TS4070: Mac OS X Server: Full administrators may not be able to authenticate in Workgroup Manager
Learn about Mac OS X Server: Full administrators may not be able to authenticate in Workgroup Manager
-
All replies
-
Helpful answers
-
Sep 23, 2013 9:08 AM in response to adnanaftmlby MrHoffman,Based on your footer, I'll assume you're running OS X Server 10.7 here, and not 10.6.
Authentication can be via local users (where your administrative access provides override access) or via Server.app and Open Directory and distributed management) where you need to be a domain administrator. It's the domain administrator user that's key to adding users here. The default is the diradmin user on a number of releases, though that can be changed.
You should be able to add additional local users by System Preferences, or — once you log in as a domain administrator — via Server.app or the available Workgroup Manager download.
If you don't have a directory administrator password, you'll need to break into the Open Directory system.
-
Sep 24, 2013 9:30 PM in response to MrHoffmanby adnanaftml,i have directory administrator password but its not accepting it tell me how could i break it?
-
Sep 25, 2013 1:48 PM in response to adnanaftmlby MrHoffman,If you have the directory administrator password, then local DNS services and/or Open Directory is likely corrupted, and there's not much point to resetting the diradmin password.
Launch Console.app from Applications > Utilities, attempt the login, and look for any relevent errors.
If this is a NAT'd network, then local DNS services have to be correct, or OD can and variously will fail. To verify local DNS, launch Terminal.app from Applications > Utilities and issue the following non-destructive diagnostic command:
sudo changeip -checkhostname
This command will find most — but not all — DNS configuration errors. Enter an administrative password for the sudo, and you can safely ignore the one-shot warning nessage about using sudo if you see that. You'll get back some information on the current host network set-up, and then an indication that no changes are required, or that there are system or network or DNS errors and some details.
-
Sep 29, 2013 9:42 PM in response to MrHoffmanby adnanaftml,Thanx for your help
i went to directory editor , i found on left open directory admin services i click on it i click on users then click on LDAP i found bellow all users names i click on admin then i found authentication authority i copy all fellow from , to comma.. but when i open work groupmanager with my admin user pref. the option show all tab & inspector it was not active or i was dimm how can i check it??
-
Sep 30, 2013 2:42 PM in response to adnanaftmlby Antonio Rocco,The show all Records and Inspector Tab is not an option available anymore in 10.7 or newer.
Tony
-
-
Oct 1, 2013 1:52 PM in response to adnanaftmlby Antonio Rocco,Navigate to /System/Library/CoreServices and launch Directory Utility. Click on Directory Editor. Everything you wanted from the "Show All Records and Inspector Tab" is there.
You could of course simply use the command line utility dscl which has been available since 10.4.
Tony
-
Oct 1, 2013 9:40 PM in response to Antonio Roccoby adnanaftml,i follow all procedure i gave new password but it didnt ask me to confirm that password and came back to root when i check it in workgroup manager it didnt work now tell me wht to do????
-
Dec 5, 2013 8:14 PM in response to MrHoffmanby adnanaftml,after running sudo changeip - checkhostname
its shows
Priminary address , Host name but on DNS it shows error
the DNS host name is not available, pls repair DNS and re-run this tool.
pls help me wht to do now???