AFP548 - Changing the world one server at a time.

Forum Menu

Forum Index

Site Members

Sections

Home

AFP548 Site News (107/2)

Articles (282/26)

Apple (50/2)

Extended KB (3/1)

Ask AFP548 (16/42)

Reviews (5/1)

Security (16/2)

Tips (130/8)

Third Party Applications (53/6)

Odds and Ends (28/1)

Podcasts (2/0)

User Functions

Don't have an account yet? Sign up as a New User
Lost your password?

Poll

Do you want push services for the iPhone on Mac OS X Server? 80 votes | 0 comments

Welcome to AFP548
Thursday, July 29 2010 @ 09:39 am MDT

Advertising

	Forum Index > Questions and Answers > Open Directory
Promoto to OD Master - errors in slapconfig.log and slapd.log

Printable Version

TvE

Monday, March 13 2006 @ 04:09 pm MST (Read 4099 times)

End User

Status: offline

Registered: 10/26/05
Posts: 30

After a lot of promoting to OD Master and demoting to Standalone I have finally a OD Master that seems like it's working.
At least I can bind my clients to it and then (after reboot of the client) work with networked home-dirs Smile .

BUT I have a couple of entries in my logs that I have not seen in the testserver (I had no problems with setting up a testserver as an OD Master on a test-LAN�)

1. /Library/Logs/slapconfig.log:

Creating the keytab file
kadmin: No entry for principal xgrid/server.my-domain-name.net@SERVER.MY-DOMAIN-NAME.NET
exists in keytab
WRFILE:/etc/krb5.keytab
�
kadmin: No entry for principal afpserver/server.my-domain-name.net@SERVER.MY-DOMAIN-NAME.NET 
exists in keytab
WRFILE:/etc/krb5.keytab
�
Creating the keytab file
kadmin: No entry for principal ldap/server.my-domain-name.net@SERVER.MY-DOMAIN-NAME.NET exists
in keytab WRFILE:/etc/krb5.keytab
2006-03-13 22:59:23 +0100 - kerberosautoconfig command output:
The machine is standalone
Removing /Library/Preferences/edu.mit.Kerberos
2006-03-13 22:59:23 +0100 - kerberosautoconfig command failed with status 255


2006-03-13 22:59:23 +0100 - command: /usr/sbin/mkpassdb -kerberize
2006-03-13 22:59:23 +0100 - mkpassdb command output:
kadmin.local: unable to get default realm
kadmin.local: unable to get default realm
kadmin.local: unable to get default realm


2. /var/log/slapd.log:

Mar 13 23:01:00 server slapd[389]: Entry
(uid=untitled_1,cn=users,dc=server,dc=my-domain-name,dc=net):
object class 'posixAccount' requires attribute 'homeDirectory'\n
Mar 13 23:01:00 server slapd[389]: entry failed schema check: object class 'posixAccount'
requires attribute 'homeDirectory'\n
Mar 13 23:01:33 server slapd[389]: Entry
(uid=t2,cn=users,dc=server,dc=my-domain-name,dc=net): object
class 'posixAccount' requires attribute 'homeDirectory'\n
Mar 13 23:01:33 server slapd[389]: entry failed schema check: object class 'posixAccount'
requires attribute 'homeDirectory'\n

PS.:
- Just to be on the safe side I have batch-replaced the domain name with "my-domain-name" & "MY-DOMAIN-NAME"
- Some linebreaks have been added to the logs above to make the whole post more readable!

Before I made the (almost?) successfull promotion to OD Master I did:

- Make sure reverse DNS is working
- Made the server's Network Preferences DNS server point to 127.0.0.1
- Set the hostname via "sudo scutil --set HostName"
- /etc/hostconfig contains "HOSTNAME=-AUTOMATIC-"

- The server is running DNS, AFP, Web, MySQL & Mail

#########################
- How serious are the errors I can see in the logs?
- How an I fix them?

TIA From a Kerberos newbie (that had a lot of help from the O'reilly book "Mac OS X Panther Administration")

MacTroll

Tuesday, March 14 2006 @ 03:58 pm MST

Admin

Status: offline

Registered: 01/04/01
Posts: 2871

what's your forward and reverse DNS look like?

Changing the world, one server at a time. Joel Rennich

TvE

Wednesday, March 15 2006 @ 08:54 am MST

End User

Status: offline

Registered: 10/26/05
Posts: 30

It has "reverse-resolved" OK during all my attempt's

Part of my troubleshooting process was to erase the DNS zone and then recreate again from scratch.
The DNS zone was created with 10.4.0, so just in case.

server:~ admin$ host 10.0.1.250
250.1.0.10.in-addr.arpa domain name pointer server.my-domain-name.net.
server:~ admin$ host server.my-domain-name.net
server.my-domain-name.net has address 10.0.1.250

chiefgeek

Wednesday, March 15 2006 @ 08:57 pm MST

Help Desk

Status: offline

Registered: 01/04/01
Posts: 39

I got very similar errors when setting up my server.

Creating the keytab file
Configuring services
WriteSetupFile: setup file path = /temp.IeK4/setup
Cleaning up
2006-02-12 20:14:58 -0800 - command: /usr/sbin/sso_util configure -r ourserver.domain.com -f /LDAPv3/127.0.0.1 -a diradmin -p **** -v 1 ldap
2006-02-12 20:14:59 -0800 - sso_util command output:
Contacting the directory server
Creating the service list
Creating the service principals
WARNING: no policy specified for ldap/ourserver.domain.com@ ourserver.domain.com; defaulting to no policy
Creating the keytab file
Configuring services
WriteSetupFile: setup file path = /temp.HX6L/setup
Cleaning up
2006-02-12 20:14:59 -0800 - command: /sbin/kerberosautoconfig -u -v 1
2006-02-12 20:14:59 -0800 - kerberosautoconfig command output:
The machine is standalone
Removing /Library/Preferences/edu.mit.Kerberos
2006-02-12 20:14:59 -0800 - kerberosautoconfig command failed with status 255
2006-02-12 20:14:59 -0800 - command: /usr/sbin/mkpassdb -kerberize
2006-02-12 20:14:59 -0800 - mkpassdb command output:
kadmin.local: unable to get default realm
kadmin.local: unable to get default realm
kadmin.local: unable to get default realm

However, I decided to go ahead and give it a shot by configuring a client to bind to it and it worked. Very strange!

Matthew Kosterman � Chief Executive Geek � DeltaQuest Imaging, Inc.

Content generated in: 0.23 seconds

All times are MDT. The time is now 09:39 am.

	Normal Topic
	Locked Topic
	Sticky Topic

	New Post
	Sticky Topic W/ New Post
	Locked Topic W/ New Post

View Anonymous Posts

Anonymous users can post

Full HTML Allowed

Censored Content