Magic Triangle, Snow Leopard Server, Lion Clients

Posted: April 19th, 2012 | Author: | Filed under: Active Directory, Blog, Mac OS X Server, Open Directory, Snow Leopard | Tags: , , , , | 1 Comment »

Just tried to bind a Lion client to our Magic Triangle infrastructure. Apple describes the problems as: A Mac OS X v10.7 Lion client may be unable to connect to a Mac OS X v10.6 Open Directory Server. This can happen if Lion uses Authenticated Binding to a Mac OS X v10.6 Open Directory Server that is also bound to Active Directory by means of a magic triangle.

Apple’s fix is to use Terminal to run a pair of shell commands on the Snow Leopard Server Open Directory Master Server and Replicas. Apple says:

Note: These commands will turn off GSSAPI authentication for the LDAP Server on the Mac OS X v10.6 Open Directory Master Server and Replicas. The servers will then use CRAM-MD5 authentication.

sudo rm /usr/lib/sasl2/openldap/libgssapiv2.2.so
sudo rm /usr/lib/sasl2/openldap/libgssapiv2.la

Restart the server after making this change.

If you want to restore the original settings, execute these commands:

cd /usr/lib/sasl2/openldap
sudo ln -s ../libgssapiv2.2.so
sudo ln -s ../libgssapiv2.la

Restart the server after making this change.