Apple Password Server listening on secondary network interfa

[Anonymous]

We have been running an Open Directory master on 10.3.x for the past 6 months without incident.

This system has two network interfaces: one built-in and one PCI. The built-in interface is the primary interface and the PCI interfaces is the secondary interface.

Last week, we were decomming the primary network interface and moving it to a new network. Strategy was to bring-up our system on the backup interface.

Upon unplugging the backup interface, we quickly noticed that all authentication halted. Web Services, and Mail Services remained up, but for some reason no one could log in to Mail.

After inspection, noticed that the Password Server was actually listening on the Backup interface and not the primary interface. Furthermore, noticed that within the directory, the location of the Password Server was specified as the backup interface.

I’m wondering if the “changeip” tool could be used to move the Password Server location to the primary interface (where it should have been in the first place).

Also, if anyone has any other suggestions, I’d be most happy.

Was considering editing the directory to replace all entries of the Password Server pointing to the backup interface with the primary interface. However, I’m not sure this will work because I don’t know if the Password Server is actually listening on the primary interface. Does anyone know a way to verify that the Password Server is listening on both interfaces?

Thanks,
Obey Panther

[Anonymous]

So I was able to make the necessary changes to LDAP today that remedied this whacky problem.

I edited the “passwordserver” and “ldap-replica” objects using the Inspector tab under workgroup manager. Those objects apparently tell services where to look for the password server. Then I rebooted the server (probably could have just started and stopped all of the directory services to fix it…but hey…clean reboot).

I verified that everything was communicating over the primary interface in two ways:

1) I unplugged the backup network and started our mail services. Whalla…authentication continued to work and mail delivery continued.
2) I checked netstat and saw that, to my chagrin, the backup network interfaces were no longer listening and/or established.

Much better.

But lord, what a hassle.

Who the hell knows, maybe changeip would have solved this. I have to admit though, I was reluctant to run this since the backup interface was in LDAP, but not configured anywhere else on the server.

I’m still trying to figure out why this occurred in the first place. I am guessing that the PCI (backup) interface was on the top of the list in the network preferences (hence preferred interface) during server build. That’s the only thing that I can think of that might cause the server to configure in such a whacky manner.

Any ideas as to why this could have occurred would be great. I wouldn’t want anyone else to encounter this.

-Obey (nPlusOne Group)

[Anonymous]

Hmmm,

So changeip runs through LDAP and changes all of the IP entries?

I guess the question that I’d have is: Does changeip ONLY change entries in LDAP. If it does, then what I effectively did was manually do what changeip already does.

[Anonymous]

[quote:f90df04999=”Obey Panther”]So I was able to make the necessary changes to LDAP today that remedied this whacky problem.

I edited the “passwordserver” and “ldap-replica” objects using the Inspector tab under workgroup manager. Those objects apparently tell services where to look for the password server. Then I rebooted the server (probably could have just started and stopped all of the directory services to fix it…but hey…clean reboot).[/quote:f90df04999]

What exactly did you edit with the Inspector tab? I’m not seeing any entries like that for my users.

-Matt

[Anonymous]

[quote:a84a116abb=”matt riley”][quote:a84a116abb=”Obey Panther”]So I was able to make the necessary changes to LDAP today that remedied this whacky problem.

I edited the “passwordserver” and “ldap-replica” objects using the Inspector tab under workgroup manager. Those objects apparently tell services where to look for the password server. Then I rebooted the server (probably could have just started and stopped all of the directory services to fix it…but hey…clean reboot).[/quote:a84a116abb]

What exactly did you edit with the Inspector tab? I’m not seeing any entries like that for my users.

-Matt[/quote:a84a116abb]

Nevermind… I found it in the pop-up menu under Config. Thanks for the tip, though… I think it solved my problem. My forehead thanks you (now to find a towel to wipe the blood and sweat from the desk where my forehead has been banging the last day and a half…). 🙂

-Matt

[Author]

Posts