Q: unable to get network users working in server 3

@haykong

I'm having trouble with what I think is DNS since an upgrade to 3.0.

Perhaps you could help me out. I have one Maverick Network Machine that is behaving oddly, I can log in, sort of, but can't talk to the server and I'm not 100% sure it's bound correctly.

I understand some of my issues now, a little better:

1. In respect to the mystery surrounding the x.dyndns.org entry in my logs that I previously mentioned, I found it in the directory utlitity (System/Library/Core Services) using Services/ select & edit / Search & mappings / Read from server. It is incorrectly looking for a search base that has not been in existence for a while, and it apparently resurrected it from dead somehow during the Server 3.0 installation. The same evidence can be found in abundence in /etc/openldap -> config files. Once I edit it in the directory utility, it will not allow me to write it back to server no matter what I do, with authentication failures, so, there does not seem to be any solution but to reinstall yet one more time. More importantly, however, there is no indication of this in the server setup. You only see it in the logs.
2. I can only log into the server when I set it up as "local", as in y.local, and use my domain only for email and domain server set-up. Then most things work. This may be related to point #1.
3. I have local access to the server machine with all accounts, I also have ML client access. I do not have access from mobile Mavericks client. However, here is the strange bit. Since I cannot log in from the mobile account, I turned off the "join account server" on that machine. Once I log in, however, it continues to sync, or at least attempted sync between accounts.

We are on Day 6, but still haven't been able to resolve these issues.

I've exactly the same problem.

Previous Config:

MacMini running ML Server with ML Clients -another mini, MBA, IMac etc. (and 1x SL and 1xLion client) - no problems

Client Upgrades

Upgraded (no fresh installs or anything) to Mavericks clients FIRST. No problem logging into and user ML Server - all good

Server Upgrade

Upgraded to Mavericks Server and all clients experienced the same problem as previously described.

Next Steps

Tried fresh install (i.e. erase first) of Mavericks on MBA but still the same problem

Tried fresh install (i.e. erase first) of Mavericks Sever on the Mini and STILL the same problem on all clients (upgraded and the MBA fresh installed)

Tried fresh install AGAIN on the server but again, the same problem

Used Time Machine to restore Server to ML and bingo it all works just fine i.e. Maverick Clients (SL, Lion as well) can use the server just fine.

So it would imply its Mavericks Server is the problem and Apple, if you're listening/reading, ITS NOT FIT FOR PURPOSE!!!

Thanks

Rob

I fought with very similar problems over the last couple of days, but I was able to get things working.  My log had a number of messages that said "No such entry in database" or "no such entry found in hdb".  Apparently the database in question is

/etc/krb5.keytab:keytab

You can see the keys that can match by running

sudo ktutil list

and sure enough there was no entry for the machine it was trying to find.  The log shows

10/27/13 2:30:06.359 PM kdc[54]: Server not found in database: ldap/myserver@MYSERVER.LOCAL: no such entry found in hdb

but the listing only showed

ldap/myserver.local@MYSERVER.LOCAL

Goodness knows why the client was sending one and not the other.  The server seems to check a bunch of varieties, bit none matched.  Anyway, I ran

sudo ktutil get -p diradmin ldap/myserver@MYSERVER.LOCAL

and everything began to work as before.  FWIW, I checked to see how things looked in the logs when someone logged in from one of the of the non-Mavericks clients and those always sent ldap/myserver.local@MYSERVER.LOCAL. 

So, check your logs and see whether you have keytab entries that match exactly what the log says the server is trying to find.

Hi all,

Just wanted to say I had exactly the same issue, upgraded both MacBook Pro and Mac Mini server to Mavericks and then updated to Server 3 on the mini. Then each time I tried to login using the network account I didn't get any specific error, just the wobbly wrong username or password at the login screen.

So having removed the network account server and re-added it to my MacBook, and also turning on and off different services on the server it seems that simply changing passwords for the user accounts solved my problem. Not entirely sure if any other steps were nessesary, but I would definatley advise updating users passwords as a first point. Not sure if you can just change them to the same password, I went for completely new ones.

Hope it helps someone.

Can anyone confirm this has worked for them as I am loathed to re-install Mavericks ontop of my (recovered) ML Mini sever?

