Promoto to OD Master – errors in slapconfig.log and slapd.log

[TvE]

After a lot of promoting to OD Master and demoting to Standalone I have finally a OD Master that seems like it’s working.
At least I can bind my clients to it and then (after reboot of the client) work with networked home-dirs .

BUT I have a couple of entries in my logs that I have not seen in the testserver (I had no problems with setting up a testserver as an OD Master on a test-LAN…)

1. /Library/Logs/slapconfig.log:

Creating the keytab file
kadmin: No entry for principal xgrid/[email protected]
exists in keytab
WRFILE:/etc/krb5.keytab
…
kadmin: No entry for principal afpserver/[email protected] 
exists in keytab
WRFILE:/etc/krb5.keytab
…
Creating the keytab file
kadmin: No entry for principal ldap/[email protected] exists
in keytab WRFILE:/etc/krb5.keytab
2006-03-13 22:59:23 +0100 - kerberosautoconfig command output:
The machine is standalone
Removing /Library/Preferences/edu.mit.Kerberos
2006-03-13 22:59:23 +0100 - kerberosautoconfig command failed with status 255


2006-03-13 22:59:23 +0100 - command: /usr/sbin/mkpassdb -kerberize
2006-03-13 22:59:23 +0100 - mkpassdb command output:
kadmin.local: unable to get default realm
kadmin.local: unable to get default realm
kadmin.local: unable to get default realm


2. /var/log/slapd.log:

Mar 13 23:01:00 server slapd[389]: Entry
(uid=untitled_1,cn=users,dc=server,dc=my-domain-name,dc=net):
object class 'posixAccount' requires attribute 'homeDirectory'\n
Mar 13 23:01:00 server slapd[389]: entry failed schema check: object class 'posixAccount'
requires attribute 'homeDirectory'\n
Mar 13 23:01:33 server slapd[389]: Entry
(uid=t2,cn=users,dc=server,dc=my-domain-name,dc=net): object
class 'posixAccount' requires attribute 'homeDirectory'\n
Mar 13 23:01:33 server slapd[389]: entry failed schema check: object class 'posixAccount'
requires attribute 'homeDirectory'\n

PS.:
– Just to be on the safe side I have batch-replaced the domain name with “my-domain-name” & “MY-DOMAIN-NAME”
– Some linebreaks have been added to the logs above to make the whole post more readable!

Before I made the (almost?) successfull promotion to OD Master I did:

– Make sure reverse DNS is working
– Made the server’s Network Preferences DNS server point to 127.0.0.1
– Set the hostname via “sudo scutil –set HostName”
– /etc/hostconfig contains “HOSTNAME=-AUTOMATIC-“

– The server is running DNS, AFP, Web, MySQL & Mail

#########################
– How serious are the errors I can see in the logs?
– How an I fix them?

TIA From a Kerberos newbie (that had a lot of help from the O’reilly book “Mac OS X Panther Administration”)

[TvE]

It has “reverse-resolved” OK during all my attempt’s

Part of my troubleshooting process was to erase the DNS zone and then recreate again from scratch.
The DNS zone was created with 10.4.0, so just in case.

server:~ admin$ host 10.0.1.250
250.1.0.10.in-addr.arpa domain name pointer server.my-domain-name.net.
server:~ admin$ host server.my-domain-name.net
server.my-domain-name.net has address 10.0.1.250

[chiefgeek]

I got very similar errors when setting up my server.

Creating the keytab file
Configuring services
WriteSetupFile: setup file path = /temp.IeK4/setup
Cleaning up
2006-02-12 20:14:58 -0800 – command: /usr/sbin/sso_util configure -r ourserver.domain.com -f /LDAPv3/127.0.0.1 -a diradmin -p **** -v 1 ldap
2006-02-12 20:14:59 -0800 – sso_util command output:
Contacting the directory server
Creating the service list
Creating the service principals
WARNING: no policy specified for ldap/ourserver.domain.com@ ourserver.domain.com; defaulting to no policy
Creating the keytab file
Configuring services
WriteSetupFile: setup file path = /temp.HX6L/setup
Cleaning up
2006-02-12 20:14:59 -0800 – command: /sbin/kerberosautoconfig -u -v 1
2006-02-12 20:14:59 -0800 – kerberosautoconfig command output:
The machine is standalone
Removing /Library/Preferences/edu.mit.Kerberos
2006-02-12 20:14:59 -0800 – kerberosautoconfig command failed with status 255
2006-02-12 20:14:59 -0800 – command: /usr/sbin/mkpassdb -kerberize
2006-02-12 20:14:59 -0800 – mkpassdb command output:
kadmin.local: unable to get default realm
kadmin.local: unable to get default realm
kadmin.local: unable to get default realm

However, I decided to go ahead and give it a shot by configuring a client to bind to it and it worked. Very strange!

[Author]

Posts