AliCossack
Level 1 (0 points)

Q: Open Directory not working on select macs.

We run a mac office, and have several iMacs with networked users that log in to our mac mini server running Mavericks and the OS X server app. We bought 2 iMacs last week, and have set them up just as we did with our previous iMacs.

 

On the Mac OS X Server, we create the network user, and assign them to a workgroup.

 

Then on the new macs this process is followed:

  • Set up an admin user account for the iMac.
  • Log in to admin
  • Connect to Network
  • Open up System Preferences
  • Go to Users & Groups
  • Authenticate as Admin
  • Click on Login Options
  • Join the Network Account Server and allow users to log in via Network
  • Display login window as Name and Password
  • Log out from admin
  • Log in with Network user account credentials

 

However, these 2 iMacs just shake at the login screen for any network login. In the past, when we had trouble with network logins, there would be a tooltip saying that Network Logins are Unavailable. There's no tooltip in this case. The new user accounts have been tested on other macs. We've verified the Network Account Server is correct too. The only difference between these 2 new iMacs and the previously set up iMacs is that the Network Account Server initially identified as Server.local instead of the Server.private that the previous iMacs recognised. I went in after the fact and deleted the .local and added the .private address instead. Both .local and .private resolve to the same IP address. Short of wiping these 2 iMacs and rebuilding from the ground up (Not a hassle to do since they're fresh, just takes time), what other trouble shooting steps can I go through to resolve this issue?

 

I've downloaded the Workgroup Manager app for 10.9, and the new user accounts look set up properly, and I don't think it has anything to do with the server, just these 2 iMacs. I've verified the settings should match the previously set up iMacs.

iMac (21.5-inch, Late 2013), OS X Mavericks (10.9.4)

Posted on Aug 14, 2014 1:44 PM

Close
AliCossack

Q: Open Directory not working on select macs.

  • All replies
  • Helpful answers

  • by Grant Bennet-Alder,

    Grant Bennet-Alder Grant Bennet-Alder Aug 14, 2014 4:10 PM in response to AliCossack
    Level 9 (61,073 points)
    Desktops
    Aug 14, 2014 4:10 PM in response to AliCossack

    Two more steps usually required:

     

    In system Preferences > Networks > Advanced ... |  DNS  |

    Enter your local DNS as the only DNS

    (Apply)

  • by Linc Davis,

    Linc Davis Linc Davis Aug 14, 2014 4:55 PM in response to AliCossack
    Level 10 (207,995 points)
    Applications
    Aug 14, 2014 4:55 PM in response to AliCossack

    Many Open Directory problems can be resolved by taking the following steps. Test after each one, and back up all data before making any changes.

    1. The OD master must have a static IP address on the local network, not a dynamic address.

    2. You must have a working DNS service, and the server's hostname must match its fully-qualified domain name. To confirm, select the server by name in the sidebar of the Server application window, then select the Overview tab. Click the Edit button on the Host Name line. On the Accessing your Server sheet, Domain Name should be selected. Change the Host Name, if necessary. The server must have at least a three-level name (e.g. "server.yourdomain.com"), and the name must not be in the ".local" top-level domain, which is reserved for Bonjour.

    3. The primary DNS server used by the server must be 127.0.0.1 (that is, itself) unless you're using another server for internal DNS. The only DNS server set on the clients should be the internal one, which they should get from DHCP if applicable.

    4. Follow these instructions to rebuild the Kerberos configuration on the master.

    5. If you use authenticated binding, check the validity of the master's certificate. The common name must match the hostname and domain name. Deselecting and then reselecting the certificate in Server.app has been reported to have an effect in some cases.

    6. Unbind and then rebind the clients in the Users & Groups preference pane. Use the fully-qualified domain name of the master.

    7. Reboot the master and the clients.

    8. Don't log in to the server with a network user's account.

    9. As a last resort, export all OD users. In the Open Directory pane of Server, delete the OD server. Then recreate it and import the users. Ensure that the UID's are in the 1001+ range.