Languages

Mac OS X v10.7: Unable to connect to a Mac OS X v10.6 Open Directory Server

Symptoms

A Mac OS X v10.7 Lion client may be unable to connect to a Mac OS X v10.6 Open Directory Server. This can happen if Lion uses Authenticated Binding to a Mac OS X v10.6 Open Directory Server that is also bound to Active Directory by means of a magic triangle.

Resolution

To allow the Mac OS X v10.7 clients to connect, either don't use authenticated binding, or use the following Terminal commands.

Execute these commands on the Mac OS X v10.6 Open Directory Master Server and Replicas:

Note: These commands will turn off GSSAPI authentication for the LDAP Server on the Mac OS X v10.6 Open Directory Master Server and Replicas. The servers will then use CRAM-MD5 authentication.

sudo rm /usr/lib/sasl2/openldap/libgssapiv2.2.so
sudo rm /usr/lib/sasl2/openldap/libgssapiv2.la

Restart the server after making this change.
 

If you want to restore the original settings, execute these commands:

cd /usr/lib/sasl2/openldap
sudo ln -s ../libgssapiv2.2.so 
sudo ln -s ../libgssapiv2.la

Restart the server after making this change.

Last Modified: Jul 5, 2012
Helpful?
Yes
No
  • Last Modified: Jul 5, 2012
  • Article: TS3861
  • Views:

    2040
  • Rating:
    • 20.0

    (1 Responses)

Additional Product Support Information

Start a Discussion
in Apple Support Communities
See all questions on this article See all questions I have asked