Tiny Deathstars of Foulness

From time to time you’ll see an error that “daemon: bind(8) failed errno=48 (Address already in use)” when trying to promote a Mac OS X Server to be an Open Directory Master. The address in question is usually fine and the DNS usually checks clean with changeip:

changeip -checkhostname

However the error recurs no matter what you do, even if you try and change the name of the Open Directory Master or the address you still usually end up seeing the same error. If it isn’t the address or the name then could it be the port? If you run lsof to see about that whole ldap port:

lsof -i | grep ldap

Then you’ll end up seeing something like a mail server or third party tool taking 389 first. So, the error should probably read “port already in use” rather than “address already in use.” Disable ldap or move ldap to some other port with the other service, or spin up a new IP and move ldap to that IP for the other service and re-promote and viola, you’re golden. Good luck!

September 8th, 2013

Posted In: Mac OS X Server

Tags: , , , , , , , , , ,

Occasionally, when we go to install an Open Directory Replica for a new Open Directory environment, where the Master is running 10.8.4 we run into an error that:

NSMutableDictionary *_getRootDSE(const char *): rootDSE not found

At the GUI this just looks like:

Screen Shot 2013-09-11 at 4.51.20 PM

This could mean that you need to check the SSL box in the Directory Utility for the replica. You’ll know that’s the case if the Replica appears in the Server app but is still throwing errors when trying to work. This could also be an issue where the Master can’t get a version or the DSE from the Master. Assuming you already checked IP/DNS, let’s see if the server knows what it is (the master, version, etc). To see if it can’t get a version, run slapconfig -ver:

slapconfig -ver

If you get an error, comment out the TLSCertificatePassphrase line in /etc/openldap/slapd_macosxserver.conf. If not, then it’s a problem with ssh connecting. Assuming ssh is open/on we’re gonna’ need to make sure the authentication types between the client and the server match. To do so, first, change the authentication options in /etc/sshd_config (the section should look like the following when you’re done):

# To disable tunneled clear text passwords both PasswordAuthentication and
# ChallengeResponseAuthentication must be set to "no".
#PasswordAuthentication yes
#PermitEmptyPasswords no

Then, in the Authentication section, change PubkeyAuthentication to no:

# Authentication:
#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#RSAAuthentication yes
#PubkeyAuthentication no

Then, in the /etc/sshd_config on the client, change the PasswordAuthentication to yes and the PubkeyAuthentication to no, which should have an sshd_config file similar to the above examples.

September 5th, 2013

Posted In: Mac OS X Server

Tags: , , , , , , ,