1

I am trying to use a Mac Mini as an Open Directory domain, however it fails on the Open Directory Setup.

The exact error from the log is a below:

Server[308]: An error occurred while configuring webiken as a directory server:
Error Domain=XSActionErrorDomain Code=78 "Server returned a non-zero status code" UserInfo=0x7fb826114140 {NSLocalizedDescription=Server returned a non-zero status code}

Any ideas to what this may be?

FYI: I think this is due to my network configuration. I connect to the internet via Wifi and I have a switch for LAN traffic, but there's no way to give the switch internet access. Is there anyway I can limit the LAN traffic to only use ethernet (en0) and internet traffic to only use WiFi?

Sam Hammamy
  • 189
  • 5
  • 17
  • Also, with Ubuntu, I can do: Limit this interface to its network services, which essentially allows me to let internet connect only on WiFi. Anything like that on OS X? – Sam Hammamy Dec 30 '12 at 23:17
  • Is this for a home setup, like a lab? – mfinni Dec 30 '12 at 23:45
  • "Is there anyway I can limit the LAN traffic to only use ethernet (en0) and internet traffic to only use WiFi?" - doesn't that sound like a simple default route entry change in your routing table? – ErikE Dec 21 '13 at 12:56

1 Answers1

1

You are probably right that the problem is due to your network setup, but I can't really make specific recommendations without knowing more about how you want the networks to be set up and how you hope to be able to use the server (and from which network(s)). I can give you some general rules about setting up OD masters, though:

  1. When trying to troubleshoot the setup, look in /Library/Logs/slapconfig.log. Depending on what version of OS X Server you're using, this can be viewed in either Server Admin -> Open Directory -> Logs, or Server.app -> Logs -> Open Directory, under a name like Configuration Logs.
  2. The most common thing that goes wrong with OD setup is the network configuration, and especially DNS. The server always wants to be able to look up its domain name in DNS and get back its address, and also look up its IP address and get back its domain name. If it can't do this during initial setup, it'll configure its own DNS server and make entries for itself so it can look itself up.
  3. The server offers 3 types of domain name during setup: a name ending in ".local", which will only be resolvable by other Macs on the local network; a name ending in ".private" which can be configured in a private DNS server (possibly the OS X server itself) and resolved by any computer using that DNS server; and a real registered ("Internet") name which can be resolved from anywhere on the Internet (note that the OS X server doesn't handle registering the domain for you, you need to take care of that first).
  4. If the server has multiple IP addresses (as seems to be the case for you, since both the Wi-Fi and Ethernet ports are configured), things get ... confusing. I always recommend having only one interface and IP address configured during OD setup, then adding the other IP(s) later. Note, however, that changing the server's IP address(es) and/or domain name after setup can screw up the domain royally if you don't know what you're doing.

Apple has done their best to simplify this (i.e. hide all the complexity), but their simple setup only really works if you're doing one of a few "typical" configurations. From what you've said, your network configuration isn't typical, and so you really do need to understand more than usual about networking and DNS to get this to work right.

EDIT: to clarify the question about how you hope to be able to use the server: will the clients be in the private LAN, the Wi-Fi network, or elsewhere on the Internet, or some combination of these? What provides DHCP service on the LAN and Wi-Fi networks, and how configurable are they? Is there a firewall or NAT router between the Wi-Fi network and the Internet, and how configurable is it? Also, while some services have fairly simple network requirements (e.g. file sharing), others have much more complex requirements (e.g. domain binding, profile management, email), so it also depends on which services need to be reachable from which network...

Gordon Davisson
  • 11,216
  • 4
  • 28
  • 33
  • Thanks for a detailed answer. The WiFi network is the residence's network, and I have no access to it, and actually, it requires a browser based password entry, and not standard WiFi security. This to make people pay more for faster access, etc. So I want ally my machines on the LAN, and I want the Server to offer Domain based logon to those machines, with roaming profiles. I had this all setup on Ubuntu as an OpenLDAP server, and OS X Clients, and now I thought I'd update to OS X Server – Sam Hammamy Dec 31 '12 at 01:58
  • In that case, you *should* be able to set the server up with a local-only (".local") domain name (with the caveat that I haven't tried this, so I don't know how well it'll work). On the other hand, you might be able to re-use whatever DNS setup you used for the Ubuntu server. In either case, I'd do the initial setup with only the LAN connected, then enable the wireless connection later. In either case, I'd expect to set it up, test, discover what's wrong, tear the OD domain down and re-setup differently, etc. – Gordon Davisson Dec 31 '12 at 03:50