Mac Forums

Mac Forums (
-   OS X - Operating System (
-   -   Workgroup Manager greyed out when authenticated as diradmin (

BarryWAaMC 09-07-2011 05:50 AM

Workgroup Manager greyed out when authenticated as diradmin

We are running Mac OS X Server v10.5.8.
The machine supports 36 iMac clients with access rights using OD LDAP v3.
Authentication for all Mac users is done directly with AD running on Windows Server 2003 via Thursby's AdmitMac.

The setup has been running smoothly for about 3 years now.
The other day I went to make some group changes in Workgroup Manager, to allow access to new software.
I logged in as diradmin with the usual password, (padlock appeared open), but discovered, that everything was greyed out!
The only item I was able to change and save was the diradmin password.
I could not add / remove any users, groups. Could not change any preference settings.

As you can imagine, this is causing a BIT of a problem.

The correct access rights are still being granted to all users, so clients are not seeing anything different.

Any ideas or thoughts as to why the server has decided to deny access, would be much appreciated.

Many thanks,


MacsWork 09-07-2011 01:43 PM

Are you running the same version of the server admin tools?

BarryWAaMC 09-08-2011 03:48 AM


Thanks for replying.

I am running v10.5.5 of the Workgroup Manager, which I believe is the correct version for v10.5.8 of MacOS X Server.



MacsWork 09-08-2011 06:55 AM

In server admin, does Open Directory list LDAP, Password and Kerberos as Running under the Overview section?

BarryWAaMC 09-08-2011 07:06 AM


Thanks again.

In the Overview of Open Directory, LDAP and Password Server are both running, but Kerberos is Stopped.

I am also unable to change any of the settings in the Server Admin console.



MacsWork 09-08-2011 07:15 AM

Bummer,...Your OD is broken.

The problem is you have no idea when it broke I assume. Therefore a restore is pretty much out of the question. That is unless you have a separate OD backup?

Most likely you will have to export the user and group lists from WM and recreate OD. The export will not contain password info so you'll have to enter new passwords for all users. I only suggest the export because importing is better than manual creation of your user list.

This has most likely been caused by improper DNS. Most folks that I have worked with setup their servers thinking they are like AD and next thing you know OD is broken and they don't know why. DNS is almost always the reason.

I was informed by Apple Support there is really no way to resolve this other than recreating OD.


BarryWAaMC 09-08-2011 07:39 AM

Do you know how easy it would be to recreate the OD without having to re-install the server.
I was advised that a clean install is the best way to do it, but I would like to find a quick and safe way if possible.


MacsWork 09-08-2011 07:54 AM

You should be able to change the role to Stand Alone server and then reboot. Then make sure DNS is running and healthy on the Mac server and that it uses itself as DNS, then Change the OD role to OD master and make it the same name as before. Another note is not to name the domain .local, instead use something like .lcl or .lan, this is another Appleism.

Also, if this is a Mac Pro or Xserve with two NICS, be sure that they are either bonded with one IP or you only use one NIC. The server should not have two IPs. OD will break for sure.

Also be sure to export users and groups in WM before you start to save you time after you create the new OD. Passwords will need to be reset after import.

Be sure to archive the OD DB after you finish for safe keeping.

Good Luck.

All times are GMT -4. The time now is 01:23 AM.

Powered by vBulletin
Copyright ©2000 - 2015, Jelsoft Enterprises Ltd.