466.20037"
    Mar 16 22:28:32 server.itim.co slapd[4568]: conn=2532 op=0 do_extended: unsupported operation "1.3.6.1.4.1.1466.20037"
    Mar 16 22:28:53 server.itim.co slapd[4568]: conn=2535 op=0 do_extended: unsupported operation "1.3.6.1.4.1.1466.20037"
    Mar 16 22:28:53 server.itim.co slapd[4568]: conn=2540 op=0 do_extended: unsupported operation "1.3.6.1.4.1.1466.20037"
    Mar 16 22:28:54 server.itim.co slapd[4568]: conn=2545 op=0 do_extended: unsupported operation "1.3.6.1.4.1.1466.20037"
    Mar 16 22:28:54 server.itim.co slapd[4568]: conn=2550 op=0 do_extended: unsupported operation "1.3.6.1.4.1.1466.20037"
    Mar 16 22:29:08 server.itim.co slapd[4568]: conn=2555 op=0 do_extended: unsupported operation "1.3.6.1.4.1.1466.20037"
    Mar 16 22:29:40 server.itim.co slapd[4568]: conn=2593 op=0 do_extended: unsupported operation "1.3.6.1.4.1.1466.20037"
    
  • by iTim2009,

    iTim2009 iTim2009 Mar 17, 2016 6:22 PM in response to iTim2009
    Level 1 (13 points)
    Servers Enterprise
    Mar 17, 2016 6:22 PM in response to iTim2009

    Final addition of information.

     

    FULL LDAP logs when creating open directory. Obviously it's having certificate/TLS issues but I do not know how to fix it nor can I find any answers anywhere.

     

