[kd4ttc]

No. Back to my Mac is not installed.

[kd4ttc]

Oh, yes. That was already done. System Pref > Network > Advanced options > Configure IPv6 is set to off. Thanks for taking the time to consider that. Is there some other place that turns on IPv6?

[kd4ttc]

In the above script I modified the permissions with the line
[code]
chmod go-rx openldap-data
[/code]
Well, this isn’t a good idea. On server restarts the system is unable to read the directory and slapd isn’t running. I thought root was mucking around there, so restrictive permissions were not going to be a problem. I dropped the chmod command and not the server starts. No I can reboot and everything works.

Could someone check their setup and report the user and group ids for the directory and the permissions? What process is reading the openldap-data directory that I excluded with those permissions?

Steve

[kd4ttc]

[QUOTE][u]Quote by: MacTroll[/u][p]Glad you were able to fix it. Can’t say this happens often, but if the power does go out the LDAP db could be put away dirty.

Are you now doing nightly OD backups? 😀 [/p][/QUOTE]

Well, that is a fine question. I have just gotten started in the Server world with migration from a peer to peer topology to a server setup. I was pleased to have everything working. I do keep my clinical data backed up, and mysql files are backed up as well. (I own a medical practice.) The crash here shows me I need to get my backup plans in order, pronto, before too much more time goes by.

I have backed up my configuration data by saving the .plist files you get when you drag the icon out of server administrator. Reviewing those files shows they do not constitute a full backup of the server software. I saw that there is a backup script for Open Directory available here at afp548 for doing that, which archives the slap directory, Kerberos, and another servive. These findings beg the question: just what does one do to back up the server?

Steve

[kd4ttc]

All this is most bizarre. I fixed the problem thanks to AFP548 and Google. Solution follows.

Continuing from the above, the day the server died my secretary had logged in that morning. I had later changed a policy on password lockout in Server Admin and after that no one could log in. I recall now that the microwave in my office showed evidence of a power loss that morning. Another thing that was going on was I was doing a program install and I restarted the server to check all would work from a reboot. A user had been left logged in at the reboot. I logged off that user after initiating the reboot, and the reboot may have hung until that user was logged out, but I’m a bit fuzzy on the details there.

Anyway, the error that got me to a solution was reported in workgroup manager:

[i]The node /LDAPv3/127.0.0.1 couldn’t be opened because an unexpected error of type -14002 occurred. [/i]

Google got me to a Mac OSXHints post at
http://forums.macosxhints.com/archive/index.php/t-37805.html
which pointed to a post https://www.afp548.com/forum/viewtopic.php?forum=39&showtopic=4946&mode=&onlytopic=&show=10&page=2
which together suggested that a power outage could cause this problem with a corrupted file in /var/db/openldap/

Essentially, I used slapcat to retrieve configuration data from the openldap database, created a new openldap database, then repopulated the openldap database from my corrupted data. All is now fine.

The details:

slapd is not running for this to work. Had it been running and non-functional killing slapd would have been needed, I guess.
[code]
mkdir ~/ldap-rescue # create convenient directory
sudo slapcat -l ldif # create text file from slapd database
cd /var/db/openldap # move to openldap directory
sudo su
mv openldap-data openldap-data-old # srchive old data
mkdir openldap-data # new directory
chmod go-rx openldap-data # fix permissions, don’t know if needed.
/usr/libexec/slapd # test to see if slapd will run. This didn’t work before, with slapd exiting.
cat /var/run/slapd.pid # This resulted in a return value of 18691 on my system, so now slapd will run.
kill -INT `cat /var/run/slapd.pid` # kill slapd anticipating use of slapadd.
exit # get out of root. I’m dangerous.
cd ~/ldap_rescue # back to the rescue directory.
sudo slapadd -l ldif # reload the data. I’m lucky I got away with this.
sudo slapcat -l ldifnew # diff reports no differences in ldif and ldifnew
sudo /usr/libexec/slapd # start up slapd. Now all is well.
[/code]
and all was well. Looking at the two directories, openldap-data and openldap-data-old in /var/db/openldap showed a couple of interesting differences. __db.002 was 20meg in the old directory, and dn2id.bdb shrunk a bit, and

