AFP548

Hanging on Step 5 of AD Bind

joelmwatson
Hi everyone! Yes, this is the infamous step 5 hang problem... I'll start out by saying that I've done my best to make sure I've tried everything I found mentioned previously here and elsewhere before posting... Here's the deal. I work at a small school (less than 200 user accounts) that has a single W2k3 domain controller that also handles DNS, another W2k3 mail server, and a single Xserve running 10.4.8. When I started working here 2 weeks ago, the mail server had been "retired" (i.e., turned off and ignored), so I decided to swap IP numbers from the mail server to the Xserve so I would have an external IP (the domain controller and mail server had external addresses mapped to them at the router) to work with. So, I reinstalled 10.4.8 on the Xserve to start fresh and proceeded to follow [url=http://www.bombich.com/mactips/activedir.html]Mike Bombich's guide on integrating AD/OD[/url] (specifically, section VII). Unfortunately, I got ahead of myself and bound to AD prior to destroying my OD kerberos realm (Yes, it bound perfectly and I could view AD users in WGM). I decided to cut my losses and just start over fresh since I hadn't spent much time on it yet. This is where things went south. I installed a fresh copy of 10.4.8 on the Xserve, deleted the computer account in AD for it and proceeded with the guide. Promoted to Open Directory Master, then destroyed the OD kerberos realm. At this point I opened Directory Access and tried binding to AD the same as the previous attempt. It failed immediately with an "Unknown error" (forget the exact wording--but very generic). I did some digging for quite a while and discovered what I thought was the problem. I had forgotten to remove the DNS entries for the mail server, so there were two sets of forward/reverse DNS entries for the server (why it worked the first time when this was the case I don't know). I deleted all entries referencing the now defunct mail server and gave it another shot. This time it breezed right through steps 1-4 and hung at step 5. This is where I've been stuck since last weekend. It creates the computer account without a problem... I suspect it's something to do with DNS, but am not too sure at this point. I have since switched the Xserve's IP back to what it had originally to avoid possible DNS problems that existed with the other IP, but no dice. Here's what the debug log is giving me now: [code] 006-11-16 09:05:14 PST - ADPlugin: Initialize Called 2006-11-16 09:05:14 PST - ADPlugin: Initialize Returned 2006-11-16 09:05:14 PST - ADPlugin: State Changed Called 4 2006-11-16 09:05:14 PST - ADPlugin: Received ServerRunLoop Mutex 2006-11-16 09:05:14 PST - ADPlugin: Received Kerberos Mutex 2006-11-16 09:05:14 PST - ADPlugin: State Changed Called 2 2006-11-16 09:05:14 PST - ADPlugin: State Changed Called 2 2006-11-16 09:05:14 PST - ADPlugin: Calling OpenDirNode 2006-11-16 09:05:14 PST - ADPlugin: Calling CustomCall 2006-11-16 09:05:14 PST - ADPlugin: Calling CustomCall 2006-11-16 09:05:14 PST - ADPlugin: Calling CloseDirNode 2006-11-16 09:05:37 PST - ADPlugin: Calling OpenDirNode 2006-11-16 09:05:37 PST - ADPlugin: Calling CustomCall 2006-11-16 09:05:37 PST - ADPlugin: Doing CheckServerRecords...... 