On Mar 10, 2011, at 4:41 PM, Christopher Hearn wrote:
> Sometimes I use Workgroup Manager from my laptop to manage user memberships on my OD server in a golden triangle setup (AD/OD). Nothing fancy, just adding/removing a user occasionally. First off, is there any reason why this is a bad idea? I was under the impression the connection was encrypted. The connection is only used on an internal network or via VPN.
> Second, the majority of the time, I can't connect. The first try it errors out with an error -14090 & in Console it shows as:
> 3/10/11 4:02:25 PM [0x0-0x39039].com.apple.WorkgroupManager dsOpenDirServiceProxy returned an error of type -14090
> Any subsequent connections just fail outright. I have to killall -HUP DirectoryService to get it working again, and it *seems* like I have to initiate a connection from Workgroup Manager on the server itself before I can get my laptop to connect. It finally does, but this repeats on a regular basis. Just wondering if anyone has any insight to this. Server Admin tools on laptop & server are both the latest, server & laptop both running 10.6.6. I'm using the FQDN in the address of WGM, & I've tried a local admin account, the diradmin account, & my AD account, all of which have admin privs on the server.
> I have a Leopard server (latest updates) set up in the same config that does not seem to be affected by this problem.
> My initial impression is that OD is crashing, or some component related to OD &/or it's connection via WGM is crashing.
> The only thing I can see in the system logs relevant to WGM getting denied is:
> 3/10/11 4:03:00 PM servermgrd Failed login attempt from IP 192.168.1.100, user Administrator
> 3/10/11 4:03:00 PM Workgroup Manager void -[LoginController gotServerError:forTransaction:](LoginController*, objc_selector*, objc_object*, XSAdminTransaction*): got error kGotAuthenticationFailure from request (null)
> Any help or ideas appreciated.
Likely you have bad DNS as a start. I know you think you're DNS is perfect, but I seldom see it. If you're using split horizons or views or VPN'ing in I am close to certain.
Second, looks like you have a Kerberos problem. Again perhaps due to bad DNS. And it's likely you're golden triange is messed up too, again, perhaps due to DNS.
So, you can /prove/ your DNS is good?
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden