Open Directory Slave

[calisurf]

I have three XServes running 10.3.5 server. XServe 1 is currently providing DNS (forward+reverse) to all three servers as well as acting as the Open Directory Master. What I would like to do, is have XServe2 and XServe3 simply act as slaves that hold home directories. I understand how this all works but Apple’s documentation sucks.

1. My first attempt at this I opened Directory Access on XServe2 gave it a configuration name, pointed at the XServe1, gave it proper LDAP mappings, and the correct custom path. It seemed to work as I was able to add a sharepoint on XServe2 and it appeared in WorkGroup Manager on XServe1. The problem is that if I added users to WGM and placed their home directories on XServe2, then ran createhomedir -a, nothing, it doesn’t even recognize XServe2 exisists? Also, if opened WGM on XServe2 it would show the proper search path and users that I had added on XServe1 would appear but it would state, “Not Authenticated.” The other weird thing was that if I selected a user that I added on XServe1 it said it was located on XServe2???

2. My second attempt at making it work was I worked at delegating authority to join the Open Directory Master. Apple’s directions suck, so I am not sure if what I am doing is correct. First I add XServe 2, 3 to the computer lists in WorkGroup Manager. It shows the name of the servers as, XServe2 and XServe3. I then add the Kerberos records on XServe1 but it doesn’t change anything, neither of the two slave servers work properly.

My questions:

1. Do each of the slave machines need to have Directory Access and the delegated authority in order to work? For example, when I switch each of the slave machines to “Connect to Open Directory Master” do I configure the Directory Access and Kerberos?

2. Does KDC need to be running on the slave machines?

3. Is their any documentation on this type of set-up?

I have pounded my head on the wall for two days trying to get this running. I would appreciate any suggestions that people could offer.

[calisurf]

I do not want the machines to be replicas, I simply want them to connect to th Open Directory Master. This was easily accomplished in 10.2 Server but I can only find a few pages of very vague documentation (60-65) in the Open Directory Documentation.

[calisurf]

Are you saying that the “Connect to Open Directory Master” does not work within Open Directory? or are you saying it is more efficient to make each of the XServes a replica?

[calisurf]

Josh-point taken with the superiority of the replication route, I guess I was stuck in the 10.2 paradigm of parent/child relationships. I also thought, obviously incorrectly, the point of replication was to move directory information closer to a disparate population? After reading your last post, I understand the benefits of redundancy, that alone makes it worth while.

One problem, all three servers are in the same rack, if there is a fire, I am #$%#$.

Thanks.

[calisurf]

Any hints on getting the servers prepare to do the replication. I installed and configured the three servers today. (10.3.5) I made one machine the OD Master, it also contains the DNS for all three machines. Added a few users (5) to the OD Master and then made each of the other machines a replica. Here is where the problems arose.

1 of the replicas froze up and I could not gain access to the machine in anyway. Even the passwords that I had assigned earlier would not allow me to log-in to the machine. The other server could not connect via SSH, no matter what I did.

The second time I did all of the same things except with server 10.3.4. Still SSH problems?

Any ideas? Is there anything I should do to the servers before replicating the OD Master?

1. Should I updaate them all?
2. SSH was turned on on all machines, should I do anything else?

Basically is there anything I need to do before replicating?

Thanks

[priglmeier]

What are your OD Master to replica failove times like?

If you power down your OD MASTER and then power on a client how long is it before you can log in? Our quickest time is 7 mins and it’s pretty painful to watch the client mac on boot.

[Author]

Posts