Home Forums OS X Server and Client Discussion Open Directory 10.7.3 – Cannot create Replica because of “advanced user entries”

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • February 15, 2012 at 5:53 pm #381636
    christianhuening
    Participant

    Hi there,

    Hope somebody can help me! Thanks for reading in advance!

    I’ve got 2 Servers, both running Lion Server 10.7.3, called Holmes and Watson.

    Holmes is the OD Master
    Watson is supposed to be the OD Replica

    after reinstalling Watson from scratch for some reason, i wanted to (re)create the replica on it. But Server Admin (also 10.7.3) fails with the hint, that it couldn’t create the replica because the OD Maste would contain “advanced user entries”.

    I researched this and found out, that “advanced user entries” are entries being imported from an Active Directory. This is weird, because it’s an Apple only environment without any Active Directory plus I didn’t change a thing inside of the OD Master.

    I also noticed that I cannot bind Watson to Holmes as a casual client. DirectoryServices tells me that the diradmin’s pw would be wrong. Which is funny as well, since it’s working on every other client machine.

    I keep getting message like these in Kerberos Log on the OD Master:

    2012-02-15 18:42:57.084 CET – Module: SystemCache – Misconfiguration detected in hash ‘Kerberos’:
    User ‘tafel201’ (/LDAPv3/127.0.0.1) – ID 1077 – UUID 0306CDAE-1A44-4C14-8B50-9D1B1C4D8251 – SID S-1-5-21-2106547481-2177216727-528375158-3154
    User ‘ch’ (/LDAPv3/127.0.0.1) – ID 1027 – UUID 2F1783EA-77DC-4E43-A007-C1EFDD3833E7 – SID S-1-5-21-2106547481-2177216727-528375158-3054

    but since these appear since the very first day, and everything was working just fine, I didn’t spend to much attention to them.
    Could it be a Kerberos Problem?

    kind regards,
    Christian

    February 15, 2012 at 6:42 pm #381638
    christianhuening
    Participant

    Addition:
    Here’s what the command line replication command puts out:
    [code]
    watson:~ admin$ sudo slapconfig -createreplica –certAdminEmail [email protected] 172.30.0.1 diradmin
    diradmin’s Password:
    2012-02-15 18:39:58 +0000 command: /usr/sbin/sso_util info -r /LDAPv3/ldap://172.30.0.1 -p
    2012-02-15 18:40:06 +0000 command: /usr/sbin/sso_util info -r /LDAPv3/172.30.0.1 -p
    2012-02-15 18:40:06 +0000 1 Creating computer record for replica
    2012-02-15 18:40:07 +0000 _createComputerRecord: Unable to change computer password: 5000 Credentials could not be verified, username or password is invalid.
    2012-02-15 18:40:07 +0000 _createComputerRecord: Warning: error = 5000 while creating/ editing the computer record.
    2012-02-15 18:40:07 +0000 Unable to create our computer record
    2012-02-15 18:40:07 +0000 Unable to create our computer record (error = 78)
    2012-02-15 18:40:07 +0000 Error retrieving kerberos realm
    2012-02-15 18:40:07 +0000 CopyReplicaArray: ldap_search_ext_s failed
    2012-02-15 18:40:07 +0000 Error retrieving replica array
    2012-02-15 18:40:07 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.opendirectorybackup.plist
    2012-02-15 18:40:07 +0000 Deleting Cert Authority related data
    2012-02-15 18:40:07 +0000 No intCAIdentity, not removing int CA from keychain
    2012-02-15 18:40:07 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd.plist
    2012-02-15 18:40:07 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd-helper.plist
    2012-02-15 18:40:07 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertadmin.plist
    2012-02-15 18:40:07 +0000 _destroyLDAPServer: Failed to find computer record named watson.dgg.intern$: 0 (null)
    2012-02-15 18:40:07 +0000 Updating ldapreplicas on primary master
    CopyPrimaryMaster: CopyLdapReplicas failed
    2012-02-15 18:40:07 +0000 Unable to locate primary master
    2012-02-15 18:40:07 +0000 Primary master node is nil!
    2012-02-15 18:40:07 +0000 Unable to locate ldapreplicas record: 0 (null)
    2012-02-15 18:40:07 +0000 Error setting read ldap replicas array: 0 (null)
    2012-02-15 18:40:07 +0000 Error setting write ldap replicas array: 0 (null)
    2012-02-15 18:40:07 +0000 Could not retrieve xmlplist from ldapreplicas: 0 (null)
    2012-02-15 18:40:07 +0000 Error synchronizing ldapreplicas: 0 (null)
    2012-02-15 18:40:07 +0000 Removing self from the database
    2012-02-15 18:40:08 +0000 Stopping LDAP server (slapd)
    2012-02-15 18:40:08 +0000 cleanKeytab: unable to retrieve default realm
    2012-02-15 18:40:08 +0000 Removed file at path /Library/Preferences/com.apple.openldap.plist.
    [/code]

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2024 AFP548. All Rights Reserved.