Local Network User

OCPSTV's picture

Open Directory Woes

I can't figure this out. Using Local Network Users for Xsan Clients. 2 Mac mini MDCs. Both Setup for Open Directory & DNS. 10.9.4 all around (but one soon to be replaced client running 10.8.5)

Open Directory "available at server1.xsan.domain.net" - Public network. Master OD.

Everything works for about half a day, more or less, then suddenly the local network users can't log in or authenticate themselves if they are already logged in. (i.e. installing software)

Console shoots back the following:

7/2/14 1:44:52.038 PM Console[823]: Marker - Jul 2, 2014, 1:44:52 PM
7/2/14 1:44:54.612 PM opendirectoryd[22]: set-error: 1: Access to home directory not allowed
7/2/14 1:44:54.612 PM opendirectoryd[22]: set-error: 1: Access to home directory not allowed
7/2/14 1:44:54.613 PM opendirectoryd[22]: set-error: 2: open /Library/Preferences/edu.mit.Kerberos: No such file or directory
7/2/14 1:44:54.613 PM opendirectoryd[22]: set-error: 1: Access to home directory not allowed
7/2/14 1:44:54.613 PM opendirectoryd[22]: set-error: 2: open /etc/krb5.conf: No such file or directory
7/2/14 1:44:54.613 PM opendirectoryd[22]: gss_isc running replace plugins
7/2/14 1:44:54.613 PM opendirectoryd[22]: gss-isc: negative cache 851968/-1765328377 - Server (krbtgt/METADATA.DOMAIN.NET@SERVER1.XSAN.DOMAIN.NET) unknown
7/2/14 1:44:54.613 PM opendirectoryd[22]: set-error: -1765328377: Server (krbtgt/METADATA.DOMAIN.NET@SERVER1.XSAN.DOMAIN.NET) unknown (negative cache)
7/2/14 1:44:54.613 PM opendirectoryd[22]: gss_isc: kerberos 5 maj_stat: 851968/-1765328377
7/2/14 1:44:54.613 PM opendirectoryd[22]: GSSAPI Error: Miscellaneous failure (see text (Server (krbtgt/METADATA.DOMAIN.NET@SERVER1.XSAN.DOMAIN.NET) unknown (negative cache))
7/2/14 1:44:54.614 PM authorizationhost[2339]: Failed to authenticate user (error: 9).
7/2/14 1:44:56.061 PM Console[823]: Marker - Jul 2, 2014, 1:44:56 PM

It seems to be related to the point where either the client is suddenly looking for—or the server is suddenly advertising and feeding— info from the private metadata network and not the xsan public network. But I've not the foggiest idea how to keep things in line.

I can remove and then re-add the OD from Users and Groups again, and that *fixes* the issue for a short time. however sometimes the wrong OD is advertised. It shows up as the metadata network and not the *correct* public network. I have to manually type in the correct OD server.

Subscribe to RSS - Local Network User