    Mar 17 19:50:20 server.itim.co slapd[64424]: @(#) $OpenLDAP: slapd 2.4.28 (Feb 24 2015 21:45:59) $
      root@osx202.apple.com:/BinaryCache/OpenLDAP/OpenLDAP-499.32.4~1/Objects/servers/slapd
    Mar 17 19:50:20 server.itim.co slapd[64424]: daemon: SLAP_SOCK_INIT: dtblsize=8192
    Mar 17 19:50:20 server.itim.co slapd[64424]: main: Enabling TLS failed; continuing with TLS disabled.
    Mar 17 19:50:22 server.itim.co slapd[64424]: bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
    Mar 17 19:50:23 server.itim.co slapd[64424]: slapd starting
    Mar 17 19:50:23 server.itim.co slapd[64424]: daemon: posting com.apple.slapd.startup notification
    Mar 17 19:50:36 server.itim.co slapd[64424]: daemon: shutdown requested and initiated.
    Mar 17 19:50:36 server.itim.co slapd[64424]: slapd shutdown: waiting for 5 operations/tasks to finish
    Mar 17 19:50:38 server.itim.co slapd[64424]: daemon: posting daemon shutdown notification.
    Mar 17 19:50:43 server.itim.co slapd[64424]: slapd stopped.
    Mar 17 19:50:44 server.itim.co slapd[64436]: @(#) $OpenLDAP: slapd 2.4.28 (Feb 24 2015 21:45:59) $
      root@osx202.apple.com:/BinaryCache/OpenLDAP/OpenLDAP-499.32.4~1/Objects/servers/slapd
    Mar 17 19:50:44 server.itim.co slapd[64436]: daemon: SLAP_SOCK_INIT: dtblsize=8192
    Mar 17 19:50:44 server.itim.co slapd[64436]: main: Enabling TLS failed; continuing with TLS disabled.
    Mar 17 19:50:44 server.itim.co slapd[64436]: bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
    Mar 17 19:50:44 server.itim.co slapd[64436]: slapd starting
    Mar 17 19:50:44 server.itim.co slapd[64436]: daemon: posting com.apple.slapd.startup notification
    Mar 17 19:50:51 server.itim.co slapd[64436]: daemon: shutdown requested and initiated.
    Mar 17 19:50:51 server.itim.co slapd[64436]: slapd shutdown: waiting for 0 operations/tasks to finish
    Mar 17 19:50:51 server.itim.co slapd[64436]: daemon: posting daemon shutdown notification.
    Mar 17 19:50:54 server.itim.co slapd[64436]: slapd stopped.
    Mar 17 19:50:55 server.itim.co slapd[64450]: @(#) $OpenLDAP: slapd 2.4.28 (Feb 24 2015 21:45:59) $
      root@osx202.apple.com:/BinaryCache/OpenLDAP/OpenLDAP-499.32.4~1/Objects/servers/slapd
    Mar 17 19:50:55 server.itim.co slapd[64450]: daemon: SLAP_SOCK_INIT: dtblsize=8192
    Mar 17 19:50:55 server.itim.co slapd[64450]: main: Enabling TLS failed; continuing with TLS disabled.
    Mar 17 19:50:55 server.itim.co slapd[64450]: bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
    Mar 17 19:50:55 server.itim.co slapd[64450]: slapd starting
    Mar 17 19:50:55 server.itim.co slapd[64450]: daemon: posting com.apple.slapd.startup notification
    Mar 17 19:50:55 server.itim.co slapd[64450]: odusers_copy_primarymasterip: Could not locate apple-password-server-location attribute
    Mar 17 19:50:55 server.itim.co slapd[64450]: odusers_add_aa: could not locate Primary Master's IP address; trying System Configuration
    Mar 17 19:50:56 server.itim.co slapd[64450]: odusers_response: processing response to add of cn=server.itim.co$,cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:50:56 server.itim.co slapd[64450]: odusers_response: entryUUID 5859b15c-f4f7-46e0-b22c-6ed7a0e479b7
    Mar 17 19:50:56 server.itim.co slapd[64450]: odusers_response: Found uuid: 78bd502a-eca3-11e5-b3c0-ac87a3168dcf
    Mar 17 19:50:57 server.itim.co slapd[64450]: passwd_extop: (null) changed password for cn=server.itim.co$,cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:50:57 server.itim.co slapd[64450]: int odusers_get_authguid(Entry *, char *): could not locate authAuthority attribute for: cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:50:57 server.itim.co slapd[64450]: odusers_search_bridge_authdata: No entry associated with cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:50:58 server.itim.co slapd[64450]: int odusers_get_authguid(Entry *, char *): could not locate authAuthority attribute for: cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:50:58 server.itim.co slapd[64450]: odusers_search_bridge_authdata: No entry associated with cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:50:58 server.itim.co slapd[64450]: int odusers_get_authguid(Entry *, char *): could not locate authAuthority attribute for: cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:50:58 server.itim.co slapd[64450]: odusers_search_bridge_authdata: