Having struggles with AD/OD integration and replication

[jdyck]

I’m not sure whether to put this in the AD or OD forum, but since AD is involved figured I would put it here.
I work for a school district and am trying to impliment an OS X server to host home directories and manage clients at a small rural Mac only school. Basically one of these “golden triangle” thingies. For background the school is served via a slow shared provincial satellite system, so it is very important that I keep authentication requests within the LAN. Testing has shown that authenticating over the WAN results in unreliability and, when it works, very very very slow logins (like 5-10 minutes, if it goes through).
So, we have a district wide network of Active Directory domain controllers, essentially one at every site to keep authentication traffic off the district WAN. My initial attemps at an installation on this site failed due to AD replication issues, which have now been resolved (the OS X stuff kept trying to authenticate to every machine EXCEPT the local DC). I have successfully installed the OS X server on site and gotten it to bind to the local Domain Controller – authentication and whatnot are staying within the LAN and everything there is good.
However, when I try to join this server to the OD master server back at our Board Office, I’m running into all kinds of problems. Basically it’s not working…
In more detail, here are the errors I’m seeing…
On the replica side, I try and create the replica through Server Admin, but it fails. In the slapconfig log file I see that it is failing at step 9 – Enabling password server replication. It gives an error “NeST command failed with status 78.” Then it reverses the previous 8 steps and cancels. Just for reference, I’ve tried creating the replica with the machine both bound and unbound to AD – same errors either way.
On the server side in the slapconfig log I’m seeing that it seems to be failing at the kerberos initialization with an error “could not resolve hostname SHORTNAME.” Now, before I go any further, DNS with FQDN is working perfect – on both the master and replica I can both nslookup and lookupd -d both the IP and the FQDN and resolve properly. I’m not sure, however, why the computer is only trying to resolve the server SHORTNAME, and perhaps this is where my problem lies.
Finally, I’ve also tried joining another X-Serve as a replica, but it has failed with the same results, which seems to indicate to me that the problem lies with the OD Master computer. This is a bummer as of the 3 it’s the only machine that is ‘live’ with user data and whatnot on it. The other two could be rebuilt with little fuss, but not the master.
Further details that may or may not have some influence on my issues:
• Replica server is running OS X Server 10.4.6 with all updates on a dual core G5 tower.
• Master server is running OS X Server 10.4.3 on a dual G5 X-Serve.
* Master server was updated to 10.4.6, but that seemed to kill the ability of our Windows machines to single-sign-on to it, an issue as we have about 10 users with their home directory on this server.
That’s about it for what I know about the situation… If anybody can help shed any light on how to get this working I would be greatly in your debt.
Thanks in advance
Jeff

[Anonymous]

I have a similar problem with replication. My master server has been upgraded from 10.2 so I am wondering if there is something wrong from past installs. I have followed most of the apple trouble shooting technotes but have no success. The replica is in my home on the other side of an airport express as I am just trying to test it now. Could that make a difference?

[Anonymous]

I have a Xserve G5 running 10.4.6 replicating AD authentication information. I setup the kerberos realm in the Server Admin tool and an AD PC user can login just fine using their AD credentials, no password, nothing, they just need the right permissions on the share they are trying to connect to on the OS X Server. This didn’t work on anything before 10.4.6 came out with all additional updates as of about a month ago.

[email protected]

would love to share notes with you 🙂

[Author]

Posts