Magic Triangle, Snow Leopard Server, Lion Clients
Posted: April 19th, 2012 | Author: jordan | Filed under: Active Directory, Blog, Mac OS X Server, Open Directory, Snow Leopard | Tags: Active Directory, Lion, Magic Triangle, Open Directory, snow leopard server | 1 Comment »Just tried to bind a Lion client to our Magic Triangle infrastructure. Apple describes the problems as: A Mac OS X v10.7 Lion client may be unable to connect to a Mac OS X v10.6 Open Directory Server. This can happen if Lion uses Authenticated Binding to a Mac OS X v10.6 Open Directory Server that is also bound to Active Directory by means of a magic triangle.
Apple’s fix is to use Terminal to run a pair of shell commands on the Snow Leopard Server Open Directory Master Server and Replicas. Apple says:
Note: These commands will turn off GSSAPI authentication for the LDAP Server on the Mac OS X v10.6 Open Directory Master Server and Replicas. The servers will then use CRAM-MD5 authentication.
sudo rm /usr/lib/sasl2/openldap/libgssapiv2.2.so
sudo rm /usr/lib/sasl2/openldap/libgssapiv2.la
Restart the server after making this change.
If you want to restore the original settings, execute these commands:
cd /usr/lib/sasl2/openldap
sudo ln -s ../libgssapiv2.2.so
sudo ln -s ../libgssapiv2.la
Restart the server after making this change.