No entry associated with cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:50:58 server.itim.co slapd[64450]: int odusers_get_authguid(Entry *, char *): could not locate authAuthority attribute for: cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:50:58 server.itim.co slapd[64450]: odusers_search_bridge_authdata: No entry associated with cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:50:58 server.itim.co slapd[64450]: int odusers_get_authguid(Entry *, char *): could not locate authAuthority attribute for: cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:50:58 server.itim.co slapd[64450]: odusers_search_bridge_authdata: No entry associated with cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:50:59 server.itim.co slapd[64450]: int odusers_get_authguid(Entry *, char *): could not locate authAuthority attribute for: cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:50:59 server.itim.co slapd[64450]: odusers_search_bridge_authdata: No entry associated with cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:50:59 server.itim.co slapd[64450]: int odusers_get_authguid(Entry *, char *): could not locate authAuthority attribute for: cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:50:59 server.itim.co slapd[64450]: odusers_search_bridge_authdata: No entry associated with cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:50:59 server.itim.co slapd[64450]: int odusers_get_authguid(Entry *, char *): could not locate authAuthority attribute for: cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:50:59 server.itim.co slapd[64450]: odusers_search_bridge_authdata: No entry associated with cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:50:59 server.itim.co slapd[64450]: int odusers_get_authguid(Entry *, char *): could not locate authAuthority attribute for: cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:50:59 server.itim.co slapd[64450]: odusers_search_bridge_authdata: No entry associated with cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:51:00 server.itim.co slapd[64450]: int odusers_get_authguid(Entry *, char *): could not locate authAuthority attribute for: cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:51:00 server.itim.co slapd[64450]: odusers_search_bridge_authdata: No entry associated with cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:51:01 server.itim.co slapd[64450]: int odusers_get_authguid(Entry *, char *): could not locate authAuthority attribute for: cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:51:01 server.itim.co slapd[64450]: odusers_search_bridge_authdata: No entry associated with cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:51:01 server.itim.co slapd[64450]: int odusers_get_authguid(Entry *, char *): could not locate authAuthority attribute for: cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:51:01 server.itim.co slapd[64450]: odusers_search_bridge_authdata: No entry associated with cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:51:02 server.itim.co slapd[64450]: int odusers_get_authguid(Entry *, char *): could not locate authAuthority attribute for: cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:51:02 server.itim.co slapd[64450]: odusers_search_bridge_authdata: No entry associated with cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:51:02 server.itim.co slapd[64450]: int odusers_get_authguid(Entry *, char *): could not locate authAuthority attribute for: cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:51:02 server.itim.co slapd[64450]: odusers_search_bridge_authdata: No entry associated with cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:51:02 server.itim.co slapd[64450]: int odusers_get_authguid(Entry *, char *): could not locate authAuthority attribute for: cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:51:02 server.itim.co slapd[64450]: odusers_search_bridge_authdata: No entry associated with cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:51:03 server.itim.co slapd[64450]: int odusers_get_authguid(Entry *, char *): could not locate authAuthority attribute for: cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:51:03 server.itim.co slapd[64450]: odusers_search_bridge_authdata: No entry associated with cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:51:03 server.itim.co slapd[64450]: int odusers_get_authguid(Entry *, char *): could not locate authAuthority attribute for: cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:51:03 server.itim.co slapd[64450]: odusers_search_bridge_authdata: No entry associated with cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:51:03 server.itim.co slapd[64450]: int odusers_get_authguid(Entry *, char *): could not locate authAuthority attribute for: cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:51:03 server.itim.co slapd[64450]: odusers_search_bridge_authdata: No entry associated with cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:51:03 server.itim.co slapd[64450]: int odusers_get_authguid(Entry *, char *): could not locate authAuthority attribute for: cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:51:03 server.itim.co slapd[64450]: odusers_search_bridge_authdata: No entry associated with cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:51:04 server.itim.co slapd[64450]: int odusers_get_authguid(Entry *, char *): could not locate authAuthority attribute for: cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:51:04 server.itim.co slapd[64450]: odusers_search_bridge_authdata: No entry associated with cn=computers,dc=server,dc=itim,dc=co
    Mar 17 19:51:04 server.itim.co slapd[64450]: conn=1207 op=0 do_extended: unsupported operation "1.3.6.1.4.1.1466.20037"
    Mar 17 19:51:05 server.itim.co slapd[64450]: <= bdb_equality_candidates: (apple-transactionID) not indexed
    Mar 17 19:51:06: --- last message repeated 1 time ---
    Mar 17 19:51:06 server.itim.co slapd[64450]: TLS: OPENDIRECTORY_SSL_IDENTITY identity preference overrode configured olcTLSIdentity "APPLE:server.itim.co"
    Mar 17 19:51:06 server.itim.co slapd[64450]: daemon: shutdown requested and initiated.
    Mar 17 19:51:06 server.itim.co slapd[64450]: slapd shutdown: waiting for 0 operations/tasks to finish
    Mar 17 19:51:06 server.itim.co slapd[64450]: daemon: posting daemon shutdown notification.
    Mar 17 19:51:10 server.itim.co slapd[64450]: slapd stopped.
    Mar 17 19:51:11 server.itim.co slapd[64476]: @(#) $OpenLDAP: slapd 2.4.28 (Feb 24 2015 21:45:59) $
      root@osx202.apple.com:/BinaryCache/OpenLDAP/OpenLDAP-499.32.4~1/Objects/servers/slapd
    Mar 17 19:51:11 server.itim.co slapd[64476]: daemon: SLAP_SOCK_INIT: dtblsize=8192
    Mar 17 19:51:11 server.itim.co slapd[64476]: TLS: OPENDIRECTORY_SSL_IDENTITY identity preference overrode configured olcTLSIdentity "APPLE:server.itim.co"
    Mar 17 19:51:11 server.itim.co slapd[64476]: slap_add_listener: opened additional listener 'ldaps:///'
    Mar 17 19:51:11 server.itim.co slapd[64476]: bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
    Mar 17 19:51:11 server.itim.co slapd[64476]: slapd starting
    Mar 17 19:51:11 server.itim.co slapd[64476]: daemon: posting com.apple.slapd.startup notification
    Mar 17 19:51:16 server.itim.co slapd[64476]: odusers_response: processing response to add of uid=diradmin,cn=users,dc=server,dc=itim,dc=co
    Mar 17 19:51:16 server.itim.co slapd[64476]: odusers_response: entryUUID fa1ce606-9d4c-459f-bf6d-9458ae6f5083
    Mar 17 19:51:16 server.itim.co slapd[64476]: odusers_response: Found uuid: 83c754e8-eca3-11e5-a3ff-ac87a3168dcf
    Mar 17 19:51:16 server.itim.co slapd[64476]: passwd_extop: (null) changed password for uid=diradmin,cn=users,dc=server,dc=itim,dc=co
    Mar 17 19:51:16 server.itim.co slapd[64476]: => bdb_idl_delete_key: c_del id failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
    Mar 17 19:51:16 server.itim.co slapd[64476]: conn=1013 op=8: attribute "entryCSN" index delete failure
    Mar 17 19:51:16 server.itim.co slapd[64476]: => bdb_idl_insert_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
    Mar 17 19:51:16 server.itim.co slapd[64476]: conn=1013 op=10: attribute "entryCSN" index add failure
    Mar 17 19:51:27 server.itim.co slapd[64476]: odusers_response: processing response to add of uid=vpn_d8c112efffd7,cn=users,dc=server,dc=itim,dc=co
    Mar 17 19:51:27 server.itim.co slapd[64476]: odusers_response: entryUUID 519ac924-00f7-4b06-9b2c-0a374513a215
    Mar 17 19:51:27 server.itim.co slapd[64476]: odusers_response: Found uuid: 8b83f38a-eca3-11e5-a3ff-ac87a3168dcf
    Mar 17 19:51:28 server.itim.co slapd[64476]: passwd_extop: uid=diradmin,cn=users,dc=server,dc=itim,dc=co changed password for uid=vpn_d8c112efffd7,cn=users,dc=server,dc=itim,dc=co
    