[code]
ngi:/var/db/openldap root# ls -l openldap-data
total 3312
-rw——- 1 root wheel 8192 Apr 29 20:23 __db.001
-rw——- 1 root wheel 270336 Apr 29 20:23 __db.002
-rw——- 1 root wheel 98304 Apr 29 20:23 __db.003
-rw——- 1 root wheel 368640 Apr 29 20:23 __db.004
-rw——- 1 root wheel 24576 Apr 29 20:23 __db.005
-rw——- 1 root wheel 8192 Apr 29 20:22 apple-generateduid.bdb
-rw——- 1 root wheel 8192 Apr 29 20:22 apple-group-memberguid.bdb
-rw——- 1 root wheel 8192 Apr 29 20:25 apple-group-nestedgroup.bdb
-rw——- 1 root wheel 8192 Apr 29 20:22 apple-group-realname.bdb
-rw——- 1 root wheel 24576 Apr 29 20:26 cn.bdb
-rw——- 1 root wheel 16384 Apr 29 20:22 dn2id.bdb
-rw——- 1 root wheel 8192 Apr 29 20:22 gidNumber.bdb
-rw——- 1 root wheel 229376 Apr 29 20:26 id2entry.bdb
-rw——- 1 root wheel 561997 Apr 29 20:25 log.0000000001
-rw——- 1 root wheel 8192 Apr 29 20:22 memberUid.bdb
-rw——- 1 root wheel 8192 Apr 29 20:26 objectClass.bdb
-rw——- 1 root wheel 8192 Apr 29 20:26 ou.bdb
-rw——- 1 root wheel 8192 Apr 29 20:22 sn.bdb
-rw——- 1 root wheel 8192 Apr 29 20:22 uid.bdb
-rw——- 1 root wheel 8192 Apr 29 20:22 uidNumber.bdb
ngi:/var/db/openldap root# ls -l openldap-data-old
total 46536
-rw——- 1 root wheel 55 Aug 6 2006 DB_CONFIG
-rw——- 1 root wheel 8192 Apr 27 18:10 __db.001
-rw——- 1 root wheel 20979712 Apr 27 18:10 __db.002
-rw——- 1 root wheel 98304 Apr 27 18:10 __db.003
-rw——- 1 root wheel 368640 Apr 27 18:10 __db.004
-rw——- 1 root wheel 24576 Apr 27 18:10 __db.005
-rw——- 1 root wheel 8192 Apr 27 00:17 apple-generateduid.bdb
-rw——- 1 root wheel 8192 Apr 27 09:04 apple-group-memberguid.bdb
-rw——- 1 root wheel 8192 Apr 27 09:04 apple-group-nestedgroup.bdb
-rw——- 1 root wheel 8192 Apr 23 00:24 apple-group-realname.bdb
-rw——- 1 root wheel 24576 Apr 27 18:13 cn.bdb
-rw——- 1 root wheel 20480 Apr 27 18:13 dn2id.bdb
-rw——- 1 root wheel 8192 Apr 27 08:59 gidNumber.bdb
-rw——- 1 root wheel 229376 Apr 27 18:13 id2entry.bdb
-rw——- 1 root wheel 1976350 Apr 29 19:52 log.0000000001
-rw——- 1 root wheel 8192 Apr 27 09:04 memberUid.bdb
-rw——- 1 root wheel 8192 Apr 27 18:13 objectClass.bdb
-rw——- 1 root wheel 8192 Apr 27 18:13 ou.bdb
-rw——- 1 root wheel 8192 Apr 27 00:17 sn.bdb
-rw——- 1 root wheel 8192 Apr 27 09:04 uid.bdb
-rw——- 1 root wheel 8192 Apr 27 09:04 uidNumber.bdb
[/code]

Thanks very much to the contributors of posts on the two threads referneced above, one on MacOSXHints, and the other on AFP548.

[kd4ttc]

Well, more info: SQLite now has a version 3 available that is recommended. That calls for running the PDO module in PHP. I understand that all versions of Apache will support that. SQLite verison 3 is also the standard that Apple uses in the OS.
So, it seems that correct thing is to upgrade PHP on the server to 5.x, leave Apache as is, and implement PDO in PHP. All versions of everything support MySQL.
The feedback I am interested in is whether my analysis is correct, and whether there are any issues on upgrading PHP that would affect the server.
Steve

[kd4ttc]

With reconfiguring I have found that if the user is connected that they stay connected, but on logging out and back on the logins fail. Both rebooting client and serever machines resets things.

[kd4ttc]

On Peachpit press and amazon I got the following ISBN for the Server Essentials book: 0-596-00635-7.
Also known as Essential Mac OS X Panther Server Administration (Paperback) by Michael Bartosh, Ryan J Faas.
This the book? The user reviews are effusive on Amazon.

