Missing users in Workgroup Manager

[cmcfarling]

This has always been an issue but I’ve never really taken the time to look into it thoroughly. I have a small OD setup with 2 servers (server01 & server02 both running OSX Server 10.3.9); 1 OD master and 1 OD replica. Whenever I add a new user account, that user is not able to log into either server via AFP. The message on the client is “An Appleshare system error occurred”. The error at the server is -5023. If I restart the servers, logging in is possible from then on. I don’t add users often so it’s rather an annoyance than a major issue but I’d like to finanly reslove it if possible.

After playing around with it today I’ve noticed some things. If I launch WGM on server01 for example, and authenticate as an OD admin account, all of the users that I’ve ever added show up in the user list. The viewing directory is set to /LDAPv3/127.0.0.1 btw. If I choose not to authenticate and instead view the directory as read only, the users that have been added since last restart do not show up. Those same users are not able to mount any AFP shares. They receive the error noted above. Viewing the list of users from the command line using dscl produces the same results. If I authenticate, all users are listed, if I don’t authenticate, some users are not listed.

I’ve read through the documentation but don’t see anything that would explain this behavior. Any thoughts? Am i missing something basic here?

Chris

[cmcfarling]

In the meantime I’ve been trying every trick I can dig up. The general rule of thumb seems to be if you have problems with your replicas, just demote them to standalone and then re-promote to replica status. I have tried that in past troubleshooting attempts to solve this issue and I’ve tried it about 10 times in the last day again. This time I was more thorough. I tried the demote/promote process from both WGM and using slapconfig, each multiple times. Unfortunately the end result remains the same, new users can’t mount AFP shares until both servers are restarted. This time around I ran into some other issue along the way. After my first attempt at using slapconfig to create an OD replica on server02 somehow caused the local admin account to stop working. Before doing any of this, I would log into WGM using the address format of server02.domain.com. Now, if I do that, WGM can not access the LDAPv3/127.0.0.1 directory and gives an error of “Record type not mapped. The record with type “PrestUsers” is not mapped. …” If I log into WGM using the address format of server02.local however, all is well.

So anyway I’m back to square one. I have a functional, for the most part, OD but it seems that any minor change may be enough to blow it up. I’m giving up on it and I guess I’ll just plan to do a clean install of everything and upgrade at the same time (probably to 10.5 at this point).

[Author]

Posts