Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dealing with Mac OS X and NetInfo Problems?

Posted by Cliff on from the losing-the-keys-to-your-iBook dept.

newkid would like some assistance getting to the core of this issue: "Apple likes to refer to its server software as an industrial-strength server based on Apple's modern OS. However, there are serious flaws in the authentication system (netinfo): I am locked out of four of my remote servers (even root has been disabled, and that is unacceptable), and the instability is well documented here, here and here. I have successfully reinstalled one server and replaced another one with FreeBSD, but I have not decided what to do in the long run. What is your experience? Should I completely forget OS X for my servers and switch to something else? Or should I move to Panther (it uses LDAP instead of NetInfo to control user accounts)? I would like to know about your experience with OS X Server and if your have made the switch to something else." What experiences have you had with NetInfo on your Mac OS X boxes, and do you have any other hints and tips on recovering the NetInfo database in the event that it does develops amnesia?

18 of 89 comments (clear)

  1. Root access disabled by default is a flaw? by tiktokfx · · Score: 5, Insightful

    I don't consider it flawed that root is locked down for anyone who doesn't have direct, real-life access to the machine.

  2. don't use netinfo by Anonymous Coward · · Score: 4, Insightful

    wow, complaining about netinfo??? let me tell you my woes with farallon phonenet...

    Seriously, netinfo is OBSOLETE the only reason apple held on to it so long is because they were working on bigger, more user-visible things.

    Go with LDAP. Ditch Netinfo.

    and log in as root when you're at the machine, NOT remotely.

  3. Q: Should my OS be up to date? by mithras+the+prophet · · Score: 4, Funny

    A: Yes.

    --
    four nine eighteen twenty-7 thirty-nine forty-7 fiftyeight sixty-nine seventy-9 eighty-8 one-hundred-and-nine one-twenty
  4. One of the best features about the Netinfo system by gsdali · · Score: 3, Insightful

    is that the Root account is disabled by default and you are encouraged to keep it that way. I can't shed much light on your problem except to say that Panther moving to LDAP is a good thing from the point of view of admin, maybe that is the way to go.

  5. flame on. by seann · · Score: 4, Informative

    evil weblog
    "DirectoryService: NetInfo connection failed for server 127.0.0.1/local."

    "The solution was to restore the Netinfo database."

    NO. the solution is to turn off "Net Info" in the Directory Access program located within /Applications/Utilities folder.
    If you are trying to athunticate to a non-existing netinfo daemon in your domain, your going to get problems.

    Turning off that option relieves the problems hinted at in this link. Please sirs, try this instead of blowing away your net info database, When I first got my powerbook 12" I had this same problem. I realized later on that I clicked "Net Info" in the Directory Access program, and it was trying to auth to a non-existant server.

    --
    I'm a big retard who forgot to log out of Slashdot on Mike's computer! LOOK AT ME.
    1. Re:flame on. by trouser · · Score: 4, Informative

      OSX does use Netinfo by default for local login but the previous poster is quite correct in saying the Netinfo should not be selected in the Directory Access utility. This checkbox is for enabling authentication using a remote Netinfo server and can cause authentication problems including fantastically long timeouts with no on-screen error message when logging in.

      I use LDAP authentication through OpenLDAP on a Linux box with local Netinfo as a fall back for a local admin account. It's been pretty flakey with previous versions of OSX, mainly authentication failures first thing in the morning on machines that have been left asleep at the login prompt over night. Directory Access used to have a lot of trouble working out what to do with itself when the machine woke up. Authentication failed but the Linux server logs tended to suggest that the LDAP requests weren't being made. Anyway, it all seems to work reliably as of 10.3

      --
      Now wash your hands.
  6. is this a troll? by KH · · Score: 4, Insightful

    I don't want to be overtly critical, but the question does not make much sense.

    Several questions:

    What are those remote servers? Why does one need to have access to four servers? Are they X serve or just regular Macs that share files? If the former was the case, they should be running OS X Server, which I am not very familiar, but I doubt that four of them got Netinfo database corrupted.

    Regardless of X-Serve or regular Mac, it does not seem very likely that one can install FreeBSD on them. Is there a FreeBSD distribution for PowerMacs? The last time I checked, OpenBSD was available, but not FreeBSD.

    Also, if the problem was Netinfo, why he didn't just restore the corrupted Netinfo database, as described in the linked documents?

    Why is root being disabled a problem? If one has a physical access to the machines, (s)he can always cmd+s to boot into the single user mode. sudo sh should work, too.

    Overall, the post does not make much sense, does it? At least I'm a bit confused.

  7. Go with Panther and LDAP... by zulux · · Score: 3, Funny

    NetInfo is beleaguered.

    --

    Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.

  8. Boot from CD to change root access by Kalak · · Score: 5, Insightful

    If you've locked yourself out of root, you can boot from the System install CD. In the menu, IIRC, as son as you start the install process, you can select "Reset Password" utility. This is assuming that your NetInfo database is not corrupted. If it *is* corrupted, you can still get to data on the drives via single user mode (Command-S) on startup, to backup your data.