For the best online reference for setting mac OS X server I found http://homepage.mac.com/sbarnham/macosx/files/Install_MacOSX_Server_v2.1.pdf
The site http://www.barnham.com.au/macosx is the source web page with the citation.
Steve

[kd4ttc]

The ironic thing about the 1000 plus pages of documentation is that it is so voluminous that it is not an effective set of documentation. The need for no spaces in the path to the home directory is in there, but rather buried. The need for guest access is buried in there, too. I’ll recheck my server and see if I can dispense with it. The documentation is full of instructions which say you can do this or that and how to do each little piece, but it does not say that for setting up home directories you need to do the following steps. At best you get a bunch of cross referential instruction pages. Then, when you do get to some part you are told to enter values with no guidance on how certain selections have implications. For example, in entering the name of the server for DNS you could reasonably read that to mean machine name, the first part of the domain name, or the fully qualified DNS entry (with or without a trailing dot).
In short, I have been very unimpressed with the utility of the documentation while at the same time finding the volume of documentation overwhelming. At least with those issues I haven’t bothered to worry too much about the errors.
The best resource I found is a PDF written by a teacher in Australia that gives a step by step guide, including the gotcha’s. I’ll post up the URL when I get home tonight. – Steve

[kd4ttc]

Thanks for the comments. The tests suggested checked out on my server. I found through some other means that getting automount to work requires that Guest access needs to be enabled in AFP for this all to work. I had deselected that option since I figured all the users were going to be authenticated. Wrongo on that one!
Another mistake was that the name in the DNS setup has to be the name of the server. I thought any of the alias names would be OK. This does not appear to be the case.
I’d like to be able to have my users log into “/Network/Servers/Server1” rather than “/Network/Servers/dns.myzone.com”. Given how DNS is used at setup I suspect that if I can get DNS to report the name Server1 rather than dns.myzone.com it may work. Whether that will mess up Kerberos is a question for another forum.
I also had to get the space out a part of the file path earlier, but that was a previous adventure.
My thoughts on sharing config files is that having config files that work shows what the end result is that one is looking for. The details of setup are so complex that it is hard for the documentation to include all the dependencies. Having a config file that works would let others check that they had used the GUI correctly by checking the file in /var/named. I also think preloading the config files on the server would provide the GUI with a set of startup settings which would guide changes. For example, I used cat in the terminal to look at my zone file:
[code]
dns:/var/named notsosmart$ cat myzone.com.zone
$TTL 86400
myzone.com. IN SOA dns.myzone.com. myname.there.com. (
2006072904 ; serial
3h ; refresh
1h ; retry
1w ; expiry
1h ) ; minimum
myzone.com. IN NS dns.myzone.com.
myzone.com. IN A 10.0.8.20
dns IN A 10.0.8.20
www IN CNAME dns
Server1 IN CNAME dns
[/code]
It seems there could be a set up set of server config files that could be installed that would then be edited through the GUI. It would seem to be a way to avoid a bunch of setup questions that newbies like me are asking.

[kd4ttc]

I googled lame server and found this -> [url]http://www.rackaid.com/resources/tips/ensim-bind.cfm[/url]
Steve

[kd4ttc]

Hmm. Lots of view, no replies.
What I have learned so far is that at a minimum the dns has to support queries via host. That is, if the domain name of server is yourname.com you should be able to the following on a computer on your network using terminal:
[code]
Last login: Sun Jul 30 10:42:22 on console
Welcome to Darwin!
Hollands-Computer:~ steve$ host yourname.com
yourname.com has address 10.0.1.234
Hollands-Computer:~ steve$ host 10.0.1.234
47.1.0.10.in-addr.arpa domain name pointer dns.yourname.com.
Hollands-Computer:~ steve$
[/code]
The above assumes the dns sever is named dns.
If there are opther tests of the DNS I’d appreciate hearing about them.
Steve

[kd4ttc]

As I suspected. The comment that one can add entries to the DNS configuration and have them take effect is not true. I did some update testing and found that a stop and start of the DNS is needed. As one would expect, the DNS service reads the configuration and needs to be told to update, either with a restart or with the command helpfully added above.

The Apple supplied utility does not always work, by the way. I had entered some changes and when I checked the zone file found they were not added. Had to stop, reedit, save, and restart the DNS to get the file corrected. Editing the zone file might actually be easier than wresting with Server Admin, but if you ever touch server admin I expect it will change anything you wrote. Perhaps making it read only would protect it. Hope they get the bugs out soon.

Steve

[kd4ttc]

Thanks so much for the thoughtful reply. I was getting anxious working with the server software setup. There is a missing element to the Apple documentation of a general overview of what the server parts do and the interdependencies that exist. When I called apple support I came to realize there were a lot of details that I was ignorant of, and I had an Arthur Dent moment. The DNS best practices link is great. You could even put the words “Don’t Panic” there in nice friendly letters. Glad I found this site.

Steve

[Author]

Posts