Many thanks

Rob

Hi haykong, first thank you and nick.leblanc your replies helped me solve my problem of network users not being able to login.

To recap, I have an Airport Extreme configured as part of a basic Mountain Lion Server setup with a Macbook Pro, iMac and a number of mobile devices, all running well.  I have a FQDN. DHCP managed by the Airport Extreme.  Airport IP set to 192.168.16.1, Server is 192.168.16.2.

I upgraded the iMac to Mavericks and it worked with no problems with ML Server as did the Macbook.  Once I upgraded the server to Maverick, network users are unable to login.  If I rolled back the client machines to ML, network users could login to Maverick Sever; this pointed to a client config problem.

Checking the DNS of the client, it was set to the Airport Express (192.168.16.1) and not the server.  I manually changed this on the client so that the first entry was the server (192.168.16.2) then added a second entry as Airport Express (192.168.16.1).

I did nothing else at all apart from reboot and it fixed the problem - network login working.

Knowledge now runs out, how do I overide the system default to avoid having to make a manual change to DNS, is that on the Airport Express?

Thanks once again!!

Hope this helps others.

Les

Despite a week's worth of my best efforts, I cannot make this thing work. It is simply broken, and I believe it is possibly one of the worst software releases that Apple has ever made. What good is a server that you cannot log in to?

What have you tried?

freefall722 wrote:

 

So I've done another completely fresh install of the server and still can't get around the weird log in issue at the bottom of my previous post.

 

Basically what happens is that for all my clients I can now log into any of the network users however only the first one I log into (ex. testuser) after a reboot of a client works correctly.

 

Freefall,

This sounds like a classic AFP related problem (and the reason I kept trying to get NFS to work). The network home directory is mounted with permissions owned by the network user when they log in. If you try to do Multi-user switching or anything else of that kind, it won't work, because the new user doesn't have permission to use the mounted home directory which is still owned by the first user. You can observe this in Terminal by checking the owner permissions of the mounted Volume.

I came across this problem frequenly when AFP didn't unmount properly after users logged out. In that case, it was easy to find the problem in the Server App; the logged-out user was still shown in File Sharing with an active connection. You can disconnect the user from File Share in the Server App and the client becomes available for a new login, but that is a pain over the long term.

It looks like many folks are fixing this problem by switching their users to SMB.

Y'all know you should never create a local LAN domain ending in ".local", right?

Even ".private" is considered suspect, but ".local" is used by Bonjour and will cause you problems. You can call your LAN myfunhost.playtime and it will run just fine.

It is possible to run both a LAN FQDN that is not the same as your outside certified WAN FQDN, it just takes work.

I have tried pretty much everything that is suggested here in this very forum, at least twice. I have reinstalled three times. The best I got was local login and ML login. And now, even that is broken.

Hi all,

At least Ali and other got server 3 up and running.

I am stuck since Saturday because update to Mavericks stopped my running ML server.

1.) Update MAvericks stops ML server, right?

2.) purchase and download server 3 app to start the server and configure, right

Wrong. Server 3 is downloaded and installed but *does not start up*. It asks for the administrator password and then simply quits with the message.

"could not connect to server"

Right! My server is shot. Anyone who has a solution here?

Any other server I worked with since 1989 has tons of documentation. For OSX server there is nothing I found than the silly GUI server app with non descriptive dialogues. I want to be able to work under the hood, but right now this is much like an old MS-DOS adventure like dungeons and dragons where you have to discover the magic words to get to the next level.

Some pointers to real sources of info would be highly appreciated. I am totally stuck here and hope for the community to help me out. Thanks already.

bibop92;

I know it probably won't help you now, but just as a tip for future reference that I myself learned the hard way, here is how I cover my back:

1. Before any major update, I make a carbon copy backup clone of the boot partition on a sparseimage image.
2. If I run aground, I can revert back within 5-10 minutes. (All of my data sits on other partitions / drives.)

I made a clone of the my server partition before I installed the server 3.0, and seperately, after the initial install. Inbetween experiments, I brought the server to its previous state from the clone image.

Of course this did not solve any of the problems caused by this subpar software. I still wasted many 10s of hours. It just provided an easy exit strategy, and a way to maintain service.