Open Directory Failover

mac-osxopendirectory

We have a network based on OSX, including using OpenDirectory as our directory service. Our network consists of one OD master and a pair of OD replicas. We've been trying to set it up so that when the master goes down the workstations will authenticate against one of the replicas. However, it seems that the clients continue to attempt to reach the master despite it being down. This is supposed to "just work" but it doesn't seem to be for us. Someone suggest that we would need to manually promote a replica to master in order to get the clients to fail over, but that seems somewhat ridiculous.

Has anyone made this configuration work? There's doesn't appear to be a whole lot of documentation about the details.

Best Answer

Well according to this article, what you are doing ought to work. But it is confusing

After you set up an Open Directory replica, other computers will connect to it as needed.

Computers with v10.3 or v10.4 of Mac OS X or Mac OS X Server maintain a list of Open Directory replicas. If one of these computers can’t contact the Open Directory master for directory and authentication services, the computer connects to the nearest replica of the master.

On the one hand it implies above that it ought to work, but then it goes on to say...

You can configure Mac OS X computers to connect to an Open Directory replica instead of the Open Directory master for directory and authentication services. On each Mac OS X computer, you can use Directory Utility to create an LDAPv3 configuration for accessing the replica’s LDAP directory.

Now this arguably gives you a workaround instead of promoting a replica, so it's useful anyway, but I'm not sure if this paragraph doesn't contradict the first one. I do remember a lot of fiddling around with replicas when I did the Mac OSX Server training.

Related Solutions

Why is Mac OSX Lion losing login/network credentials

Did you bind the mac to an OSX Server or to Active Directory? If the latter check if the domain ends in .local. If it does there are some known problems with multicast interference on OSX. The process here may work for you: http://www.macwindows.com/TIP-Lion-dot-local-AD-disable-multicast.html

Some Macs just plain aren't happy on an AD network. I've had several iMacs with essentially identical specs and most were fine but 2 kept losing connectivity with the domain controller and had constant kerberos ticket related issues. In this case breaking the mac from the domain and then reconnecting it using Centrify Express resolved the issue. You can find the agent on their website here: http://www.centrify.com/express/free-active-directory-tools-for-linux-mac.asp#agents

Samba – How to speed up SMB connection between a Mac client and Isilon storage server

CIFS doesn't run much faster on MacOS X no matter which hardware you use at either side of things. 50MB/s is already pretty good. Things have slightly improved with Lion since it has an implementation of CIFS 2.0. The improvement is mainly browsing large directory trees over WANs and not so much with regard to throughput increase. Use NFS if you need performance.

Finder.app will update the view every now and then, but I never found out the logic behind that.

You can use a simple AppleScript to force it to update the view on the current folders which should look like this:

tell application "Finder"
  tell front window
     update every item with necessity
  end tell
end tell

Also using Dave (a commercial CIFS implementation for Mac OS X) doesn't give any decent speed upgrade for sequential file access over the native implementation. Didn't do benchmarking of Dave for Lion as of now.

Best Answer

Related Solutions

Why is Mac OSX Lion losing login/network credentials

Samba – How to speed up SMB connection between a Mac client and Isilon storage server

Related Topic