2006-11-16 09:05:37 PST - ADPlugin: mydomain.com - Start checking servers for site "any" 2006-11-16 09:05:37 PST - ADPlugin: Total Servers "any" LDAP - 1, Kerberos - 1, kPasswd - 1 2006-11-16 09:05:37 PST - ADPlugin: Server #1 picked - "domaincontroller.mydomain.com" 2006-11-16 09:05:37 PST - ADPlugin: mydomain.com - Finished checking servers for domain 2006-11-16 09:05:37 PST - ADPlugin: Got rootDSE for server domaincontroller.mydomain.com to determine forest 2006-11-16 09:05:37 PST - ADPlugin: Determined Forest of mydomain.com from Domain Controller domaincontroller.mydomain.com 2006-11-16 09:05:37 PST - ADPlugin: Found Default Domain mydomain.com 2006-11-16 09:05:37 PST - ADPlugin: Global Catalogs - Start checking servers for site "any" 2006-11-16 09:05:37 PST - ADPlugin: Total Servers "any" LDAP - 1, Kerberos - 1, kPasswd - 1 2006-11-16 09:05:37 PST - ADPlugin: Server #1 picked - "domaincontroller.mydomain.com" 2006-11-16 09:05:37 PST - ADPlugin: Global Catalogs - Finished checking servers for domain 2006-11-16 09:05:37 PST - ADPlugin: Found Forest Domain GC mydomain.com 2006-11-16 09:05:37 PST - ADPlugin: Something wrong, unable to determine domain information from Config container...... 2006-11-16 09:05:37 PST - ADPlugin: Finished CheckServerRecords...... 2006-11-16 09:05:37 PST - ADPlugin: Created KerberosClient record Generation ID 185389537 2006-11-16 09:05:37 PST - ADPlugin: Rebuilt Kerberos File 2006-11-16 09:05:37 PST - ADPlugin: Calling CloseDirNode 2006-11-16 09:05:37 PST - ADPlugin: Calling OpenDirNode 2006-11-16 09:05:37 PST - ADPlugin: Calling CustomCall 2006-11-16 09:05:37 PST - ADPlugin: Doing CheckServerRecords...... 2006-11-16 09:05:37 PST - ADPlugin: Good credentials for Administrator@MYDOMAIN.COM 2006-11-16 09:05:37 PST - ADPlugin: No existing connection in connection mgr for Administrator@MYDOMAIN.COM@mydomain.com:389 2006-11-16 09:05:37 PST - ADPlugin: Secure BIND Session with server domaincontroller.mydomain.com:389 2006-11-16 09:05:37 PST - ADPlugin: Read Context information from server for configurationNamingContext of CN=Configuration,DC=mydomain,DC=com 2006-11-16 09:05:37 PST - ADPlugin: Processing Site Search with found IP 2006-11-16 09:05:37 PST - ADPlugin: Returning connection to pool for domain mydomain.com with dsStatus 0. 2006-11-16 09:05:37 PST - ADPlugin: mydomain.com - Start checking servers for site "any" 2006-11-16 09:05:37 PST - ADPlugin: Total Servers "any" LDAP - 1, Kerberos - 1, kPasswd - 1 2006-11-16 09:05:37 PST - ADPlugin: Server #1 picked - "domaincontroller.mydomain.com" 2006-11-16 09:05:37 PST - ADPlugin: mydomain.com - Finished checking servers for domain 2006-11-16 09:05:37 PST - ADPlugin: Got rootDSE for server domaincontroller.mydomain.com to determine forest 2006-11-16 09:05:37 PST - ADPlugin: Determined Forest of mydomain.com from Domain Controller domaincontroller.mydomain.com 2006-11-16 09:05:37 PST - ADPlugin: Found Default Domain mydomain.com 2006-11-16 09:05:37 PST - ADPlugin: Global Catalogs - Start checking servers for site "any" 2006-11-16 09:05:37 PST - ADPlugin: Total Servers "any" LDAP - 1, Kerberos - 1, kPasswd - 1 2006-11-16 09:05:37 PST - ADPlugin: Server #1 picked - "domaincontroller.mydomain.com" 2006-11-16 09:05:37 