Forum Replies Created

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • January 14, 2009 at 6:31 pm in reply to: mail_group_expander Group Mailing List #375138
    wstrucke
    Participant

    I am seeing the same behavior on my mail server.

    Running mail_group_expander from the command line returns:

    admin:postfix strucke1$ sudo mail_group_expander
    2009-01-14 13:18:39.065 mail_group_expander[605:a0b] *** Terminating app due to uncaught exception ‘NSInvalidArgumentException’, reason: ‘*** -[NSCFString setString:]: nil argument’
    2009-01-14 13:18:39.069 mail_group_expander[605:a0b] Stack: (
    2421353920,
    2506859756,
    2421353680,
    2421353736,
    2428532368,
    8548,
    11072
    )
    Trace/BPT trap

    And I’m seeing the same messages in the logs when I try to start the mail service.

    October 10, 2008 at 3:03 am in reply to: Open Directory issue with MS-CHAPv2 via VPN – could be a bug? #374427
    wstrucke
    Participant

    i’ve come to the same conclusion — i have a thread on the macos-x-server mailing list about this issue. on several occasions i have successfully established a directory replica for my directory only to have this problem start occurring immediately. it seems that anything that uses NTLM authentication fails and the passwords become corrupt until they are reset.

    the test I’ve found that works 100% to determine if this problem is occuring is:

    dirt -u (username)

    will succeed with the correct password

    dirt -a nt -u (username)

    will fail with the correct password

    the directory is rock solid without any replicas though so that’s how we’re running for now…

    October 3, 2008 at 12:45 pm in reply to: OD Binding & Joining Kerberos Realm #374358
    wstrucke
    Participant

    thanks

    so I suspect my problem is a missing keytab entry for the server… though i’m not positive.

    the server’s computer name and local host name are both “example-server”

    i have the server bound to the directory and it has bound itself as “example-server$”

    yet when I run sso_util configure … the server tries to kerberize itself as “example-server.fqdn@realm”

    so I suspect the problem is that the server is binding itself as “example-server$” when it should be “example-server.fqdn”. Does that make sense? The whole $ thing in the computer records has had be baffled to begin with… I don’t see why there would be two records for a single machine, so which one should it be?

    October 3, 2008 at 12:36 pm in reply to: How do you get the Kerberos Realm into the directory? #374357
    wstrucke
    Participant

    [QUOTE][u]Quote by: John+Lockwood[/u][p]Is your Leopard server an upgrade of a 10.4 server, or a Leopard server in to which you have restored an Open Directory database backed up from a 10.4 server?

    I and someone else who I regard as technically competent have both had problems with Kerberos not working on Leopard servers. In my case I had restored an Open Directory database as a method of moving the accounts to a new replacement Leopard server (DNS etc. settings were identical so it could just be swapped in), in the other persons case he did an upgrade over the top of an existing Tiger server. Both resulted in Kerberos being completely broken.

    I tried multiple times, making the Leopard server an OD master and then restoring the 10.4.11 OD data, however, when I did another test of making on the same new 10.5.1 server a fresh empty Open Directory master and then importing accounts exported from a 10.4.11 Workgroup Manager, then Kerberos did work fine (with all other settings like DNS unchanged).

    I therefore suspect that Leopard server is currently broken in terms of upgrading a 10.4 Open Directory database (which both scenarios involve).[/p][/QUOTE]

    I also have been unable to get kerberos working on a 10.5.5 server with an imported 10.4.11 directory. Does anyone have any clues on how to fix kerberos without destroying authentication?

    October 3, 2008 at 2:54 am in reply to: OD Binding & Joining Kerberos Realm #374348
    wstrucke
    Participant

    I’m also having a similar problem. all of my servers are joined to the open directory without a problem but I can not get a single one of them to join the kerberos realm. when i click join kerberos realm, enter the delegated credentials, the box thinks for a minute, disappears, but the server is not actually joined.

    i never had a problem doing this in tiger so this is rather frustrating.

    anyone have any ideas?

    August 17, 2008 at 4:51 pm in reply to: A question about Kerberos authentication and VPN #373778
    wstrucke
    Participant

    did you ever get a response from apple on the “wrong-sized secret 32” error in the odm system log? I’m seeing that repeatedly on my 10.5.4 server while NTLMv2 authentication fails (with correct passwords)

    August 17, 2008 at 3:36 am in reply to: Password Service DB Corrupt on Reboot #373777
    wstrucke
    Participant

    did you ever find a reply to this?

    I’ve been having a very similiar problem since upgrading (read – installing a fresh copy and re-importing) to 10.5.4.

    reference:

    http://discussions.apple.com/thread.jspa?threadID=1667529&tstart=0

    June 15, 2007 at 11:19 pm in reply to: Backup/restoring archives #369308
    wstrucke
    Participant

    bump

    having the exit code 256 problem… any ideas?

  • Author
    Posts
Viewing 8 posts - 1 through 8 (of 8 total)
Copyright © 2025 AFP548. All Rights Reserved.