4 Replies Latest reply: Sep 7, 2012 4:21 AM by Strontium90
AppleJason Level 1 Level 1 (10 points)

We have 10 imacs, 6 mbp's (none mobile- all tied to the network via cable).  All running 10.6.8.

 

OD server is 10.6.8.  Computers are all trusted bound to the server.  It's been working for about 1 year. 

 

However,  newly created users are unable to log on *sometimes* to the mbp's.  Seems random.

 

Can you suggest what to look for, and what logs (and where those logs are)?

 

Thanks much,

 

Jason


iMac, Mac OS X (10.6.8), i5 with Thunderbolt
  • 1. Re: users can't log into some systems, sometimes
    SAM4Pres Level 1 Level 1 (20 points)

    I would access Workgroup manager and check if there are any anomalies from the older to the newer users.

     

    Do you have to restart or just wait for the user to be able to log in again?

     

    You are referring to network accounts correct?

  • 2. Re: users can't log into some systems, sometimes
    AppleJason Level 1 Level 1 (10 points)

    Sam4Pres,  I tried finding differences.  One difference is administrators have no problems any time.  Non-admins do, sometimes.  If I promote the user to administrators, sometimes it helps, sometimes not.

     

    Sounds to me like a OD problem, like corruption or something.

     

    I need to be able to read logs, can someone help me find the appropriate logs to read?

     

    Thanks!

  • 3. Re: users can't log into some systems, sometimes
    SAM4Pres Level 1 Level 1 (20 points)

    Go to terminal and type in command: last it will show you the log in info

  • 4. Re: users can't log into some systems, sometimes
    Strontium90 Level 4 Level 4 (3,140 points)

    If you believe this is an OD issue, then enable OD debug logging.  On server and/or client, do this:

     

    sudo killall -USR1 OpenDirectory

     

    This will create a a new log file in /Library/Logs/DirectoryService called DirectoryService.debug.log.  Beware, this file can be rather large if allowed to continue to collect data.  Try to isolate an occurrence as much as possible to limit the amount of data coming in.

     

    Another good method is to enable ssh on a problem workstation.  Then from a control device SSH into the machine that is failing to permit login and start watching system log, top, and if needed the DS debug log.  Use multiple ssh sessions to view everything you are trying to see. 

     

    Note on DS debug.  Apple changed the way to do this after 10.6.  For future versions you can use the odutil command to change logging levels.