JSP196
Level 1 (0 points)

Q: Cannot log into OpenDirectory server

I am running OSX Server 2.2 on a Mac Mini with 10.8.5.  I have successfully enabled Open Directory and created several users that are set up as Services Only, as they do not need home directories, only file sharing and (hopefully in the future) contacts and single sign-on.

 

I am able to bind my computer to the OD server using the fully qualified domain name (internal.xxxx.org) and get the green "enabled" dot in the Users page on the Mac.

 

I turned on "Allow Network Users to Log In" and tried to log in as my network user, and it "shakes" when I enter the username and password, and won't log in.  What am I doing wrong?  I'm unclear how to log in as a network user from my Mac's sign-in screen.  I also tried using the administrator's account, which is an actual user account on the server and that did not log in either.  It doesn't seem like the Mac is even attempting to check the server for user information.

 

Thank you.

Mac mini, OS X Mountain Lion (10.8.5)

Posted on Oct 13, 2014 2:28 PM

by Strontium90,Solvedanswer
Strontium90 Strontium90
Level 5 (4,077 points)
Servers Enterprise
A:

Yes.  The only time the home folder is on the server is when you are using Network Home Folders.  Or if you create the account as Local Only.  Why Apple creates a home folder on the server when you do this I don't know.  I too tend to create accounts as none - services only and then add the home folder path manually.  If I have a lot of accounts, I import the records.

 

And I would agree.  If you are supporting systems that are a blend of laptops and desktops, then mobile cached accounts is the most flexible.  You get to centrally manage the accounts on the server, define password policy, and enforce use policy.  The user is able to use the machine on or off the network as the credential is embedded in the device.  And you get single sign on function.  Keep in mind, this is dependent on your usage patterns.  If you have an iMac user and she shuts down every day, then she will see the most benefit.  Through longing window, she refreshes her experience with the server every day.  Now, those laptop users who simple close the lid and go... They may not experience login windows for weeks or months.  So the single sign on experience will not be the same.

 

As for the Google Apps.  Check out this page.  https://support.google.com/a/answer/106368?hl=en I don't do a lot with Google stuff so sadly I have no experience to share.  However, Open Directory is LDAP.  So in theory, this should work.  This has been one of those items that is on my pile of things to explore but I simply have not had the need yet.

 

Glad to help.  Good to see you are doing your homework and understanding the tech.  Keep going.

 

Reid

Apple Consultants Network

Author "Yosemite Server – Foundation Services" :: Exclusively available in Apple's iBooks Store

Author "Mavericks Server – Foundation Services" :: Exclusively available in Apple's iBooks Store

Author "Mavericks Server – Control and Collaboration" :: Exclusively available in Apple's iBooks Store

Posted on Nov 13, 2014 7:15 AM

Close
JSP196

Q: Cannot log into OpenDirectory server

  • All replies
  • Helpful answers

Previous Page 2

  • by Strontium90,Solvedanswer

    Strontium90 Strontium90 Nov 13, 2014 7:15 AM in response to JSP196
    Level 5 (4,077 points)
    Servers Enterprise
    Nov 13, 2014 7:15 AM in response to JSP196

    Yes.  The only time the home folder is on the server is when you are using Network Home Folders.  Or if you create the account as Local Only.  Why Apple creates a home folder on the server when you do this I don't know.  I too tend to create accounts as none - services only and then add the home folder path manually.  If I have a lot of accounts, I import the records.

     

    And I would agree.  If you are supporting systems that are a blend of laptops and desktops, then mobile cached accounts is the most flexible.  You get to centrally manage the accounts on the server, define password policy, and enforce use policy.  The user is able to use the machine on or off the network as the credential is embedded in the device.  And you get single sign on function.  Keep in mind, this is dependent on your usage patterns.  If you have an iMac user and she shuts down every day, then she will see the most benefit.  Through longing window, she refreshes her experience with the server every day.  Now, those laptop users who simple close the lid and go... They may not experience login windows for weeks or months.  So the single sign on experience will not be the same.

     

    As for the Google Apps.  Check out this page.  https://support.google.com/a/answer/106368?hl=en I don't do a lot with Google stuff so sadly I have no experience to share.  However, Open Directory is LDAP.  So in theory, this should work.  This has been one of those items that is on my pile of things to explore but I simply have not had the need yet.

     

    Glad to help.  Good to see you are doing your homework and understanding the tech.  Keep going.

     

    Reid

    Apple Consultants Network

    Author "Yosemite Server – Foundation Services" :: Exclusively available in Apple's iBooks Store

    Author "Mavericks Server – Foundation Services" :: Exclusively available in Apple's iBooks Store

    Author "Mavericks Server – Control and Collaboration" :: Exclusively available in Apple's iBooks Store

  • by JSP196,

    JSP196 JSP196 Nov 14, 2014 8:11 AM in response to Strontium90
    Level 1 (0 points)
    Nov 14, 2014 8:11 AM in response to Strontium90

    Thanks for all the help.  I just realized I can't find where to set the shell and home directory in the Yosemite server app.  I found it once when I was first setting everything up but haven't seen it since. Thanks.

  • by Strontium90,

    Strontium90 Strontium90 Nov 14, 2014 6:38 PM in response to JSP196
    Level 5 (4,077 points)
    Servers Enterprise
    Nov 14, 2014 6:38 PM in response to JSP196

    In Server.app, select Users.  Select the user from the list.  Right click or Control click on the user.  The contextual menu will reveal an Advanced Options option.  Choose that.

     

    That will let you do it.

  • by JSP196,

    JSP196 JSP196 Dec 5, 2014 1:19 PM in response to Strontium90
    Level 1 (0 points)
    Dec 5, 2014 1:19 PM in response to Strontium90

    Sorry for taking so long to try that part out.  When I right click on my users I only get Edit User, Edit Access to Services and Edit Mail Options.  Under Edit User, I can't select a Shell or Home Directory.  All of my users are set up as Local Network Users - do they all need to be set up as LOCAL users, even if they won't have a real local home directory?  And even on my one Local User, I couldn't find a place to set the Shell, though it did give me the option for a Home Directory.  Is there another way to do it?  Maybe in Workgroup Manager?

     

    I've also since upgraded to Yosemite Server, though I don't think that will matter much.

     

    Thanks.

  • by JSP196,

    JSP196 JSP196 Dec 5, 2014 3:06 PM in response to JSP196
    Level 1 (0 points)
    Dec 5, 2014 3:06 PM in response to JSP196

    I've just discovered that I can't edit a previous post, so I wanted to write an addendum.  I was able to put in the home directory in Workgroup Manager (though I would still be curious as to where that setting is in the Server App). 

     

    The last question (hopefully) is if people already have existing home directories will all sorts of preferences and email and everything, how can I move that to the new home directory created by the mobile user?  Is it as simple as creating the mobile user, then signing in as the administrator and moving all the folders from one place to the other (or just renaming the original home directory with the shortname of the mobile user)?  Thanks!

Previous Page 2