Skip navigation

Can't login to network account

831 Views 7 Replies Latest reply: Mar 22, 2013 8:13 AM by infinite vortex RSS
finisherr Calculating status...
Currently Being Moderated
Mar 13, 2013 10:54 PM

When I try to log into a network account on a machine bound to an Open Directory Mountain Lion Server, the password shakes. Here is what I've done:


  • In the Server.App is set the computer name and hostname to the fully qualified domain name
  • I turned on Open Directory and set up an Open Directory server will a fully qualified domain name.
  • When I saw the alert "No SSL certificate for this server" I created a self-signed cert and it checked off the alert.
  • The DNS service is turned on (on the same machine) with forward and reverse records.
  • I've run host name_of_my_FQDN and it returned the proper IP address
  • I set the IP of the DNS server in the DNS network settings on the client computer (in addition to some other DNS server IPs I use).
  • I bound the client computer to the Open Directory server using System Preferences > Users & Groups > Login Options > Join (using the fully qualified domain name of the OD server) and got a green light.
  • I set up a test network account on the OD server called test.
  • On the server, I went to System Preferences > Sharing > Edit > Use dynamic global hostname.
  • I ran sudo changeip -checkhostname. The current hostname and dns hostname match.
  • On client machine: System Preferences > Users & Groups > Login Options > Allow network users to log in at login window


BUT…when I try to log in to test on the client computer the password shakes. The console says this after the login attempt:


3/14/13 1:28:35.251 AM SecurityAgent[1502]: Unknown user "test" login attempt PASSED for auditing


I've even used dscl to verify the presence of the test account on the OD server from the client machine. I'm just about stumped.

  • infinite vortex Level 7 Level 7 (21,400 points)
    Currently Being Moderated
    Mar 22, 2013 8:13 AM (in response to finisherr)

    If you use services only at the cliet side then you can. At least how I understand what you're saying. For instance, if you create a standard client system user account and then go to System Preferences > Mail, Contacts & Calendars and add an OS X Server account there… that will only use services, plus file sharing services authentication, as defined by This is in fact the simplest way to use OS X Server at the client side.


    Basically the moment you want OS X Server and OD to know anything about a user's home directory then you have to do more.


More Like This

  • Retrieving data ...

Bookmarked By (0)


  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.