Currently Being ModeratedFeb 18, 2013 7:36 PM (in response to mnorthern)
Hi MN, ...so the workstations bind successfully to the server, but shaking window upon login attempt? If you login to the workstation as the local admin can you then mount the users home dir over AFP?
Currently Being ModeratedFeb 19, 2013 7:32 AM (in response to Don Roedl)
That is correct. I previously forgot to setup usershares for each user, which I have done now.
Now I am getting an error "You are unable to log in to the user account "<user>" at this time. Logging in to the account failed because an error occured"
I'm not sure how I would go about mounting the user's home dir over AFP from the local admin account, but I can access the fileshare that the home dirs are on using AFP with credentials that I'm having trouble logging in with.
Currently Being ModeratedFeb 19, 2013 7:55 AM (in response to mnorthern)
To mount the users home directory over AFP while logged in as the local admin, invoke the connect to server command, Enter the name or IP address of the server, and then enter the users name and password. The users home directory should then appear in the list of options.
Two quick questions:
How did you set up the user shares for each user? (by user shares you mean home directories, correct?)
Are the user shares located on the same volume as the server operating system, a second volume on the same box, Or on another device?
Currently Being ModeratedFeb 19, 2013 8:20 AM (in response to Don Roedl)
I was able to successfully mount the user home dir over AFP.
1. I set up the user share (home directory) through server manager. I created a Home sharepoint, then enabled automount. Then, in workgroup manager, I created the home directory on the sharepoint that I set up.
2. The user shares are located on a Promise RAID that we have also setup as a fileshare. I created a separate folder within the fileshare to be used as their home shares.
Currently Being ModeratedFeb 19, 2013 8:39 AM (in response to mnorthern)
Ok. Moving along......For the purpose of simple troubleshooting I would try this:
Setup a 'test' account with the user home directory located on the Users folder on same volume as the operating system on the OD server. See if this account can login successfully and mount the test users home dir at login.
Currently Being ModeratedFeb 20, 2013 6:23 AM (in response to Don Roedl)
Here is another of the issue I'm getting.
You can see below, it is communicating to the server because I set a Login policy to say "GROUP POLICY".
Also, if I type invalid credentials, I get an immediate window shake, so there seems to be some sort of authentication going on. Maybe there could be an issue with Kerberos?
Currently Being ModeratedFeb 20, 2013 10:14 AM (in response to mnorthern)
If login doesn't work with the most basic User folder then the problem is not just with the user homes defined elsewhere. That is what I wanted to know - you can't log in to the box period. How is your DNS setup looking? You have forward and reverse DNS set up, and lookups test out correctly?
Currently Being ModeratedFeb 20, 2013 10:36 AM (in response to mnorthern)
You may find this information useful:
To verify correct DNS configuration on a Mac OS X Server system, use the changeip command.
Here is an example:
$ sudo changeip -checkhostname
Primary address = 10.20.30.3
Current HostName = host.example.com
DNS HostName = host.example.com
The names match. There is nothing to change.
dirserv:success = "success" $
This is the expected output for a host named host.example.com at the private IP address 10.20.30.3. You might see The DNS hostname is not available, please repair DNS and re-run this tool. or some other message as output from this command. However — if you do not receive that There is nothing to change. text in the output — then your DNS configuration has an issue; an unreachable DNS server, or a DNS configuration error.
Currently Being ModeratedFeb 20, 2013 11:36 AM (in response to Don Roedl)
I received the expected output on the server.
However, currently, DNS is being handled by our Active Directory server for all clients. The company only has about 15 people using Macs. Will the machines still be able to authenticate with the Mac Server if they are using our Windows server for DNS?
I think I'll have to look into adding the Mac workstations to our existing DNS with lookup zones set to the Mac Server..
Currently Being ModeratedFeb 20, 2013 11:41 AM (in response to mnorthern)
"Will the machines still be able to authenticate with the Mac Server if they are using our Windows server for DNS?"
Yes, it doesn't matter what box does the DNS. Have you tested one of the workstations to ensure that forward and reverse lookups to the SL server are working properly?
Currently Being ModeratedFeb 20, 2013 11:50 AM (in response to Don Roedl)
I did an nslookup on the Mac SL Server, which timed out "no servers could be reached". Looks like it is a problem with DNS. I'll have to look into how to add these Mac computers to our DNS. Thank you so much for your help!!!!