    You can also re-install with the option of creating a new NetInfo database, or follow the instructions indicated in the linked articles you cite for similar results.

    The fact that you have options already cited makes me think this article sounds more like a troll than anything else. If this were Windows and the Registry was gone, you'd be FUBAR as well. If your /etc/ directory was gone in *nix, you'd be FUBAR. The possibility for recovering from such a corruption is a matter of good backups and system administration and not the fault of the OS in this case. A corrupted NetInfo database is merely the way that Darwin shows this as a problem that you keep backups to avoid.

    Also, there is a manner (I forget what it is now) to get Jaguar (and I assume Panther) to read the /etc flat files instead of NetInfo. It was implimented as a complaint who preferr flat files to NetInfo (I'm one of them).

    Poor backups is not a reason for you to examine if this is a OS up to par. If there were no way to backup the NetInfo database, then you'd have a great case for this argument. There is, and you should be restoring from that database if you need it for server info.

    --
    I am, and always will be, an idiot. Karma: Coma (mostly effected by .hack)
  9. Maybe Apple knows? by Bastian · · Score: 3, Insightful

    Have you asked Apple yet?

    Slashdot probably isn't really the best forum for questions about OS X Server. It's not something people really need to buy for home use. Few businesses I know of run OS X servers. And most importantly, it is quite definitely not GNU/Linux.

    Also, are you sure having remote root access is a bug and not a feature? It's a huge huge security risk, esp. for a business setting.

    1. Re:Maybe Apple knows? by gsdali · · Score: 3, Informative

      Not that slashdot should be a purely GNU/Linux preserve. There are better place to ask this question though; Mac OS X Hints Forums and Mac Fixit Forums spring to mind.

  10. If only you could mod articles -1 Flamebait by RalphBNumbers · · Score: 4, Interesting

    This newkid managed to find all of 3 people out of millions of mac users who have had their netinfo database corrupted. All of which were fairly easily repaired, all of which managed to write constructive articles. (and at least one of which explicitly said they thought it was because of a pseudo-brownout while writing to disk, not some flaw in apple's software)

    And now newkid claims he's having the same problem on 4 servers at once (of which I'm somewhat dubious), and writes this flamebait article, implying that Apple's OS is horribly flawed.

    He then goes on to ask for the info he could have just read out of those 3 pages he linked to as documentation of his "serious flaws"; these problems are very rare, and fairly easily repaired by someone moderately cluefull.

    --
    "The worst tyrannies were the ones where a governance required its own logic on every embedded node." - Vernor Vinge
    1. Re:If only you could mod articles -1 Flamebait by Otter · · Score: 3, Funny
      And now newkid claims he's having the same problem on 4 servers at once (of which I'm somewhat dubious)...

      ...and claims to have subsequently installed FreeBSD on one of those Macs!

      --
      What I'm listening to now on Pandora...
  11. Dear Cliff, by reiggin · · Score: 4, Informative
    Would you please stop turning apple.slashdot.org into a hints, tricks, and tips forum? You're 2 for 2 right now. This is "News for Nerds" not "Nerds helping Non-nerds."

    Thanks.

    1. Re:Dear Cliff, by valkraider · · Score: 3, Funny

      Mod parent down. ;)

  12. Good resource by sld126 · · Score: 5, Informative

    Especially for 10.2 servers:
    http://www.afp548.com

    and specifically to your question:
    http://www.afp548.com/Articles/system/n etinfobacku p.html

    --
    You're just jealous because the voices only talk to me.
  13. Re:Panther DOES use NetInfo by sld126 · · Score: 3, Informative

    Local accounts are handled with NetInfo.

    Network accessible accounts are handled with LDAP.

    --
    You're just jealous because the voices only talk to me.
  14. Are you really using NetInfo correctly? by plsuh · · Score: 4, Informative

    Not to minimize your difficulties, but Apple runs NetInfo internally at a very large scale. In the NeXT days NetInfo was used for large-scale deployments and was quite stable.

    Any Mac OS X or X Server machine has a local NetInfo database, stored in /var/db/netinfo/local.nidb/. It serves as the local directory services store for user and configuration information for that machine only. In addition, a Mac OS X Server that is acting as a NetInfo master or LDAP server will contain at least one other NetInfo database usually named "network". This is stored at /var/db/netinfo/network.nidb/. It is used to provide user and service information for a larger network of machines.

    Clients can connect via the native NetInfo protocol which is based on the SunRPC portmapper, or via LDAP. In either case the data are taken from the network.nidb data store.

    The fact that you were "locked out" of four of your servers is very unusual. To properly diagnose this, more information is required. Which one (if any) of these four servers was a directory service server for the group. Was that one acting as an Open Directory password server? What measures did you undertake to re-gain access once the problem was detected?

    By the way, Panther still uses NetInfo as a local directory services store. Passwords are no longer stored as crypt hashes -- they are instead stored as shadowed MD5 hashes in a separate location.

    --Paul
    Technical Training and Certification
    Apple Computer
    psuh at apple dot com