PST - ADPlugin: Global Catalogs - Finished checking servers for domain 2006-11-16 09:05:37 PST - ADPlugin: Found Forest Domain GC mydomain.com 2006-11-16 09:05:37 PST - ADPlugin: Good credentials for Administrator@MYDOMAIN.COM 2006-11-16 09:05:37 PST - ADPlugin: Retrieved existing connection from connection mgr Administrator@MYDOMAIN.COM@mydomain.com:389 2006-11-16 09:05:37 PST - ADPlugin: Read Context information from server for configurationNamingContext of CN=Configuration,DC=mydomain,DC=com 2006-11-16 09:05:37 PST - ADPlugin: Returning connection to pool for domain mydomain.com with dsStatus 0. 2006-11-16 09:05:37 PST - ADPlugin: Finished CheckServerRecords...... 2006-11-16 09:05:37 PST - ADPlugin: Created KerberosClient record Generation ID 185389537 2006-11-16 09:05:37 PST - ADPlugin: Rebuilt Kerberos File 2006-11-16 09:05:37 PST - ADPlugin: Closing All Connections - Connection Manager 2006-11-16 09:05:37 PST - ADPlugin: Closing Connection - Administrator@MYDOMAIN.COM@mydomain.com:389 2006-11-16 09:05:37 PST - ADPlugin: Closing All Connections - Connection Manager Completed 2006-11-16 09:05:37 PST - ADPlugin: Calling CloseDirNode 2006-11-16 09:05:37 PST - ADPlugin: Calling OpenDirNode 2006-11-16 09:05:37 PST - ADPlugin: Calling CustomCall 2006-11-16 09:05:37 PST - ADPlugin: Verify called for Administrator@MYDOMAIN.COM 2006-11-16 09:05:37 PST - ADPlugin: Verify successful for Administrator@MYDOMAIN.COM 2006-11-16 09:05:37 PST - ADPlugin: Calling CloseDirNode 2006-11-16 09:05:38 PST - ADPlugin: Calling OpenDirNode 2006-11-16 09:05:38 PST - ADPlugin: Calling CustomCall 2006-11-16 09:05:38 PST - ADPlugin: Good credentials for Administrator@MYDOMAIN.COM 2006-11-16 09:05:38 PST - ADPlugin: No existing connection in connection mgr for Administrator@MYDOMAIN.COM@mydomain.com:389 2006-11-16 09:05:38 PST - ADPlugin: Secure BIND Session with server domaincontroller.mydomain.com:389 2006-11-16 09:05:38 PST - ADPlugin: Read Context information from server for schemaNamingContext of CN=Schema,CN=Configuration,DC=mydomain,DC=com 2006-11-16 09:05:40 PST - ADPlugin: Returning connection to pool for domain mydomain.com with dsStatus 0. 2006-11-16 09:05:40 PST - ADPlugin: Updating Mappings from Schema.......... 2006-11-16 09:05:40 PST - ADPlugin: Doing Computer search for Ethernet address - 00:0d:93:9e:a0:d5 2006-11-16 09:05:40 PST - ADPlugin: Doing DN search for account - xserve 2006-11-16 09:05:40 PST - ADPlugin: Good credentials for Administrator@MYDOMAIN.COM 2006-11-16 09:05:40 PST - ADPlugin: Retrieved existing connection from connection mgr Administrator@MYDOMAIN.COM@mydomain.com:389 2006-11-16 09:05:40 PST - ADPlugin: Returning connection to pool for domain mydomain.com with dsStatus 0. 2006-11-16 09:05:40 PST - ADPlugin: Calling CloseDirNode 2006-11-16 09:05:42 PST - ADPlugin: Calling OpenDirNode 2006-11-16 09:05:42 PST - ADPlugin: Calling CustomCall 2006-11-16 09:05:42 PST - ADPlugin: Looking for existing Record of xserve 2006-11-16 09:05:42 PST - ADPlugin: Doing DN search for account - xserve 2006-11-16 09:05:42 PST - ADPlugin: Good credentials for Administrator@MYDOMAIN.COM 2006-11-16 09:05:42 PST - ADPlugin: Retrieved existing connection from connection mgr Administrator@MYDOMAIN.COM@mydomain.com:389 2006-11-16 09:05:42 PST - ADPlugin: Returning connection to pool for domain mydomain.com with dsStatus 0. 