Weird Active Directory / Common Criteria crash.
I ran into an odd and hopefully rare issue with Active Directory-bound Xserves (I’ve seen it on both G5 XServes and Intel XServes) and Apple’s Common Criteria software. Essentially, when you turned the audit software on, Active Directory would crash. Turn it off, and Active Directory wouldn’t crash. Leave it off then, right? Sadly, if you’re in a situation where you’ve got the audit software installed, you most likely have a good reason for needing it on (in my case, it’s to satisfy security regs.) Even weirder, I had three servers (all G5 XServes) that were bound to Active Directory and were running the CC software, but didn’t have Active Directory crash.
What was the problem? Apple enterprise support chewed on it for a while and discovered that the crash was happening when the Active Directory plug-in was administering the admin group in the local NetInfo database. In other words, in the Active Directory plug-in’s Administrative tab, the Allow administration by: option was checked off. My three servers that weren’t having the crashes didn’t have that option checked, which supported the theory.
Update – 2-6-2008:
We tested this out later in October, and unchecking the Allow administration by: checkbox fixed the issue on all of the affected servers. Hopefully this won’t be an issue on Mac OS X Server 10.5.x. but I haven’t tested it yet.