Can’t create OD Replica – Incorrect username or password

[garges]

Got an XServe G5 running OD Master.
Got another XServe Intel connected to the OD Master.
Both are 10.4.9

I want to promote the Intel to an OD Replica. But when I do that from Server Admin I get:
Error while writing settings (Unable to authenticate as directory domain administrator)

The slapconfig log says:
2007-05-23 18:21:59 -0700 – slapconfig -createreplica
2007-05-23 18:21:59 -0700 – command: ssh [email protected] /usr/sbin/slapconfig -checkmaster opdiradmin 0 3 3
2007-05-23 18:22:01 -0700 – ssh command failed with status 77
2007-05-23 18:22:01 -0700 – Error: Incorrect username or password. You must enter a directory domain administrator username and password.
(error = 77)

I’ve double checked the OD master root password – I can use it to ssh in.
And I’ve double checked the OD Administrator password – I can authenticate with Workgroup Manager.

I see others here have had this same problem.
[url]https://www.afp548.com/forum/viewtopic.php?forum=36&showtopic=3062[/url]
[url]https://www.afp548.com/forum/viewtopic.php?forum=39&showtopic=10807[/url]

Anybody ever find a fix for this?

[Frustrated]

I’m having exactly the same problem creating a third OD replica. I created the first two a year or more back. Things went well then.

I can’t see anything in the ODM logs that suggests anything is wrong.

I do get the following in /Library/Logs/slapconfig.log on the machine I’m trying to make a replica:

2007-07-19 11:51:44 +1000 – slapconfig -createreplica
2007-07-19 11:51:44 +1000 – command: ssh [email protected] /usr/sbin/slapconfig -checkmaster diradmin 0 3 3
2007-07-19 11:51:47 +1000 – ssh command failed with status 77
2007-07-19 11:51:47 +1000 – Error: Incorrect username or password. You must enter a directory domain administrator username and password.

I tried looking up slapconfig in the man pages, but there was no mention of the -checkmaster switch…

I tried the following though:

/usr/sbin/slapconfig -checkmaster admin 10.0.0.2

admin’s Password:
Error: The master and replica have different software versions.

The ODM is still running 10.4.9 and the new machine I set up is running 10.4.10. Is that enough to cause the problem? (updating the ODM always scares me !!)

Both machines are G5 Xserves.

[Frustrated]

Okay. I did the upgrades to the existing OD boxes. Tried to make a new replica. Same error.

I again tried the following (not that I’m sure I’ve got everything I need in the following command – can’t find info on the -checkmaster flag):

/usr/sbin/slapconfig -checkmaster admin 10.0.0.2

and I still get:

Error: The master and replica have different software versions.

Anyone got any ideas on this?

[garges]

Sorry it’s been so long since updating this.

To answer MacTroll, the logs on the OD Master say:
kadmin log:
{date, time, od master hostname} kadmin.local[28591](info): No dictionary file specified, continuing without one.

LDAP Log:
{date, time, od master hostname}: <= bdb_substring_candidates: (mail) index_param failed (18)\n {date, time, od master hostname}: <= bdb_substring_candidates: (givenName) index_param failed (18)\n Password Service Server Log: {date, time} AUTH2: {0x00000000000000000000000000000001, diradmin} DIGEST-MD5 authentication succeeded. {date, time} QUIT: {0x00000000000000000000000000000001, diradmin} disconnected.

[Grutz]

Any resolution to this? I am having the same problem. 😥

[Grutz]

Any resolution to this? I am having the same problem. 😥

[dptech]

I just solved this the other day, unfortunately, i don’t remember what i did. I would be happy to show you our ODM configuration if you think it would help you. We have one ODM and 8 replicas, they worked fine all summer and then one failed, when I tried to make it a replica I got the errors mentioned in previous posts and our apple rep was zero help.

Please let me know if config files etc would be helpful and i will post them here.

[dptech]

I’m sorry it’s taken me so long to get back to this. School just started and things have been hectic around here. We’re running a single OD master and 9 replicas to handle about 3500 logins. Fortunately for us, I think we only have about 2000 computers so not everyone will ever be logged in at once.

We had the problem everyone else was having and I made several changes at once, (i know bad sys admin practice, but I was desperate and under a deadline) so I have no idea what fixed the issue. I did the following:
1. Verified that all of my ODR’s had valid dns entries (one didn’t)
2. Generated a new SID and copy pasted the new SID in the CIFSServer plist file.
3. I ensured that the ssl cert was correct on the master and all the replicas (again one case where a replica had changed from default to custom or some such thing)
4. Verified that I could login as diradmin via ssh to all the ODR’s (in one case the known_hosts file was wrong)
5. I REBOOTED everything. Our apple engineer told us that it takes around 300 seconds for the ODR’s to catch up with the master. I’ve found this to be only somewhat true, I come from a linux background and the idea of rebooting servers irks me to no end, but it seems to help with Xserve. (no idea why)

I hope this helps, I’d like to work this thread until we get documentation on exactly what will fix the broken replica issue. Apple told me I was running the wrong software versions (they were all the same)

[dptech]

Okay, I figured something out. Not sure of the cause, but aformentioned error message happens when the ssl certs don’t match up. Somehow they get changed on my setup from DEFAULT to CUSTOM. The OD master doesn’t like this and spits out the ssh error.

The SSL cert info is found in the Open Directory/Protocols portion of the Server Admin gui.

[Frustrated]

This might be a dumb question but do you mean using just
“slapcat”?

If so, when trying to establish the replica, “slapcat” just says if can’t find it’s config files….

Replica creation is failing when trying
to authenticate diradmin on the master – at least that’s what I
can work out, and it doesn’t get to the point of setting up and configs.

[Frustrated]

Sorry for the delay. I e-mailed you instead of replying to the post… I didn’t realise.

Slapcap on the master works when the other box is trying to become a replica.

[wemeck]

I found this article at Apple. I am having the exact same issue with two Xserve G5 with matching operating systems.
http://docs.info.apple.com/article.html?artnum=302332

[Author]

Posts