Home › Forums › OS X Server and Client Discussion › Open Directory › OD Master, renamed computer now has old name in Computers list
- This topic has 2 replies, 2 voices, and was last updated 17 years ago by
nqabile.
-
AuthorPosts
-
March 7, 2008 at 10:04 pm #371814eholtamParticipant
I have an intel xserve running 10.5.2 Server that I setup as an OD master. The original plan was to replace the current OD master and have the new server take over its name and IP but due to environment issues we decided to put the server in alongside the other OD master. When I was setting up the server I used a temporary machine name and IP so I could configure it as needed. Once I got the machine ready to go, I used changeip to change the hostname and IP. I changed the name and IP and everything is good.
However, now when I bind a clinet to the server with Directory Access the Configuration Name of the OD binding is the old hostname. The Server Name field (DNS name) is correct.
When I look in the Computers list in WGM on the server in the /LDAPv3/127.0.0.1 directory I see a computer object with the old host name (prepwkgrp1a.our.domain$ should be pwgmnb2dsm.our.domain$). If I look in Inspector details I see multiple entries in RecordName. The first two entries are the previous name for this server, the last in the list is the correct, new name. When I try and remove those extra RecordName entries in WGM I get errors about eDSSchemaError (-14142) on the InspectorPluginView.m.I tried using changeip /LDAPv3/127.0.0.1 old-ip new-ip old-host new-host but that didn’t change anything.
Anyone ever sucessfully remove old hostname entries from the Computer list?
I don’t have a test box to try it but could I just remove the whole computer object for the OD master? I’m afraid that would have ill effects, though.
-Eric
March 8, 2008 at 6:33 am #371819eholtamParticipantWell I seemed to have solved my problem by destroying and recreating from backup the OD master while the computer is named correctly.
Everything seems to be named correctly now.
The commands I used were:[code]
sudo slapconfig –destroyldapserver
sudo slapconfig -createldapmasterandadmin diradmin “Directory Admin” 1000 “dc=YOUR,dc=DOMAIN,dc=com”
enter the password for diradmin
sudo slapconfig -mergedb -f /Users/admin/Desktop/LDAP-BACKUP-ARCHIVE.sparseimage
[/code]I also wanted to disable Kerberos on the OD master as we don’t use it for authentication (strictly AD for that)
[code]
In Terminal issue the command
sso_util remove -k -a diradmin -p-r HOSTNAME.AD.MDP.COM Launch Workgroup Manager
Enable the preferences “Show “All Records” tab and inspector”
Click the target icon that appears next to user/group/computers
Select “Config” from the popup menu
Highlight “Kerberos:SERVERNAME
Delete
Highlight KerberosKDC
Delete
[/code]March 30, 2008 at 9:24 am #372042nqabileParticipantEric, thanks for this information. I’ve ended up needing to go through pretty much the same process yesterday and this was a great help.
A flaw I discovered was that Kerberos would not accept the login credentials of the diradmin account after the mergedb had been done. (OpenDirectory would, but not Kerberos.) What was happening is that the old db also had a “diradmin” account which was overwriting the new account information.
My solution was to create the new diradmin account under a different name. I used “diradmin1” and picked a uid of 3000 (which I knew was unused — obviously people with more than 2000 user accounts need to hike the number further.)
In other words (changes underlined):
sudo slapconfig -createldapmasterandadmin [u]diradmin1[/u] “Directory Admin” [u]3000[/u] “dc=YOUR,dc=DOMAIN,dc=com”Once the mergedb has completed, delete the old “diradmin” account.
I hope this helps someone out there.
cost me too many hours of sleep two nights back. -Kanthan.
-
AuthorPosts
- You must be logged in to reply to this topic.
Comments are closed