Erich Wetzel

Q: Mavericks Server Keychain not properly storing information network users.

OS 10.9.1, Server 3.0.2. Clients OS 10.9.1 bound to server Open Directory and managed with Profile Manager. 10.6.8 Mail server bound to 10.9.1 server Open Directory. Messages is running on the 10.9.1 server which hosts the users.

 

Changeip -checkhostname indicates DNS is correct for the server. Server is running on a FQDN, no .local or other DNS issues.

 

For everything below: the Keychain for any of the users does not need to be repaired.

 

Generally things are going well with one exception which is a big problem.

 

Each time a network user logs and tries to use either Mail to connect to our mail server via IMAP or Messages in they are prompted for passwords. Messages takes the password and logs in. Mail acts as though the password was incorrect and asks for it again, it does not pass the connection to the mail server. There is no trace of the attempted login on the mail server logs.

 

Functional workarounds:

 

1 - OS reinstall allows immediate login on the mail server and connections as expected. This is a little too much for day to day use.

 

2 - (From somewhere in the forums forgot who, sorry), User login, go to User's network home/Library/Keychains and move any keychains with long strings of letters and numbers as name to another folder or put in trash, immediately reboot, User login again, enter passwords in Mail, immediate connection to mail server and expected behavior from Mail.app.

 

As a network user machine in a multi user environment, the next user will have to repeat the entire procedure above, including the reboot, to get access to the contents of the mail server. The first user in the example above will have to repeat it, if they come back to the same machine and log in again.

 

This is what we are doing now. It appears that it would work on a personal machine with local users and has solved a lot of issues in the forum. It is helping but does not solve the keychain problem for network users.

 

Does anyone have any advice.

 

Thanks.

 

-Erich

OS X Server

Posted on Jan 10, 2014 6:42 PM

Close

Q: Mavericks Server Keychain not properly storing information network users.

  • All replies
  • Helpful answers

first Previous Page 3 of 19 last Next
  • by elmojnr,

    elmojnr elmojnr May 26, 2014 5:56 PM in response to Erich Wetzel
    Level 1 (5 points)
    May 26, 2014 5:56 PM in response to Erich Wetzel

    I take it all back

     

    Just after posting it the problem came back

  • by Sebastian Johannsen,

    Sebastian Johannsen Sebastian Johannsen Jun 6, 2014 1:55 PM in response to Hector Castillo
    Level 1 (0 points)
    Jun 6, 2014 1:55 PM in response to Hector Castillo

    Alright guys. I installed yesterday 3.1.2, although I am still in touch with enterprise support, whose are a little offline because of WWDC. I can say that today I tried with 2 user accounts what happends after switching. The problem with calendar and contacts is still there, but Mail is working with no password problems. I will have this under supervision and will report, what happends.

    I wrote today to enterprise support again and am waiting.

    Hopefully they still care about Mavericks.

  • by robertoraskovsky,

    robertoraskovsky robertoraskovsky Jun 23, 2014 8:53 AM in response to Sebastian Johannsen
    Level 1 (0 points)
    Jun 23, 2014 8:53 AM in response to Sebastian Johannsen

    Hi All,

     

    Has anyone had any luck since? Is this issue still occurring for everyone? I am stuck with local client machine logins which is rediculous and the only reason I chose an OSX server network. Are people still being prompted for passwords each time they log in?

     

    Does anyone know of a temporary fix yet?

     

    Thanks

    Rob

  • by Sebastian Johannsen,

    Sebastian Johannsen Sebastian Johannsen Jul 1, 2014 6:49 AM in response to robertoraskovsky
    Level 1 (0 points)
    Jul 1, 2014 6:49 AM in response to robertoraskovsky

    Hello.

     

    I have not get any answer yet. Still waiting. The problem is still there.

    On Thursday I will install 10.9.4. Maybe OS X Server 3.2 is out then.

     

    I will post here, if I have any news.

  • by Hector Castillo,

    Hector Castillo Hector Castillo Jul 1, 2014 8:03 AM in response to Sebastian Johannsen
    Level 1 (20 points)
    Jul 1, 2014 8:03 AM in response to Sebastian Johannsen

    updated server and clients to 10.9.4 and did not fix it

  • by robertoraskovsky,

    robertoraskovsky robertoraskovsky Jul 19, 2014 6:49 AM in response to Erich Wetzel
    Level 1 (0 points)
    Jul 19, 2014 6:49 AM in response to Erich Wetzel

    Hi everyone,

     

    So more digging on this matter. Can I just check something with the people who are also experiencing this issue...

    Do you have your network users set up to store Home Folder as 'Local Only' or have you set a directory on the server?

     

    Thanks for your input on this....

