From time to time you’ll see an error that “daemon: bind(8) failed errno=48 (Address already in use)” when trying to promote a Mac OS X Server to be an Open Directory Master. The address in question is usually fine and the DNS usually checks clean with changeip:
However the error recurs no matter what you do, even if you try and change the name of the Open Directory Master or the address you still usually end up seeing the same error. If it isn’t the address or the name then could it be the port? If you run lsof to see about that whole ldap port:
lsof -i | grep ldap
Then you’ll end up seeing something like a mail server or third party tool taking 389 first. So, the error should probably read “port already in use” rather than “address already in use.” Disable ldap or move ldap to some other port with the other service, or spin up a new IP and move ldap to that IP for the other service and re-promote and viola, you’re golden. Good luck!
krypted September 8th, 2013
Posted In: Mac OS X Server
Occasionally, when we go to install an Open Directory Replica for a new Open Directory environment, where the Master is running 10.8.4 we run into an error that:
NSMutableDictionary *_getRootDSE(const char *): rootDSE not found
At the GUI this just looks like:
This could mean that you need to check the SSL box in the Directory Utility for the replica. You’ll know that’s the case if the Replica appears in the Server app but is still throwing errors when trying to work. This could also be an issue where the Master can’t get a version or the DSE from the Master. Assuming you already checked IP/DNS, let’s see if the server knows what it is (the master, version, etc). To see if it can’t get a version, run slapconfig -ver:
If you get an error, comment out the TLSCertificatePassphrase line in /etc/openldap/slapd_macosxserver.conf. If not, then it’s a problem with ssh connecting. Assuming ssh is open/on we’re gonna’ need to make sure the authentication types between the client and the server match. To do so, first, change the authentication options in /etc/sshd_config (the section should look like the following when you’re done):
# To disable tunneled clear text passwords both PasswordAuthentication and
# ChallengeResponseAuthentication must be set to "no".
Then, in the Authentication section, change PubkeyAuthentication to no:
Then, in the /etc/sshd_config on the client, change the PasswordAuthentication to yes and the PubkeyAuthentication to no, which should have an sshd_config file similar to the above examples.
krypted September 5th, 2013
Posted In: Mac OS X Server
Tags: 10.8.4 server, an error occured while configuring as a directory replica, failing, Mac OS X Server, NSMutableDictionary *_getRootDSE(const char *): rootDSE not found, Open Directory, os x, rootDSE not found