Specifications
210
Use this chapter to nd solutions for common problems you
might encounter while working with Open Directory.
This section contains solutions to common Open Directory problems.
Solving Open Directory Master and Replica Problems
Use the following to help solve Open Directory master and replica problems.
If Kerberos Is Stopped on an Open Directory Master or Replica
An Open Directory master requires properly congured DNS so it can provide single
sign-on Kerberos authentication.
To conrm that DNS is congured correctly for Kerberos:
1 Make sure DNS service is congured to resolve fully qualied DNS names and provide
corresponding reverse lookups.
DNS must resolve fully qualied DNS names and provide reverse lookups for the master
server, replica servers, and other servers that are members of the Kerberos realm.
To perform a DNS lookup of a server’s DNS name and a reverse lookup of the server’s
IP address, you can use the Lookup pane of Network Utility (in /Applications/Utilities).
For more information about setting up DNS service, see Network Services Administration.
2 Make sure the Open Directory master server’s host name is the correct fully qualied
DNS name, not the server’s local hostname.
For example, the host name might be ods.example.com but should not be ods.local.
You can see the host name by opening Terminal and entering hostname.
If the Open Directory server’s host name isn’t its fully qualied DNS name, temporarily
clear the list of DNS servers and click Apply in the Open Directory server’s Network
preferences. Then re-enter DNS server IP addresses, starting with the primary DNS
server that resolves the Open Directory server’s name, and click Apply in Network
Preferences.
10
Solving Open Directory Problems