- This topic has 8 replies, 2 voices, and was last updated 19 years, 1 month ago by
.
-
Given that i didnt find a post about it here nor on apple discussions i guess that or nobody has this problem or i suck at using the search functions in both sites
So, here I go, almost a month ago i posted asking for advice about xserve and etc, and now here I am with my dual g5 xserve, after reading tons of docs I did plan everything and I’m starting to configure all of it, starting with the OD server
I use a mac mini to manage my server with server admin and workgroup manager, but when i open workgroup manager i get the following message:
“you are working in a directory node that is not visible to the network..” once i click ok i see that i’m Authenticated as admin to a local directory /Netinfo/DefaultLocalNode at my server.. instead of the LDAP server.
going to the server admin and checking the open directory tab i see that slapd is stopped. here is the pertinent log:
Mar 6 09:11:41 localhost slapd[58]: @(#) $OpenLDAP: slapd 2.2.19 $\n Mar 6 09:11:41 localhost slapd[58]: bdb_back_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003)\n Mar 6 09:11:41 localhost slapd[58]: bdb_db_init: Initializing BDB database\n Mar 6 09:11:41 localhost slapd[58]: slapd starting\n Mar 6 09:48:49 xserve slapd[58]: slapd shutdown: waiting for 0 threads to terminate\n Mar 6 09:48:49 xserve slapd[58]: bdb(dc=xserve,dc=local): Locker still has locks\n Mar 6 09:48:49 xserve slapd[58]: bdb_locker_id_free: 9 err Invalid argument(22)\n Mar 6 09:48:50 xserve slapd[58]: slapd stopped.\n
my ldap.conf
# # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE dc=example, dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never TLS_REQCERT never
my slapd.conf
# # See slapd.conf(5) for details on configuration options. # # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/samba.schema include /etc/openldap/schema/fmserver.schema include /etc/openldap/schema/apple.schema # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /var/run/slapd.pid argsfile /var/run/slapd.args replica-pidfile /var/run/slurpd.pid replica-argsfile /var/run/slurpd.args replicationinterval 3 loglevel 32768 sizelimit 11000 gentlehup off schemacheck on # Sample security restrictions # # Disallow clear text exchange of passwords # disallow bind_simple_unprotected # # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64 # Sample access control policy: # Allow read access of root DSE # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: #access to dn.base="" by * read #access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy is: # Allow read by all # # rootdn can always write! # Some settings are maintained in slapd_macosxserver.conf, # which is updated by Server Admin. Put your own changes in # this file. include /etc/openldap/slapd_macosxserver.conf
my slapd_macosxserver.com
# # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # This file is maintained by Server Admin. # # Access Controls access specified-in-directory apple-acl "cn=default,cn=accesscontrols,dc=xserve,dc=local" allow update_anon ####################################################################### # bdb database definitions ####################################################################### database bdb suffix "dc=xserve,dc=local" rootdn "uid=root,cn=users,dc=xserve,dc=local" rootpw {SMD5}HvpdJs26RPc7oVShrEHYyQbU9zc= sasl-regexp uid=host/(.*),cn=.*,cn=gssapi,cn=auth "uid=$1,cn=computers,dc=xserve,dc=local" sasl-regexp uid=(.*),cn=.*,cn=.*,cn=auth "uid=$1,cn=users,dc=xserve,dc=local" sasl-regexp uid=(.*),cn=.*,cn=auth "uid=$1,cn=users,dc=xserve,dc=local" schemaconfigdn "cn=schema,cn=config,dc=xserve,dc=local" # use crypt passwords to support older clients password-hash {CRYPT} password-crypt-salt-format "%.2s" # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd/tools. Mode 700 recommended. directory /Volumes/Dados/openldap/openldap-data # checkpoint the database every 10MB of logging and every 1 hour checkpoint 10240 60 # Indices to maintain index cn,sn,uid pres,eq,approx,sub index uidNumber,gidNumber eq index memberUid eq index apple-generateduid eq index ou eq index apple-group-realname eq index macAddress eq index apple-category eq index apple-networkview eq index apple-group-memberguid eq index apple-group-nestedgroup eq index objectClass eq timelimit 300and the dns conf..
named.conf
// // Include keys file // include "/etc/rndc.key"; // Declares control channels to be used by the rndc utility. // // It is recommended that 127.0.0.1 be the only address used. // This also allows non-privileged users on the local host to manage // your name server. // // Default controls // controls { inet 127.0.0.1 port 54 allow {any;} keys { "rndc-key"; }; }; options { directory "/var/named"; recursion true; allow-transfer {none;}; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ // query-source address * port 53; }; // // a caching only nameserver config // zone "." IN { type hint; file "named.ca"; }; zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; }; zone "mycompany.com." in { file "mycompany.com.zone"; type master; }; zone "50.16.172.in-addr.arpa" IN { file "db.172.16.50"; type master; }; logging { category default { _default_log; }; channel _default_log { file "/Library/Logs/named.log"; severity info; print-time yes; }; };my zone file
mycompany.com.zone
$TTL 86400 mycompany.com. IN SOA nameserver.mycompany.com. admin.mycompany.com. ( 2006030602 ; serial 3h ; refresh 1h ; retry 1w ; expiry 1h ) ; minimum mycompany.com. IN NS nameserver.mycompany.com. mycompany.com. IN A 172.16.50.111 nameserver IN A 172.16.50.111 www IN CNAME nameserver mail IN CNAME nameserver xserve IN CNAME nameserver ldap IN CNAME nameserver kerberos IN CNAME nameserver webmail IN CNAME nameserver cotrasa.com.br. IN MX 0 nameserver mini IN A 172.16.50.74
dunno if i forgot to mention something…. anybody can point me to the right direction ?
Fernando Battistella.
cotrasa.com.br = mycompany.com forgot to change the last one.. not that it matters since its in a closed lab
well.. i did start from the scratch again..
installed the system on my mirrored 500gb drives like i wanted,
in the instalation i choose standalone server.
then i updated the system and setup the dns server like in one the gazilion pdfs i’ve been reading from apple tells me how to do it (in the end the dns stays the same as before heh)when i use the workgroup manager i get the same message as before..
going to make it od master now.
wish me luck
- You must be logged in to reply to this topic.
Comments are closed