2006-11-16 09:05:42 PST - ADPlugin: Good credentials for Administrator@MYDOMAIN.COM 2006-11-16 09:05:42 PST - ADPlugin: Retrieved existing connection from connection mgr Administrator@MYDOMAIN.COM@mydomain.com:389 2006-11-16 09:05:42 PST - ADPlugin: KerberosID Found for account CN=xserve,CN=Computers,DC=mydomain,DC=com - xserve$ 2006-11-16 09:05:42 PST - ADPlugin: Returning connection to pool for domain mydomain.com with dsStatus 0. 2006-11-16 09:05:42 PST - ADPlugin: Existing record found @ CN=xserve,CN=Computers,DC=mydomain,DC=com with xserve$@MYDOMAIN.COM. 2006-11-16 09:05:42 PST - ADPlugin: Changing Password for User xserve$@MYDOMAIN.COM as Administrator@MYDOMAIN.COM 2006-11-16 09:05:43 PST - ADPlugin: Setting Computer Password worked...... 2006-11-16 09:05:43 PST - ADPlugin: Good credentials for Administrator@MYDOMAIN.COM 2006-11-16 09:05:43 PST - ADPlugin: Retrieved existing connection from connection mgr Administrator@MYDOMAIN.COM@mydomain.com:389 2006-11-16 09:05:43 PST - ADPlugin: ADSEngine Setting Values for Attribute: dNSHostName Record: CN=xserve,CN=Computers,DC=mydomain,DC=com 2006-11-16 09:05:43 PST - ADPlugin: Returning connection to pool for domain mydomain.com with dsStatus 0. 2006-11-16 09:05:43 PST - ADPlugin: Good credentials for Administrator@MYDOMAIN.COM 2006-11-16 09:05:43 PST - ADPlugin: Retrieved existing connection from connection mgr Administrator@MYDOMAIN.COM@mydomain.com:389 2006-11-16 09:05:43 PST - ADPlugin: ADSEngine Setting Values for Attribute: userAccountControl Record: CN=xserve,CN=Computers,DC=mydomain,DC=com 2006-11-16 09:05:43 PST - ADPlugin: Returning connection to pool for domain mydomain.com with dsStatus 0. 2006-11-16 09:05:43 PST - ADPlugin: Good credentials for Administrator@MYDOMAIN.COM 2006-11-16 09:05:43 PST - ADPlugin: Retrieved existing connection from connection mgr Administrator@MYDOMAIN.COM@mydomain.com:389 2006-11-16 09:05:43 PST - ADPlugin: ADSEngine Setting Values for Attribute: operatingSystem Record: CN=xserve,CN=Computers,DC=mydomain,DC=com 2006-11-16 09:05:43 PST - ADPlugin: Returning connection to pool for domain mydomain.com with dsStatus 0. 2006-11-16 09:05:43 PST - ADPlugin: Good credentials for Administrator@MYDOMAIN.COM 2006-11-16 09:05:43 PST - ADPlugin: Retrieved existing connection from connection mgr Administrator@MYDOMAIN.COM@mydomain.com:389 2006-11-16 09:05:43 PST - ADPlugin: ADSEngine Setting Values for Attribute: operatingSystemVersion Record: CN=xserve,CN=Computers,DC=mydomain,DC=com 2006-11-16 09:05:43 PST - ADPlugin: Returning connection to pool for domain mydomain.com with dsStatus 0. 2006-11-16 09:05:43 PST - ADPlugin: Good credentials for Administrator@MYDOMAIN.COM 2006-11-16 09:05:43 PST - ADPlugin: Retrieved existing connection from connection mgr Administrator@MYDOMAIN.COM@mydomain.com:389 2006-11-16 09:05:43 PST - ADPlugin: ADSEngine Setting Values for Attribute: networkAddress Record: CN=xserve,CN=Computers,DC=mydomain,DC=com 2006-11-16 09:05:43 PST - ADPlugin: Returning connection to pool for domain mydomain.com with dsStatus 0. [/code] Any help would be GREATLY appreciated! Thanks! -Joel
Exit mobile version