Sheldon392
Level 1 (1 points)

Q: Mavericks Server Error 5101

Im trying to bind my client to my server so network users can login on the client. I go into Users, login options, and then hit join on my client computer. I type in the domain name that Open Directory tells me to use, I choose to trust the SSL certificates, then I hit continue even though the sever doesn't provide a secure SSL connection (which I think is the problem), it asks me for my username and password, it says binding, closes the drop down window and then gives me this error message:

Screen Shot 2014-08-31 at 11.47.58 PM.png

 

I'm fairly sure, after looking at tons of articles, that my problem lies in my certificates but I'm not sure what to do at this point.

iMac, OS X Mavericks (10.9.3)

Posted on Sep 1, 2014 12:55 AM

Close
Sheldon392

Q: Mavericks Server Error 5101

  • All replies
  • Helpful answers

  • by Linc Davis,

    Linc Davis Linc Davis Sep 1, 2014 10:28 AM in response to Sheldon392
    Level 10 (207,995 points)
    Applications
    Sep 1, 2014 10:28 AM in response to Sheldon392

    Many Open Directory problems can be resolved by taking the following steps. Test after each one, and back up all data before making any changes.

    1. The OD master must have a static IP address on the local network, not a dynamic address.

    2. You must have a working DNS service, and the server's hostname must match its fully-qualified domain name. To confirm, select the server by name in the sidebar of the Server application window, then select the Overview tab. Click the Edit button on the Host Name line. On the Accessing your Server sheet, Domain Name should be selected. Change the Host Name, if necessary. The server must have at least a three-level name (e.g. "server.yourdomain.com"), and the name must not be in the ".local" top-level domain, which is reserved for Bonjour.

    3. The primary DNS server used by the server must be 127.0.0.1 (that is, itself) unless you're using another server for internal DNS. The only DNS server set on the clients should be the internal one, which they should get from DHCP if applicable.

    4. Follow these instructions to rebuild the Kerberos configuration on the master.

    5. If you use authenticated binding, check the validity of the master's certificate. The common name must match the hostname and domain name. Deselecting and then reselecting the certificate in Server.app has been reported to have an effect in some cases. Otherwise delete all certificates and create new ones.

    6. Unbind and then rebind the clients in the Users & Groups preference pane. Use the fully-qualified domain name of the master.

    7. Reboot the master and the clients.

    8. Don't log in to the server with a network user's account.

    9. Disable any internal firewalls in use.

    10. As a last resort, export all OD users. In the Open Directory pane of Server, delete the OD server. Then recreate it and import the users. Ensure that the UID's are in the 1001+ range.

  • by Sheldon392,

    Sheldon392 Sheldon392 Sep 1, 2014 1:08 PM in response to Linc Davis
    Level 1 (1 points)
    Sep 1, 2014 1:08 PM in response to Linc Davis

    Thanks for replying Linc. I gave up on it last night and thought I would try to connect this morning and wouldn't you know it worked. When I go onto my client computer and attempt the binding process again, then name of my server automatically pops in and it doesn't give me the warning about not having a secure SSL connection. I type in the username and password for my OD and I get a green light without any errors.

     

    My new problem is that I can't login with my network user account through my client (I turned on logging in from the login screen and such). I can login on my server computer but it doesn't work on my client.

  • by skynet3020,

    skynet3020 skynet3020 Oct 24, 2014 9:23 AM in response to Sheldon392
    Level 1 (9 points)
    Oct 24, 2014 9:23 AM in response to Sheldon392

    same error here after delete the old binding and want to rebind, this happens to all clients with 10.9.5, there are 1 local admin accound an the root is activated.

    The OD client is a mobile sync account. i can delete the mobile user > rebind same problem, delete the binding on the server > same problem error 5101.

     

    Login on a binded client working fine. reinstall client computer create a user account to configure the root user then bind > work's.

    Migrate the admin acount apps & programms from time machine backup without any settings or other files working but i must do the binding before the migration the it works. If i do after the migration error 5101 comes again also if i delete now the binding and want rebind > error 5101

     

    very strange this and i found nothing on the net about this

     

    dns is not the problem because all is working fine, also the binding if i do before, and this is only on client's where used as mobile sync

     

     

    edit: we are not alone with this problem:

    http://forum.wegotserved.com/index.php/topic/29011-mavericks-network-account-ser ver-join/