On Mar 11, 2011, at 12:14 AM, Dan Shoop wrote:
>
> On Mar 10, 2011, at 4:41 PM, Christopher Hearn wrote:
>
>> Sometimes I use Workgroup Manager from my laptop to manage user memberships on my OD server in a golden triangle setup (AD/OD). Nothing fancy, just adding/removing a user occasionally. First off, is there any reason why this is a bad idea? I was under the impression the connection was encrypted. The connection is only used on an internal network or via VPN.
>>
>> Second, the majority of the time, I can't connect. The first try it errors out with an error -14090 & in Console it shows as:
>>
>> 3/10/11 4:02:25 PM [0x0-0x39039].com.apple.WorkgroupManager[68415] dsOpenDirServiceProxy returned an error of type -14090
>>
>> Any subsequent connections just fail outright. I have to killall -HUP DirectoryService to get it working again, and it *seems* like I have to initiate a connection from Workgroup Manager on the server itself before I can get my laptop to connect. It finally does, but this repeats on a regular basis. Just wondering if anyone has any insight to this. Server Admin tools on laptop & server are both the latest, server & laptop both running 10.6.6. I'm using the FQDN in the address of WGM, & I've tried a local admin account, the diradmin account, & my AD account, all of which have admin privs on the server.
>>
>> I have a Leopard server (latest updates) set up in the same config that does not seem to be affected by this problem.
>>
>> My initial impression is that OD is crashing, or some component related to OD &/or it's connection via WGM is crashing.
>>
>> The only thing I can see in the system logs relevant to WGM getting denied is:
>>
>> 3/10/11 4:03:00 PM servermgrd[116] Failed login attempt from IP 192.168.1.100, user Administrator
>> 3/10/11 4:03:00 PM Workgroup Manager[68382] void -[LoginController gotServerError:forTransaction:](LoginController*, objc_selector*, objc_object*, XSAdminTransaction*): got error kGotAuthenticationFailure from request (null)
>>
>> Any help or ideas appreciated.
>
> Likely you have bad DNS as a start. I know you think you're DNS is perfect, but I seldom see it. If you're using split horizons or views or VPN'ing in I am close to certain.
>
> Second, looks like you have a Kerberos problem. Again perhaps due to bad DNS. And it's likely you're golden triange is messed up too, again, perhaps due to DNS.
>
> So, you can /prove/ your DNS is good?
>
>
> -d
changeip -checkhostname shows everything is correct.
dig hostname shows the correct A record in DNS
dig -x ip_address +short shows the correct hostname
nslookup ip_address shows the correct hostname
Should I try something else?
Chris
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
