1
1
I run an LDAP server on my home network to store accounts, automount entries, etc. I spent a lot of time getting the LDAP server configured properly for OS X clients, and everything seems to work, except when I login to my employer's VPN using Cisco VPN Client on OS X 10.5.
So far, I've traced the problem down to the fact that the OS X Directory Service does a reverse DNS (PTR) lookup for the LDAP server, and it appears the Cisco VPN Client is intercepting those DNS requests. To figure this out, I enabled debugging in the directory service, and the following appears in the debug log:
2010-02-11 18:02:02 EST - T[0xB031C000] - CLDAPConnectionManager::CheckFailed - checking 1 node connections
2010-02-11 18:02:02 EST - T[0xB031C000] - CLDAPNodeConfig::CheckWithSelect - good socket to host 192.168.1.11 but failed check, clearing from poll
Digging further with tcpdump, I found that I can do DNS lookups for the directory server's hostname, but reverse lookups aren't getting to my LAN's DNS server at all. Instead, the VPN client appears to be eating them and refering them to prisoner.iana.org
.
Now, I know that this is how things are normally supposed to work when you query an internet DNS server for a private network address in RFC 1918 address space. However, the query is supposed to be going to my LAN's DNS server (just dnsmasq running on a Linksys WRT54G.) And, when the VPN client isn't running, these requests come back fine, and OS X can connect to my LDAP server, and I'm happy. But once I start Cisco VPN Client, it seems to be intercepting these requests, which blocks access to my LDAP, which means my automount shares don't come up, which is very annoying.
So, does anyone know why the VPN Client would do something like this, and can anyone think of any workarounds?
Sorry if this is just too crude, but have you tried just putting your LDAP server into /etc/hosts? That's my simplistic solution to all problems with DNS and nearby hosts. – Stabledog – 2010-02-12T00:20:57.787