Fail to Authenticate

[j_chang]

Please Help!!!

Jun 29 13:55:09 US-Server DirectoryService[39]: DSLDAPv3PlugIn: Required Policies not Supported: No ClearText, Man-In-The-Middle, Packet Signing, Packet Encryption. LDAP Connection for Node auth1serv.happy.com denied.
Jun 29 13:55:09 US-Server DirectoryService[39]: DSLDAPv3PlugIn: Policy Violation. Disabled future attempts to bind to [172.28.46.140] for 1 hour.

I get the above error from my client server trying to authenicated with the Open Directory Master.

After rebuilding the server, the same error shows up. Can someone please help?

Thankx.

[j_chang]

1 DNS server
1 Open Directory and 1 Replica
8 Xservers – file servers

1 out of 8 servers we can’t connect to Open Directory. It gave the authentication error (previous post).

We are running on 10.4 (Tiger).

Additional Errors from Open Directory Server (Password Service Server Log)

Jun 29 2005 12:51:57 AUTH2: {0x00000000000000000000000000000001, diradmin} DHX authentication succeeded.Jun 29 2005 12:51:57 KERBEROS-LOGIN-CHECK: user {0x00000000000000000000000000000001, diradmin} is in good standing.Jun 29 2005 12:51:57 QUIT: {no user} disconnected.Jun 29 2005 12:51:58 KERBEROS-LOGIN-CHECK: user {0x00000000000000000000000000000001, diradmin} authentication succeeded.Jun 29 2005 12:51:58 QUIT: {no user} disconnected.Jun 29 2005 12:51:58 CHANGEPASS: {0x00000000000000000000000000000001, diradmin} changed password for user {0x42c2a33b1cbc23f90000002800000027, us-server}Jun 29 2005 12:51:58 QUIT: {0x00000000000000000000000000000001, diradmin} disconnected.Jun 29 2005 12:51:59 KERBEROS-LOGIN-CHECK: user {0x42c2a33b1cbc23f90000002800000027, us-server} authentication failed.Jun 29 2005 12:51:59 QUIT: {no user} disconnected.Jun 29 2005 12:52:05 LISTREPLICAS: 172.20.176.105 requested the replica list.Jun 29 2005 12:52:05 SYNC SESSIONKEY: gmt skew is 0Jun 29 2005 12:52:05 SYNC PUSH: writing to /var/db/authserver/syncfile1120063925.595700.gzJun 29 2005 12:52:05 SYNC PROCESS-NO-REPLY: successJun 29 2005 12:52:05 QUIT: {no user} disconnected.Jun 29 2005 12:52:10 KERBEROS-LOGIN-CHECK: user {0x42c2a33b1cbc23f90000002800000027, us-server} authentication failed.
Jun 29 2005 12:52:10 QUIT: {no user} disconnected.Jun 29 2005 12:52:11 LISTREPLICAS: 172.20.176.105 requested the replica list.Jun 29 2005 12:52:11 SYNC SESSIONKEY: gmt skew is 0Jun 29 2005 12:52:11 SYNC PULL: updating 1 recordsJun 29 2005 12:52:11 SYNC PULL: gzipJun 29 2005 12:52:11 SyncDumpData: stat file: /var/db/authserver/syncfile1120063931.101411.gzJun 29 2005 12:52:11 SyncDumpData: success.Jun 29 2005 12:52:11 QUIT: {no user} disconnected.Jun 29 2005 12:52:23 KERBEROS-LOGIN-CHECK: user {0x42c2a33b1cbc23f90000002800000027, us-server} authentication failed.

[j_chang]

From the /Server Admin/Open Directory/, I was able to Join Kerberos without any issue. And then configure Open Directory Access with no problem.

In the Workgroup Manager, I was not able to connect to the authentication server.

Also a message popped up.

Got unexpected error
Error of type eDSOpenNodeFailed (-14002) on line 3806 of /SourceCache/ServerManagerApp/ServerManagerApp-230/PMMUGMainView.mm

Please helppppppp…..

[Anonymous]

I am having the 14002 error as well…we suffered multiple power outages and as a result I had to restore the server from a backup tape made a week prior. Authentication works fine for LDAP accounts locally, but somehow the clients are not auth’ing, nor are they picking up the LDAP settings for their setups (list of users, etc).

Any help would be nice

[j_chang]

Here’s a suggestion:

Start simple. Turn off any DNS service that you’re providing on the same server. Shared directory domains in Open Directory can be located via multicast DNS instead (mDNS, Bonjour). Leave the host name entry in /etc/hostconfig set to -AUTOMATIC-, as this lets the Bonjour name be used as a first choice.

Then, rebind your clients to the server using Directory Access, using the server’s Bonjour mDNS name .local.

I did the above steps and it worked!

[trampoline]

Then, rebind your clients to the server using Directory Access, using the server’s Bonjour mDNS name .local.

I did the above steps and it worked![/p][/QUOTE]

How do you do this bit ???

[Author]

Posts