fth0

Q: Authentication problem adding OS X Server account on the server itself (as a client)

My local network consists of a LANCOM router, an iMac, an iPhone and several other devices. The router provides the Internet connection, the DHCP and DNS servers and an internal local domain ("fth0.home"). DNS is working as expected between all devices ("<device>.fth0.home"), and mDNS is also working as expected between all Apple devices ("<device>.local"). The iMac is running OS X El Capitan 10.11.2 with OS X Server 5.0.15, serving CalDAV and CardDAV services for the iPhone and the iMac itself, which is used as a local iCloud alternative.

 

When creating the setup described above I encountered a problem (since I'm using OS X in the German language, the following description might contain slight deviations from the correct English language texts): OS X Server was up and running, using the hostname "imac.fth0.home". To configure the iMac as a client (for the Calendar and the Contacts apps) I opened the Internet Accounts settings. When selecting "OS X Server Account", selecting the offered server (which shows the expected hostname) and entering username and password, the credentials are rejected. As a workaround I successfully added separate Internet accounts for CalDAV and CardDAV, so I have a working solution.

 

I've been searching for other people having the same problem in the forums, but only found a lot of similar problems, where clients not located on the server were unable to connect to some services. Is using the iMac simultaneously as OS X Server and as a client a special use case so that no-one has encountered the problem so far?

 

Looking at the rather complex Apache web server setup with several layers of virtual hosts and log files I suspect the problem could be in the area of the IP addresses. The server hostname "imac.fth0.home" can be resolved to 192.168.8.21 (by the router and the iMac) and to 127.0.0.1 (by the iMac), and the clients IP address can also be either of them. Ultimately the HTTP digest authentication fails in "/var/log/apache2/services/ACSServer_error_log", where the client is shown as 127.0.0.1, whereas it is shown as 192.168.8.21 in "/var/log/apache2/service_proxy_error.log". As I'm no web server expert, I could need some help if I'm going to analyze the  problem further ...


Any ideas what to look at?

iMac with Retina 5K display, OS X El Capitan (10.11.2)

Posted on Dec 28, 2015 8:36 AM

Close

Q: Authentication problem adding OS X Server account on the server itself (as a client)

  • All replies
  • Helpful answers

  • by Linc Davis,

    Linc Davis Linc Davis Dec 28, 2015 9:29 AM in response to fth0
    Level 10 (207,963 points)
    Applications
    Dec 28, 2015 9:29 AM in response to fth0

    The workaround is necessary because Calendars and Contacts use different server paths, as you can see in the respective account settings.

  • by fth0,

    fth0 fth0 Dec 28, 2015 11:24 AM in response to Linc Davis
    Level 1 (0 points)
    Dec 28, 2015 11:24 AM in response to Linc Davis

    Ok, I can see that the automatically chosen paths are different when viewing the account settings in Calendar and Contacts (and not in Internet Accounts, where paths and ports are not shown). But I do not understand your reasoning yet (I'm no native English speaker, so please ignore any possibly wrong choice of words while trying to explain :-) ):

     

    When selecting "OS X Server" in the Internet Accounts dialog and entering my credentials, I'd naturally expect to afterwards select and use more than one of the different services (Mail, Notes, Calendar, Reminders, Contacts), otherwise the selection possibility "OS X Server" would not make much sense to me. And on the server the paths will be different, independent on the case, if the server is on the same or on a different computer. Maybe a few short questions can shed a light on me:

     

    1. When the server is running on the same OS as the client, is the network stack used for communication (at least localhost 127.0.0.1) or is there a shortcut used?

     

    2. Is the selection "OS X Server" in the Internet Accounts dialog only meant to be used when the server is on a different device?

     

    3. When I select "OS X Server" and enter my credentials, how does the client or the server know in advance that I want to select conflicting services?

     

    In older versions of OS X (Lion, Mountain Lion, Yosemite) it was at least possible to setup the OS X Server account in the Internet Account settings, and only one protocol was automatically disabled and had to be setup separately (I believe it was the CardDAV protocol). I liked that better than a message telling me that my credentials are wrong, but it also took some time to find out what to do. :-(

     

    Thanks in advance for your patience and your answers. :-)

  • by Linc Davis,

    Linc Davis Linc Davis Dec 28, 2015 11:36 AM in response to fth0
    Level 10 (207,963 points)
    Applications
    Dec 28, 2015 11:36 AM in response to fth0

    All I can tell you is that separate accounts are needed for Calendars and Contacts synchronization with the server, regardless of the client, in my experience.