Mac OS X Server 10.4.8: Password Server may not start

Issue or symptom

After updating from Mac OS X Server 10.4.7 to 10.4.8, Password Server may not start. Server Admin may report that the Password Service has stopped.

The ApplePasswordServer.Error.log (in /Library/Logs/PasswordService/) may contain the message, "CUDPListener: internal error, RSA key hash not set."

Solution

The following steps will rebuild your /var/db/authserver/authserverreplicas file.

1. Using these guidelines, create a new file on your desktop named "make-replica-file".

2. Paste this content into the file:

 #!/bin/sh

 if [ `id -u` != 0 ] ; then 
   echo "You must run this script as root."
   exit
   elif [ ! -s "/usr/sbin/mkpassdb" ] ; then
   echo "This script can only be run on Mac OS X Server"
   exit
   fi

 # try the LDAP config record
   export LDAPConfigRecord=`dscl /LDAPv3/127.0.0.1 -read /Config/passwordserver PasswordServerList | sed 's/PasswordServerList: //'`
   echo $LDAPConfigRecord | grep "No such key" > /tmp/authserverreplicas.test
   if [ ! -s /tmp/authserverreplicas.test ] ; then 
   echo "$LDAPConfigRecord"
   exit
   fi

 # make the ID string
   export key=`mkpassdb -key`
   export keyID=`echo -n "$key" | md5 | awk '{print toupper($0)}'`

 # Get the IPv4 for en0 and look it up
   export QueriedIPAddress=`ifconfig | grep -A 1 "en0" | grep "inet " | sed 's/.*inet //;s/ .*//'`
   export QueriedDNS=`dig -x $QueriedIPAddress | grep -A 1 "ANSWER SECTION" | sed 's/;;.*//;s/.*PTR//' | tr "\\n\\t" "  " | sed 's/ //g' | awk '{print substr($0,0,length($0)-1)}'`

 echo "<?xml version=\\"1.0\\" encoding=\\"UTF-8\\"?>"
   echo "<!DOCTYPE plist PUBLIC \\"-//Apple Computer//DTD PLIST 1.0//EN\\" \\"http://www.apple.com/DTDs/PropertyList-1.0.dtd\\">"
   echo "<plist version=\\"1.0\\">"
   echo "<dict>"
   echo "        <key>ID</key>"
   echo "        <string>$keyID</string>"
   echo "        <key>Parent</key>"
   echo "        <dict>"
   echo "                <key>DNS</key>"
   echo "                <string>$QueriedDNS</string>"
   echo "                <key>IDRangeBegin</key>"
   echo "                <string>0x00000000000000000000000000000001</string>"
   echo "                <key>IDRangeEnd</key>"
   echo "                <string>0x000000000000000000000000000001f5</string>"
   echo "                <key>IP</key>"
   echo "                <string>$QueriedIPAddress</string>"
   echo "        </dict>"
   echo "        <key>Status</key>"
   echo "        <string>AllowReplication</string>"
   echo "</dict>"
   echo "</plist>"

3. In Terminal, execute these commands:

$ chmod +x ~/Desktop/make-replica-file
$ sudo ~/Desktop/make-replica-file > ~/Desktop/authserverreplicas
$ chmod 644 ~/Desktop/authserverreplicas
$ sudo chown root:wheel ~/Desktop/authserverreplicas
$ sudo mv ~/Desktop/authserverreplicas /var/db/authserver

4. Restart the server.