1

When I try to remove a user in the Workgroup Manager on OS X Server 10.6.2, it looks as though the user is removed correctly at first. But when refreshing, the user pops right back into view without any error messages. I can change any attributes of the user, and my current workaround has simply been to disable the accounts that really should be removed.

The only log that seems to report anything at all when I do this is the LDAP Log, which makes sense, unfortunately it's a rather unhelpful message:

slapd[4937]: SASL [conn=22] Failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Key table entry not found)

I googled the error but couldn't really find a solution. Has anyone else seen this before and if so, how did you solve it?

Dennis Williamson
  • 62,149
  • 16
  • 116
  • 151
Marcus Stade
  • 329
  • 2
  • 5
  • 16
  • More info required: - In WGM, who are you connecting to your OD server as? yourself? diradmin? - Are you running WGM on the primary OD server, a secondary, or on a client? - If on the server, who are you logged in as? admin? yourself? root? diradmin? - If on a client, are you connecting to your primary OD server? or are you connecting to a client (ie: localhost) and then changing the directory node? – lukecyca Dec 07 '09 at 23:47
  • In WGM, I'm connecting to the OD server as diradmin. WGM is indeed running on the primary OD server and I'm logged in with administrator priviliges (not diradmin nor root, but a local administrator account). Hope this helps! – Marcus Stade Dec 08 '09 at 06:09
  • I had a password failure using WGM : didn't recognize the password. A search in the logs : >*GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Key table entry not found)* and then in google leads me here. I tried John's solution => it worked perfectly ! So thanks for that, John ! –  Sep 11 '11 at 19:44

2 Answers2

2

Macke, I had a similar situation in MacOS X Server 10.5.x.

  1. Use a tool like Carbon Copy Cloner and make a good backup of your server.

  2. From the Terminal, run: sudo changeip -checkhostname . If that comes back without issue then try Step 2. If not, repair the underlying issues with the servername/DNS issues.

  3. In ServerAdmin, in OpenDirectory, run a backup (Archive) of the OpenDirectory data. Save it somewhere safe. In fact make 2 copies. Then demote your OpenDirectory Master to a Standalone server. And then reboot. Now, promote it to an OpenDirectory Master. And reboot. And then Restore your OpenDirectory backup. And finally reboot once more.

That should do the trick hopefully

tegbains
  • 1,986
  • 13
  • 28
  • I accept that sometimes server management is a bit of black magic due to the fact that a lot of different components have to work together and sometimes they simply don't, Workgroup Manager seems to be one of those. However, I'm a bit reluctant to try this out considering the implications it could have. Is there something (safe) I could do to verify that this is indeed the preferred solution for my problem? – Marcus Stade Nov 25 '09 at 17:19
  • You could use Carbon Copy Cloner to clone your server's HD to an external HD and then use that drive as your boot/server drive and try the change on that copy first. – tegbains Nov 26 '09 at 09:30
  • I'm gonna do that and see if anything clears up, thanks! – Marcus Stade Dec 01 '09 at 19:31
  • Sorry for the late reply, but I wasn't able to try until now. Your suggestion worked perfectly, thank you very much! – Marcus Stade Feb 20 '10 at 19:33
  • Glad to help. BTW, since then I have found a few other ways to fix this, but none of them are pretty as they require editing the data in LDAP... – tegbains Feb 20 '10 at 21:32
  • Well, this worked out perfectly and was easy and painless to go through. Now that's a solution if I ever saw one =) – Marcus Stade Feb 21 '10 at 11:10
1

Your error log reminds me of something I encountered recently. Check your DNS settings; make sure forward and reverse lookups are correct. Next, disable SSL for LDAP. Logout of WGM, then back in. If the SASL error goes away, and you can use WGM as intended, then try adding back an SSL cert and see what happens.

Lucas Kauffman
  • 16,880
  • 9
  • 58
  • 93
John
  • 11
  • 1