Hello. I'm running into an issue with binding an xserve running Leopard server 10.5.6 to an AD domain. This was all up and running last week, but somethign seems to have happened. Yesterday, I came in and while working in WGM, noticed that I couldn't see AD users and groups. I went to the command line and tried to read an AD user, but that failed. So, I removed the domain, and tried to re-add it from the GUI. It fails with An unexpected error of type -14090 (eDSAuthFailed) occurred. I then tried from the command line:
sudo dsconfigad -f -a xserve1 -domain domain.com -u adroit_boy -p password -lu local_admin -lp local_pass -status
This fails at step 3:
Step 1 of 5: Searching for Forest/Domain information
Step 2 of 5: Finding nearest Domain controllers
Step 3 of 5: Verifying credentials
Error: You provided a user name and password combination that is invalid. You should check the user name and password and try again.
I've pasted the debug logs at the bottom.
So far, I:
- Checked Time - the mac is pointed to the AD server and their times are the same
- Restarted the machine
- Pre-created the machine account in AD
- Tried binding with another AD admin account
- Can bind other client machines without issue. Only this one is a problem. (and I am typing my password correctly)
- My username and password are correct
Any suggestions on what to do? The debug logs show errors in step 3 when doing something with kerberos. It looks like it may be something to do with kerberos?
Help is much appreciated!
Thanks!
Aaron
Here's what I see with dscl
/Local/Default/Config > ls
AD DS PlugIn
dhcp
KerberosKDC
lookupd
NetBootServer
ServicesInformation
SharePoints
SMBServer
On another server (which can bind without issue) I see:
/Local/Default/Config > ls
AD DS PlugIn
dhcp
KerberosKDC
lookupd
NetBootServer
ServicesInformation
SharePoints
SMBServer
DEBUG LOGS
2009-11-03 07:03:48 PST - T[0xB0103000] - Active Directory: Bind Step 3 - Verifying credentials
2009-11-03 07:03:48 PST - T[0xB0289000] - Client: DirectoryService, PID: 25, API: libinfo, Server Used : libinfomig DAC : Procedure = getaddrinfo (27)
2009-11-03 07:03:48 PST - T[0xB0289000] - Client: DirectoryService, PID: 25, API: libinfo, Server Used : libinfomig DAC : Dispatching from/to ourself
2009-11-03 07:03:48 PST - T[0xB0289000] - CCachePlugin::gethostbyname - Cache hit for
adc01.domain.com.
2009-11-03 07:03:48 PST - T[0xB0289000] - Client: DirectoryService, PID: 25, API: libinfo, Server Used : libinfomig DAR : Procedure = getaddrinfo (27) : Result code = 0
2009-11-03 07:03:48 PST - T[0xB0103000] - Internal Dispatch, API: dsOpenDirService(), Server Used : DAR : Dir Ref 16779026 : Result code = 0
2009-11-03 07:03:48 PST - T[0xB0103000] - Client: Requesting dsOpenDirNode with PID = 0, UID = 0, and EUID = 0
2009-11-03 07:03:48 PST - T[0xB0103000] - Internal Dispatch, API: dsOpenDirNode(), Local Used : DAC : Dir Ref = 16779026 : Node Name = /Local/Default
2009-11-03 07:03:48 PST - T[0xB0103000] - Internal Dispatch, API: dsOpenDirNode(), Local Used : DAR : Dir Ref = 16779026 : Node Ref = 16779027 : Result code = 0
2009-11-03 07:03:48 PST - T[0xB0103000] - Internal Dispatch, API: dsOpenRecord(), Local Used : DAC : Node Ref = 16779027
: Rec Type = dsRecTypeStandard:Config : Rec Name = Kerberos:domain.com2009-11-03 07:03:48 PST - T[0xB0103000] - CDSLocalPlugin::OpenRecord(): Got error -14136
2009-11-03 07:03:48 PST - T[0xB0103000] - Internal Dispatch, API: dsOpenRecord(), Local Used : DAR : Node Ref = 16779027 : Record Ref = 16779028 : Result code = -14136
2009-11-03 07:03:48 PST - T[0xB0103000] - CDSLocalPlugin::CloseRecord(): Got error -14105
2009-11-03 07:03:48 PST - T[0xB0103000] - Plug-in call "dsOpenRecord()" failed with error = -14136.
