Q: i cannot login as local network user

I can log in to the user name from my MacMiniServer directly,

No, you can't. That keeps the other users from being able to log in at all.

OS X Server: Don't log in to the server with a network user's account - Apple Support

.

All of what follows you probably know or are aware of? So please excuse me if I'm teaching granny to suck eggs.

But, based on what you've presented:

Logging in with a network account (or anything/everything else) onto a client workstation absolutely requires working DNS. Before you start avoid using .local as the TLD for your domain. Why? Because .local is reserved for Bonjour.

What is working DNS?

The ability for the server itself to resolve its own hostname (more on this later) on both the forward and reverse pointers. The ability for client workstations to resolve the server hosting user home folders (plus anything else) on both the forward and reverse pointers. Typically you'd use the DHCP service to 'serve' this information over the network to your clients.

Time.

Server and clients must be using the same network time protocol server for their time. By default the time differential must be within 5 minutes. One of the error messages you've posted refers to un-synchronized time. The other LKDC error is because the user name and password you're using is not local to that workstation. If you've not bound the workstation to the server and/or their's bad DNS or an ill-thought out network then how is your workstation going to present those credentials to a server it can't properly find?

The above is not an exhaustive list by any means but it is a good start. A server's hostname is always going to be server.domain.something (but not .local) and it's never server.local. This would be its multicast/Bonjour name. Macs announce and discover themselves using this protocol. Bonjour is a zero-config networked environment (ie: just cables, a switch, hub, router or firewall and nothing else). Zero-config does not require the person setting it up to know anything other than switching the computers on and connecting the 'dots'. This is as simple as it gets. Once you decide you want to use OS X Server (or any other server) it's necessary to deal with DHCP and DNS first before moving onto anything else.

My 2p

There are multiple parts to the DNS story.

1. you must have chosen a three-part name such as server.mydomain.com, and added that into your DNS

2. Your workstations must be able to Lookup this name FORWARD (Network Utility resolves by this name to its appropriate IP Address); and BACKWARD (Network Utility finds that the IP Address looks up to server.mydomain.com).

Network Utility is available in System/Library/CoreServices/Applications  folder.

3. Your workstations must include your local DNS resolver in their Preferences > Network > .whatever interface. > DNS. If you can get your Router to pass out this DNS reference with the DHCP, so much the better. If not, each must have it added manually.

4. Your workstations must be bound to the Open Directory Server as the "Network Account Server", preferably by server.mydomain.com reference

in System Preferences > Users&Groups > Login Options, and the light must be green.

5. Your Server must be bound ONLY to itself ONLY by numerical 127.0.0.1 reference in

System Preferences > Users&Groups > Login Options, and the light must be green.

6. seeing your computer-name on the (Edit) screen in

System Preferences > Sharing ...

is a red herring, as long as it shows as NOT .local in the main Sharing screen.

Next issue already mentioned is Time. To use encryption, the time on each Mac must be similar, within five minutes is the absolute limit. best practice is to use automatic sync to the same Standard. System Preferences > Date & Time:

.

what message do you get when you try to log in?

.

You will probably have to get on the Server and use Console.app to look at the System Log (all messages) from exactly the time when you attempted to log in -- And similarly (use Console.app to look at the System Log) on the Workstation itself.

Putting the information from both together, you can sometimes deduce what has happened. Readers here will be glad to help you if you can post concise cut-and-pasted text (not screenshots) for the messages from the attempted logins.

Please do not post thousands of lines of console messages. They are impossible for Volunteers to wade through.

I'm getting a similar issue,

I'm using the oceanic.pool.ntp.org time server on both machines, the machine with IP 10.0.1.45 has the DNS set to 10.0.1.6, which is the DNS on the server.

But for the life of me i cant log in with my network accounts.

this is the log from the server:

an  8 16:36:04 server kdc[105] <Notice>: Client sent patypes: ENC-TS, REQ-ENC-PA-REP

Jan  8 16:36:04 server kdc[105] <Notice>: Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ

Jan  8 16:36:04 server kdc[105] <Notice>: AS-REQ bradevery@SERVER.SALTSTUDIOS.COM.AU.PRIVATE from 10.0.1.145:63580 for krbtgt/SERVER.SALTSTUDIOS.COM.AU.PRIVATE@SERVER.SALTSTUDIOS.COM.AU.PRIVATE

--- last message repeated 1 time ---

Jan  8 16:36:04 server kdc[105] <Notice>: Client sent patypes: ENC-TS, REQ-ENC-PA-REP

Jan  8 16:36:04 server kdc[105] <Notice>: Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ

Jan  8 16:36:31 server servermgr_dirserv[1048] <Warning>: idle exit

Jan  8 16:36:31 server servermgr_devicemgr[1050] <Warning>: idle exit

Jan  8 16:36:31 server servermgr_info[1021] <Notice>: Dispatcher: servermgr_dirserv plugin disconnected

Jan  8 16:36:31 server servermgr_info[1021] <Notice>: Dispatcher: servermgr_devicemgr plugin disconnected

Jan  8 16:36:31 server Server[659] <Notice>: Dispatcher: servermgr_devicemgr plugin disconnected

Jan  8 16:36:31 server Server[659] <Notice>: Dispatcher: servermgr_dirserv plugin disconnected

Here are the logs from the computer:

Jan  9 16:42:34 STUDIO-B com.apple.xpc.launchd[1] (com.apple.speech.speechsynthesisd) <Notice>: This key does not do anything: OnDemand

Jan  9 16:42:34 STUDIO-B com.apple.xpc.launchd[1] (com.apple.TrustEvaluationAgent) <Notice>: This key does not do anything: OnDemand

Jan  9 16:42:34 STUDIO-B.local tccd[1637] <Notice>: Failed to create /var/empty/Library/Application Support/com.apple.TCC (13)

Jan  9 16:42:34 STUDIO-B.local sandboxd[359] ([1636]) <Notice>: AssetCacheLocato(1636) deny mach-lookup com.apple.cookied

Jan  9 16:42:34 STUDIO-B.local sandboxd[359] ([1636]) <Notice>: AssetCacheLocato(1636) deny ipc-posix-shm-read-data /tmp/com.apple.csseed.162

Jan  9 16:44:21 STUDIO-B.local SecurityAgent[1585] <Notice>: User info context values set for bradevery

Jan  9 16:44:21 STUDIO-B.local authorizationhost[1588] <Error>: Failed to authenticate user <bradevery> (error: 9).

fully qualified domain names ending in .private have been troublesome.

It is encouraging that you have actually gotten to the Server, but it appears to be saying your request is not good enough yet.