  • by cdhw,

    cdhw cdhw Mar 18, 2016 4:23 PM in response to iTim2009
    Level 4 (2,653 points)
    Servers Enterprise
    Mar 18, 2016 4:23 PM in response to iTim2009

    I don't think the code signing certificate, which is used by Profile Manager, is the correct one to use with OD. I think you want the self-signed one, which should have this usage:

     

         Usage: Digital Signature, Key Encipherment, Data Encipherment, Key Cert Sign

         Purpose: Server Authentication

     

    If you don't want to use the self-signed one you need to get one from another CA.

     

    C.

  • by iTim2009,

    iTim2009 iTim2009 Mar 19, 2016 12:10 PM in response to cdhw
    Level 1 (13 points)
    Servers Enterprise
    Mar 19, 2016 12:10 PM in response to cdhw

    Thanks for the clarification, but regardless of the certificate (self-signed or a trusted CA) I use it still throws the error Operation is not supported by the directory node whenever I manage users.

  • by cdhw,

    cdhw cdhw Mar 19, 2016 3:37 PM in response to iTim2009
    Level 4 (2,653 points)
    Servers Enterprise
    Mar 19, 2016 3:37 PM in response to iTim2009

    You need to have both forward and reverse DNS working before you set up the LDAP. From where I live: server.itim.co looks up to 68.53.165.192 but 68.53.165.192 reverse looks up to c-68-53-165-192.hsd1.tn.comcast.net, which is going to be an issue. Try the command:

     

         changeip -checkhostname

     

    C.

  • by iTim2009,

    iTim2009 iTim2009 Mar 19, 2016 3:57 PM in response to cdhw
    Level 1 (13 points)
    Servers Enterprise
    Mar 19, 2016 3:57 PM in response to cdhw

    Hmm… Reverse DNS is setup on the server. Does it need to be established with the registrar?

     

    Running sudo change -checkhostname on the server gives me:

    dirserv:success = "success"
    

     

    On the server, my reverse DNS is:

     

    100.1.168.192.in-addr.arpa

    PTR: 192.168.1.100 points to server.itim.co

    NS: server.itim.co

  • by cdhw,

    cdhw cdhw Mar 19, 2016 5:08 PM in response to iTim2009
    Level 4 (2,653 points)
    Servers Enterprise
    Mar 19, 2016 5:08 PM in response to iTim2009

    I've re-read your original query, and noticed that the issue only arises with a remote connection so it seems less likely to be DNS related. (DNS issues are still, IME, responsible for many bad things that can happen to Open Directory)

     

    I think that whatever account you normally use to login at the console will probably have the diradmin password in its login keychain but when you you use Server.app to make a remote connection that is apparently not available.

     

    Check that whatever account (i.e. username) you are using to make the remote connection is a member of the 'Open Directory Administrator'. So, select:

     

         Server.app > View > Show System Accounts

     

    and then have a look at the 'Accounts Groups' pane. By default it contains '_ldap_replicator' (I've got replica directories) and 'Directory Administrator'.

     

    If this all seems to be how it is, either try making the remote connection as  'Directory Administrator' or add your normal admin account to the  'Open Directory Administrators' group.

     

    Be really careful when messing with Open Directory. It's easy to break and I find it difficult to fix. Make sure you are properly backed up. You can always use screen sharing to login as the local admin and add your users.

     

    C.

  • by iTim2009,

    iTim2009 iTim2009 Mar 19, 2016 5:16 PM in response to cdhw
    Level 1 (13 points)
    Servers Enterprise
    Mar 19, 2016 5:16 PM in response to cdhw

    Thanks for your help, cdhw. Unfortunately, I looked over your suggestions and everything is in order. I even logged in to the Server.app as diradmin and it still gave me the error when adding a user.

     

    I should note (since I'm certain it's related) that profile manager does not work either. Whether I open it on the server or from a computer on the LAN, I get "Profile Manager Not Available. Please wait a moment and try again." in Safari.

     

     

    Since I am just at the setup phase (minus my websites) I can and have destroyed the OD database and started anew, but this problem persists.

  • by iTim2009,

    iTim2009 iTim2009 Mar 19, 2016 7:40 PM in response to iTim2009
    Level 1 (13 points)
    Servers Enterprise
    Mar 19, 2016 7:40 PM in response to iTim2009

    Stunning new development!

     

    This appears to be an issue that goes beyond Open Directory. With Profile Manager and Open Directory destroyed, the server restarted, I decided to add a local user using the Server.app from my laptop. The server still kicked back, "Operation is not supported by the directory node."

     

    I'm at a loss for words at this point.

  • by iTim2009,Solvedanswer

    iTim2009 iTim2009 Mar 27, 2016 4:33 PM in response to iTim2009
    Level 1 (13 points)
    Servers Enterprise
    Mar 27, 2016 4:33 PM in response to iTim2009

    Solution:

     

    I destroyed OD, removed 127.0.0.1 from System Preferences > Network > Ethernet > DNS and added the Ethernet address as DNS. Suddenly everything works. Everywhere I've read that the DNS settings must point to 127.0.0.1 on the DNS server but clearly that's incorrect.