     

    Rob

  • by Erich Wetzel,

    Erich Wetzel Erich Wetzel Jul 19, 2014 11:56 AM in response to robertoraskovsky
    Level 2 (345 points)
    Servers Enterprise
    Jul 19, 2014 11:56 AM in response to robertoraskovsky

    Rob,

     

    Network homes on the server for us.

     

    -Erich

  • by robertoraskovsky,

    robertoraskovsky robertoraskovsky Jul 19, 2014 12:08 PM in response to Erich Wetzel
    Level 1 (0 points)
    Jul 19, 2014 12:08 PM in response to Erich Wetzel

    Hi Erich,

     

    Thanks for the reply. Can you tell me what the staff permission on the 'User Home' network share is?

     

    Thanks

    Rob

  • by Erich Wetzel,

    Erich Wetzel Erich Wetzel Jul 19, 2014 12:51 PM in response to robertoraskovsky
    Level 2 (345 points)
    Servers Enterprise
    Jul 19, 2014 12:51 PM in response to robertoraskovsky

    In my case, the Staff group does not have access.

  • by Hector Castillo,

    Hector Castillo Hector Castillo Jul 19, 2014 10:51 PM in response to robertoraskovsky
    Level 1 (20 points)
    Jul 19, 2014 10:51 PM in response to robertoraskovsky

    Network Homes for us, staff Read Only

  • by robertoraskovsky,

    robertoraskovsky robertoraskovsky Jul 22, 2014 10:09 AM in response to Erich Wetzel
    Level 1 (0 points)
    Jul 22, 2014 10:09 AM in response to Erich Wetzel

    Here is an update, I have just got off the phone, talking to Apple Support regarding this issue (again).

    It is still an open case. I was told that the bug has been raised to " highly critical" and is logged as bug Radar Customer Bug Number 15792007 (be aware they also have a seperate internal bug ID). He mentioned that there are only a handful of bugs with this status. The latest update to Radar was on 14th July 2014, so the man I spoke to ensured me the issue was being dealt with by engineers. His only work around for now is to use iCloud Keychain, for me this is not an option as I don't want this information stored on the cloud. To clarify, the bug is listed to occur with Network Homes. If you receive this problem with local homes, please do call up and update the bug. He said the more people that raise this as a major issue, the quicker it will be dealt with.

     

    I register my interest in this bug and was told that if a solution is found or updates to the bug are logged, I will be notified.

     

    If you would like to do the same, the number I called was 00800 2775 2775 and I spoke to Peter Sheahan on ext: 88455.

     

    Sorry I can't be of any more help so far.

  • by robertoraskovsky,

    robertoraskovsky robertoraskovsky Jul 23, 2014 11:33 AM in response to Erich Wetzel
    Level 1 (0 points)
    Jul 23, 2014 11:33 AM in response to Erich Wetzel

    An update: Peter called me today having spoken to an engineer. Apparently the issue is fixed in Yosemite and Yosemite Server. Frustrating I know!


    For now this is what I have been advised:

    "The engineer also advised that the only workaround at the moment is to not use network home folders, other types of account seem to be functioning ok."

  • by Richard Cartledge,

    Richard Cartledge Richard Cartledge Jul 23, 2014 1:08 PM in response to robertoraskovsky
    Level 2 (449 points)
    Jul 23, 2014 1:08 PM in response to robertoraskovsky

    We have this problem with our AD users with Mavericks and home folders on Server 2012.

    I thought it was caused by using windows server so created a new Mavericks scratch image, ditched Workgroup Manager and OD, migrated to Maverick Server Profile Manager and setup mobile accounts / local homes and we STILL have this keychain problem as above - AGGGGHHHH!

     

    Come on Apple!

  • by robertoraskovsky,

    robertoraskovsky robertoraskovsky Jul 23, 2014 1:16 PM in response to Richard Cartledge
    Level 1 (0 points)
    Jul 23, 2014 1:16 PM in response to Richard Cartledge

    Pretty frustrating isn't it!

    Apparently the local items keychain issue is still open and being worked on by the OS team. However the issue with multiple keychains and not storing keychains is a Server issue, and looking increasingly likely that it is not going to be fixed in Mavericks, but it has been fixed for Yosemite Server Build 14a222a (apparently).

  • by ziondotcom,

    ziondotcom ziondotcom Jul 23, 2014 1:22 PM in response to robertoraskovsky
    Level 1 (10 points)
    Jul 23, 2014 1:22 PM in response to robertoraskovsky

    So after 4 updates to 10.9 which we were told would fix this, now we are told it's fixed in a beta due this fall. Anyone care to valid the 10.10 promise?

first Previous Page 3 of 19 last Next