Home Forums OS X Server and Client Discussion Open Directory I also can authenticate to OD but can’t change account details

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • December 19, 2005 at 4:37 am #364461
    mac4bus
    Participant

    As in another posting I can connect to my open directory, but am unable to alter any account settings, ie. creating user, modifying user, etc. as icons greyed. This issue first turned up in 10.4.2 and still existed for a short time after upgrading to 10.4.3 (approx 4-5 weeks ago) and has now returned again.

    system.log reports:

    Dec 19 14:14:55 yoda DirectoryService[42]: DSLDAPv3PlugIn: Required Policies not Supported: Man-In-The-Middle, Packet Signing. LDAP Connection for Node 127.0.0.1 denied.

    I’ve turned off “Block man-in-the-middle attacks” and Digitally sign all packets in an effort to be able to access accounts but with no success.

    Any pointers much appreciated.

    Update

    I noted the following entry in the slapd.log:

    Dec 19 14:52:40 yoda slapd[60]: SASL [conn=29211] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)

    December 19, 2005 at 5:58 am #364463
    mac4bus
    Participant

    Yes the logs are from the server.

    I don’t have anything set under Passwords, now only Enable directory binding under Binding and all boxes checked under Security.

    The server is running AFP, DHCP, DNS, iChat, Mail (with SquirrelMail and Sieve scripting), OD, Software Update, Web and Windows services.

    Update:

    Last night I rebooted the server and now I can access the user account details. However I suspect that this was a case of the options I’d unchecked previously only taking affect after the restart rather than being implemented that the time I made the changes. It is most concerning to think I may need to reboot the server on a regular basis just to implement basic admin functions. While the GUI is nice, and I do rather like the way Apple has put the OSXS package together, I’d rather learn the command line if it means I can keep the server up.

    My intention is to reenable the “Block man-in-the-middle attacks” and the “Digitaly sign all packets” options and see what happens. If anyone knows which services this issue affects and what Terminal commands required to restart the services I’d much appreaciate the heads up, thanks.

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.