2009-11-03 07:03:48 PST - T[0xB0103000] - Port: 0 Call: dsOpenRecord() == -14136
2009-11-03 07:03:48 PST - T[0xB0103000] - Internal Dispatch, API: dsCreateRecordAndOpen(), Local Used : DAC : Node Ref = 16779027 : Rec Type = dsRecTypeStandard:Config : Rec Name = Kerberos:domain.com : Open Rec Flag = 1
2009-11-03 07:03:48 PST - T[0xB0103000] - CDSLocalPluginNode::CreateDictionaryForNewRecord(), file at /var/db/dslocal/nodes/Default/config/Kerberos:domain.com.plist error, stat() result = 0
2009-11-03 07:03:48 PST - T[0xB0103000] - CDSLocalPluginNode::CreateDictionaryForNewRecord(): failed with error -14135
2009-11-03 07:03:48 PST - T[0xB0103000] - CDSLocalPlugin::OpenRecord(): Got error -14135
2009-11-03 07:03:48 PST - T[0xB0103000] - Internal Dispatch, API: dsCreateRecordAndOpen(), Local Used : DAR : Node Ref = 16779027 : Record Ref = 16779029 : Result code = -14135
2009-11-03 07:03:48 PST - T[0xB0103000] - CDSLocalPlugin::CloseRecord(): Got error -14105
2009-11-03 07:03:48 PST - T[0xB0103000] - Plug-in call "dsCreateRecordAndOpen()" failed with error = -14135.
2009-11-03 07:03:48 PST - T[0xB0103000] - Port: 0 Call: dsCreateRecordAndOpen() == -14135
2009-11-03 07:03:48 PST - T[0xB0103000] - Internal Dispatch, API: dsCloseDirNode(), Local Used : DAC : Node Ref = 16779027
2009-11-03 07:03:48 PST - T[0xB0103000] - Internal Dispatch, API: dsCloseDirNode(), Local Used : DAR : Node Ref = 16779027 : Result code = 0
2009-11-03 07:03:48 PST - T[0xB0103000] - Internal Dispatch, API: dsCloseDirService(), Server Used : DAC : Dir Ref 16779026
2009-11-03 07:03:48 PST - T[0xB0103000] - Internal Dispatch, API: dsCloseDirService(), Server Used : DAR : Dir Ref 16779026 : Result code = 0
2009-11-03 07:03:48 PST - T[0xB030B000] - Client: DirectoryService, PID: 25, API: dsFindDirNodes(), Server Used : DAC : Dir Ref 16778039 : Data buffer size = 1024
2009-11-03 07:03:48 PST - T[0xB030B000] - Client: DirectoryService, PID: 25, API: dsFindDirNodes(), Server Used : DAR : 1 : Dir Ref = 16778039 : Requested nodename = /Local/Default
2009-11-03 07:03:48 PST - T[0xB030B000] - Client: DirectoryService, PID: 25, API: dsFindDirNodes(), Server Used : DAR : 2 : Dir Ref = 16778039 : Result code = 0
2009-11-03 07:03:48 PST - T[0xB0289000] - Client: Requesting dsOpenDirNode with PID = 25, UID = 0, and EUID = 0
2009-11-03 07:03:48 PST - T[0xB0289000] - Client: DirectoryService, PID: 25, API: dsOpenDirNode(), Local Used : DAC : Dir Ref = 16778039 : Node Name = /Local/Default
2009-11-03 07:03:48 PST - T[0xB0289000] - Client: DirectoryService, PID: 25, API: dsOpenDirNode(), Local Used : DAR : Dir Ref = 16778039 : Node Ref = 16779030 : Result code = 0
2009-11-03 07:03:48 PST - T[0xB030B000] - Client: DirectoryService, PID: 25, API: dsGetRecordList(), Local Used : DAC : 1 : Node Ref = 16779030 : Requested Rec Names = Kerberos:domain.com : Rec Name Pattern Match:8193 = eDSExact : Requested Rec Types = dsRecTypeStandard:Config
2009-11-03 07:03:48 PST - T[0xB030B000] - Client: DirectoryService, PID: 25, API: dsGetRecordList(), Local Used : DAC : 2 : Node Ref = 16779030 : Requested Attrs = dsAttrTypeStandard:AppleMetaNodeLocation;dsAttrTypeStandard:XMLPlist : Attr Type Only Flag = 0 : Record Count Limit = 1 : Continue Data = "">
2009-11-03 07:03:48 PST - T[0xB030B000] - Client: DirectoryService, PID: 25, API: dsGetRecordList(), Local Used : DAR : Node Ref = 16779030 : Number of Found Records = 0 : Continue Data = "" : Result code = 0
2009-11-03 07:03:48 PST - T[0xB0289000] - Client: DirectoryService, PID: 25, API: dsCloseDirNode(), Local Used : DAC : Node Ref = 16779030
2009-11-03 07:03:48 PST - T[0xB0289000] - Client: DirectoryService, PID: 25, API: dsCloseDirNode(), Local Used : DAR : Node Ref = 16779030 : Result code = 0
2009-11-03 07:03:48 PST - T[0xB030B000] - Client: DirectoryService, PID: 25, API: dsFindDirNodes(), Server Used : DAC : Dir Ref 16778039 : Data buffer size = 1024
