タケル 光子郎
Level 1 (0 points)

Q: Cannot Bind Client to Server after Upgrading to 10.9 / Server 3.0

Both client and server were upgraded from 10.8.5 to 10.9 (and Server.app to 3.0), but afterwards the client states that the network accounts server is not reachable (many similar problems in this forum, mostly related to failed network logons).

I removed the network accounts server and tried to re-add it, always resulting in the error:

 

Error: Authentication server refused operation because the current credentials are not authorized for the requested operation. (5101)

 

I get the same error binding via system settings and manually via dsconfigldap. All users involved in the operation have administrative privileges (directory administrator and local machine administrator).

 

Has anyone an idea what the error exactly refers to or what causes the problem?

 

Best regards,

Michael

MacBook Pro (17-inch Early 2011), OS X Mavericks (10.9)

Posted on Oct 25, 2013 8:45 AM

Close
タケル 光子郎

Q: Cannot Bind Client to Server after Upgrading to 10.9 / Server 3.0

  • All replies
  • Helpful answers

  • by theFerret,

    theFerret theFerret Nov 9, 2013 2:10 PM in response to タケル 光子郎
    Level 1 (15 points)
    Nov 9, 2013 2:10 PM in response to タケル 光子郎

    I have the same problem with a fresh install of MOS 10.9.0 and Server 3.0.0 trying to bind a 10.9.0 client upgraded from 10.8.5 (incl suppl update) to it.

  • by YpK,

    YpK YpK Nov 10, 2013 4:04 PM in response to theFerret
    Level 1 (0 points)
    Nov 10, 2013 4:04 PM in response to theFerret

    I can confirm the same behaviour using my admin account.

     

    We also get an error when trying to bind over the LDAPv3 in Directory Utility. There it says:

    "Adding configuration failed"

    "Unable to add to this server to the configuration for an unknown reason. Please use custom to continue this process"

     

    Using custom doesn't really get it to work I get several other errors and the computer never appears in the workgroup manager.

     

    If anyone has a better debugging process, I'm happy to hear about it

  • by k8n,

    k8n k8n Nov 12, 2013 6:16 AM in response to タケル 光子郎
    Level 1 (0 points)
    Nov 12, 2013 6:16 AM in response to タケル 光子郎

    Solved same issue in my setup by fixing DNS. Ensure your reverse DNS woks correctly. In my case, my secondary DNS server did not mirror the reverse zone from the primary. "dig @<ip_of_a_dns_server> -x <ip_of_client_or_od_server>" is your friend.

  • by YpK,

    YpK YpK Nov 12, 2013 4:11 PM in response to k8n
    Level 1 (0 points)
    Nov 12, 2013 4:11 PM in response to k8n

    We never had reverse DNS set for the server here. It's a small network and DNS is handled by an Airport Extreme.

    Don't know if it's still possible to use in that case, would be a shame if not.

  • by theFerret,

    theFerret theFerret Nov 12, 2013 10:37 PM in response to k8n
    Level 1 (15 points)
    Nov 12, 2013 10:37 PM in response to k8n

    Yep, DNS was a problem for me as well. My public DNS has an public IP address to the firewall protecting and NAT:ing traffic to the server while the server itself has it's own local IP address in it's own DNS only used by itself. When I changed the client from using the public DNS to use the server as DNS it worked to bind the computer to the OD server.

  • by TRACY THOMPSON,

    TRACY THOMPSON TRACY THOMPSON Nov 13, 2013 12:07 PM in response to タケル 光子郎
    Level 1 (0 points)
    Nov 13, 2013 12:07 PM in response to タケル 光子郎

    If you are using an authenticated bind be sure to choose enable SSL or Trust from System Preferences when binding.

  • by macadmintwoa,

    macadmintwoa macadmintwoa Nov 19, 2013 6:49 PM in response to TRACY THOMPSON
    Level 1 (0 points)
    Nov 19, 2013 6:49 PM in response to TRACY THOMPSON

    This solved my issue too

  • by lricher001,

    lricher001 lricher001 Feb 24, 2014 9:02 AM in response to k8n
    Level 1 (0 points)
    Feb 24, 2014 9:02 AM in response to k8n

    Hi all,

     

    You might be able to direct me to the correct forum.

     

    I have an issue with migrating a local user from one machine to being a network user. here is the issue:

     

    Machine A: Laptop currently has user Brian but this user has all of its files on the laptop.

    Machine B: Server (Mavericks Server) does not have brian listed in hte LDAPv3 list of users.

     

    How can i make brian a netowrk user on the LDAPv3 list so i can manage his profile?

     

    All machines run Mavericks.

     

    Any experience dealing with such issues? any e-help available out there?

     

    Thanks all.

     

    Lau