[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Directory Services problem [ Solution ]

Subject: Directory Services problem [ Solution ]
From: Mark Nassy <email@hidden>
Date: Fri, 27 Jan 2006 22:44:26 -0500
Delivered-to: email@hidden
Delivered-to: email@hidden
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:mime-version:content-transfer-encoding:message-id:content-type:to:from:subject:date:x-mailer; b=cwTcsyFjWl7PshhZl80lSsaXseIOx5roZtx23HnCEPDOV3OftqevXqSebn3I3/8hXE6AvsJopUv924o8YrD8s5m/gesSO+17noK9Pvxc94IVxoxJJNOwtjDu3QLi+zd3wggkUyDVBq1F2WRelkXnqIrH5Tt/C75eoyNMNYC4RnU=

hi,

over the past year or so i posted a few messages describing a problem i was having with directory services on 10.3 and later on in 10.4 server. i think i found a fix for the problem, but i am not sure why it fixed some of the problems i was having.

first a little background: three servers: an old windows 2000 AD server, a new windows 2000 server, and a new xserve mac server (10.3.and 10.4). the mac is bound to AD. clean installs on the mac. all the latest patches. mac and pc clients.

the problem: with panther, on occasion no one could login to shares on the mac server. at first it was once a week, then at one point once a day (mostly before 8:00am), then later twice a day. updating to tiger resolved it for a few system updates, but then the problem reappeared at around 10.4.3 and above. when i ran a command such as id <username> on the mac server when the problem occurred it would say no such user (for any account in AD). i would send a SIGHUP to directory services and it would be ok after that.

what i tried: based on some suggestions from the list i checked dns on the windows server. i removed duplicate or conflicting entries. though not necessary i reserved the ip addresses for the macs. i also ran directory services in debug mode, but didnt find any info that was useful to me.

i also checked the time on the new server, but still continued to have the problem. one mac user in particularly was affected every morning while the others logged in trouble free. recently i noticed that some employees using windows computers could login to the mac server, and others could not.

the fix: i corrected the time on both servers. apparently even though the new and old servers should have had their time synced they were not doing so and at the time of the problem they were out of sync by more than 5 minutes. as i only checked the new server i didnt notice.

so why did that fix the problem is my question. my guess is the mac server bound to the old windows server, and when some computers got a kerberos ticket from the old server they were ok, when they got it from the new one, if the old one was busy, they were denied access because the mac is in sync with the old server. what i dont understand is why would mac os x server fail to find the users when i typed id <username> if the time is off.


mark andrew nassy
email@hidden

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden

Prev by Date: Re: how to create a mirrored RAID?
Next by Date: re: TCO calculations
Previous by thread: Re: Network Test Equipment
Next by thread: Spotlight's impact on network
Index(es):
- Date
- Thread

Home