2009-11-03 07:03:48 PST - T[0xB030B000] - Client: DirectoryService, PID: 25, API: dsFindDirNodes(), Server Used : DAR : 1 : Dir Ref = 16778039 : Requested nodename = /Local/Default
2009-11-03 07:03:48 PST - T[0xB030B000] - Client: DirectoryService, PID: 25, API: dsFindDirNodes(), Server Used : DAR : 2 : Dir Ref = 16778039 : Result code = 0
2009-11-03 07:03:48 PST - T[0xB0289000] - Client: Requesting dsOpenDirNode with PID = 25, UID = 0, and EUID = 0
2009-11-03 07:03:48 PST - T[0xB0289000] - Client: DirectoryService, PID: 25, API: dsOpenDirNode(), Local Used : DAC : Dir Ref = 16778039 : Node Name = /Local/Default
2009-11-03 07:03:48 PST - T[0xB0289000] - Client: DirectoryService, PID: 25, API: dsOpenDirNode(), Local Used : DAR : Dir Ref = 16778039 : Node Ref = 16779032 : Result code = 0
2009-11-03 07:03:48 PST - T[0xB030B000] - Client: DirectoryService, PID: 25, API: dsGetRecordList(), Local Used : DAC : 1 : Node Ref = 16779032 : Requested Rec Names = Kerberos:domain.com : Rec Name Pattern Match:8193 = eDSExact : Requested Rec Types = dsRecTypeStandard:Config
2009-11-03 07:03:48 PST - T[0xB030B000] - Client: DirectoryService, PID: 25, API: dsGetRecordList(), Local Used : DAC : 2 : Node Ref = 16779032 : Requested Attrs = dsAttrTypeStandard:AppleMetaNodeLocation;dsAttrTypeStandard:XMLPlist : Attr Type Only Flag = 0 : Record Count Limit = 1 : Continue Data = "">
2009-11-03 07:03:48 PST - T[0xB030B000] - Client: DirectoryService, PID: 25, API: dsGetRecordList(), Local Used : DAR : Node Ref = 16779032 : Number of Found Records = 0 : Continue Data = "" : Result code = 0
2009-11-03 07:03:48 PST - T[0xB0289000] - Client: DirectoryService, PID: 25, API: dsCloseDirNode(), Local Used : DAC : Node Ref = 16779032
2009-11-03 07:03:48 PST - T[0xB0289000] - Client: DirectoryService, PID: 25, API: dsCloseDirNode(), Local Used : DAR : Node Ref = 16779032 : Result code = 0
2009-11-03 07:03:48 PST - T[0xB030B000] - Client: DirectoryService, PID: 25, API: dsFindDirNodes(), Server Used : DAC : Dir Ref 16778039 : Data buffer size = 1024
2009-11-03 07:03:48 PST - T[0xB030B000] - Client: DirectoryService, PID: 25, API: dsFindDirNodes(), Server Used : DAR : 1 : Dir Ref = 16778039 : Requested nodename = /Local/Default
2009-11-03 07:03:48 PST - T[0xB030B000] - Client: DirectoryService, PID: 25, API: dsFindDirNodes(), Server Used : DAR : 2 : Dir Ref = 16778039 : Result code = 0
2009-11-03 07:03:48 PST - T[0xB0289000] - Client: Requesting dsOpenDirNode with PID = 25, UID = 0, and EUID = 0
2009-11-03 07:03:48 PST - T[0xB0289000] - Client: DirectoryService, PID: 25, API: dsOpenDirNode(), Local Used : DAC : Dir Ref = 16778039 : Node Name = /Local/Default
2009-11-03 07:03:48 PST - T[0xB0289000] - Client: DirectoryService, PID: 25, API: dsOpenDirNode(), Local Used : DAR : Dir Ref = 16778039 : Node Ref = 16779033 : Result code = 0
2009-11-03 07:03:48 PST - T[0xB030B000] - Client: DirectoryService, PID: 25, API: dsGetRecordList(), Local Used : DAC : 1 : Node Ref = 16779033 : Requested Rec Names = Kerberos:domain.com : Rec Name Pattern Match:8193 = eDSExact : Requested Rec Types = dsRecTypeStandard:Config
2009-11-03 07:03:48 PST - T[0xB030B000] - Client: DirectoryService, PID: 25, API: dsGetRecordList(), Local Used : DAC : 2 : Node Ref = 16779033 : Requested Attrs = dsAttrTypeStandard:AppleMetaNodeLocation;dsAttrTypeStandard:XMLPlist : Attr Type Only Flag = 0 : Record Count Limit = 1 : Continue Data = "">
2009-11-03 07:03:48 PST - T[0xB030B000] - Client: DirectoryService, PID: 25, API: dsGetRecordList(), Local Used : DAR : Node Ref = 16779033 : Number of Found Records = 0 : Continue Data = "" : Result code = 0
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (
email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hiddenThis email sent to email@hidden
