Currently Being ModeratedJul 28, 2011 5:54 PM (in response to JP256)
I have experienced the same problem before. A restart of the server resolved it in my case.
Currently Being ModeratedJul 28, 2011 6:26 PM (in response to dmare)
Sorry, I should have added that the first thing I did was to reboot the server and try again, but the problem was still there.
Currently Being ModeratedAug 5, 2011 1:38 PM (in response to JP256)
I have seen in earlier posts going back to 10.4 I believe that this happens, and rebooting often cures it, but one person reported success by getting the right combination of choices for Open Directory > Policies > Binding under the heading Security. He/she said they rebooted between changing the combination to use, so it could well have been the rebooting that solved it.
Can you get more detailed info about the reason for the failure to authenticate from the Open Directory logs?
Currently Being ModeratedAug 5, 2011 3:20 PM (in response to parexcel)
The logs revealed that dradmin was actually authenticating successfully, but for some reason Workgroup Manager was still in unauthenticated mode. I installed 10.6.8 Supplemental update and found no improvement.
All users have portable home directories and everything with Open Directory was functioning properly. DNS and Kerberos were confirmed to be working properly. Several restarts and shutdown/startups were performed and I never was able to get Workgroup Manager to authenticate. So after a few hours troubleshooting last weekend I decided to restore the server to a disk image that was created 20 days earlier. I elected to do this this because I needed to get it resolved on the weekend to minimize the chance of downtime during business hours. The only thing on the boot drive is the server OS an everything else is stored on an external RAID so it was fairly simple for me to restore then get everything current again.
I kept an image of the server with the problem so I can restore it to a standby server to experiment with any possible fixes that I may come across in the future. As of now I don't know why it happened nor how to fix it without restoring.
Currently Being ModeratedAug 11, 2011 8:01 AM (in response to JP256)
I can't think of anything in particular to try, except maybe to make sure diradmin had all its proper privs.
The problem I am actually having, posted elsewhere, is that when I change the password for diradmin to comply with regulations requiring password changes every 90 days, Samba stops working. Logs show that SMB users authenticate properly, but Samba fails to authenticate its diradmin attempt.
Everything I've found on the web suggests that's just how it is. I've tried disabling / enabling Samba and various types of authentication in hopes of triggering the GUI to rebuild Samba configs, but no luck. I don't know Samba internals but my poking around suggested I wasn't going to be able to hack a password into it.
Currently Being ModeratedSep 9, 2011 2:57 PM (in response to JP256)
I had success with the method that parexcel mentioned. I had turned on a couple Security Preferences in Server Admin->Open Directory->Policies->Binding; in my case Disable clear text passwords and Encrypt all packets.
Once I rebooted, I could no longer login to the server. After I disabled these security options and rebooted, I was once again able to login.
I don't know if you are having the same problem, but it definitely sounds like it.
Currently Being ModeratedOct 18, 2012 4:31 PM (in response to jpt11)
Just to add to this old thread, I just did exactly that, and it worked:
1. Server Admin: Open Directory: Settings: Policy: Binding: engage Disable Cleartext... & Encrypt all packets...Save.
2. Disengage what I just clicked. Save.
3. Restart box
4. Workgroup Manager: login as network admin, authenticate using diradmin
I have faint memories of this problem before, and years later, it just crept up once again.