On Feb 20, 2007, at 10:16 AM, Marcus Thormählen wrote:
Hi Folks,
my first post and i hope you can help me. I am a little bit
frustrated.
We have a big problem with our mobile Macs. Last week we have got
new MacBooks and MacBookPros and with them new problems. A little
description of our network architecture. We have an Active
Directory and an Open Directory for user settings etc. The Macs
authenticate to the AD first
why and for what?
Because we use the AD for user authenication (we have much much more
Windows PCs then Macs) and on the other side the OD for usersettings
only.
and then to the OD (set to SSL and manually to "Open Directory" in
the drop down in Directory Services.app).
same ?
SSL for security reasons ;) and OpenDirectory, because other settings
gave us much more trouble.
I tried all 3 options, but nothing helped with the startup problem.
OD server is an xserve G5 with 10.4.8. Clients are 10.4.8, too.
when you say " mobile Macs " are these mobile accounts?
No, i mean MacBooks, MacBookPros, Powerbooks etc. but yes, we use
mobile accounts.
Now the problem:
,snip>
Service 70: Search connection failure: During an attempt to bind
to [x.x.x.x] LDAP Server
Directory Service 70: Search connection failure: Disable future
attempts to bind to [x.x.x.x] LDAP Server for next 120 seconds.
in_delmulti - ignoring invalid im (0x35dad8)
This only happens when a network cable is plugged in, without
cable its starting normal.
What confuses me is, that our stationary macs never had this
problem. It just pops up, with more and more mobile Macs switching
the subnets and keep getting new IPs.
When i disable Open Directory authentication, the problem is gone,
mac starts up normal.
In the Directory Service logs i can not get any helping
information. Just all the time
2007-02-04 15:21:55 CET - Network transition occurred.
2007-02-04 15:21:55 CET - Network transition occurred.
2007-02-04 15:21:55 CET - Network transition occurred.
can this be the problem?
Directory Service itself starts normal, without error.
Read about a simliar problem, caused by ciscos spanning tree, but
it is diabled.
I am a little bit lost here. Perhaps a DNS problem?
But where to start?
is bind to [x.x.x.x] LDAP Server listed as an Ip address or dns name?
The ip.
i would start by delete the ldap settings on the client.
turn off ssl for now.
reboot server.
Tried that already, even with a brand new machine...same problem, but
only with Macbooks etc. Stationary machines (G4/G5/MacPro) does not
have this problems.
setup new client
don't bind but accept default setting on everything and make sure
you have your OD settings correct.
-- test simple query
What do you mean exactly with "--test simple query"?
use address book to search for name.
test manual login from client to server with username that only
lives in Directory.
You thing that the user is the problem? The Mac crash at startup, not
at login. Login and search works all the time, thats no problem.
