Sascha Schmidt

Q: Cannot add users with Server.app

Hi,

 

I've managed Users in the past with the Server.app. After a long time where no change was needed, I'm trying to add a new User using the Server.app.

 

I'm trying to add a normal, lokal (not a directory user). The Server app tells me that I've got NOT enough rights to add a user account. I'm the admin of the server and have checked this with the "normal" user admin application.

 

Does someone has a hint what's going wrong and what to check to find the problem?


Thanks

Sascha

Mac mini (Late 2012), OS X Yosemite (10.10.3)

Posted on Dec 22, 2015 12:48 PM

Close

Q: Cannot add users with Server.app

  • All replies
  • Helpful answers

  • by Kevin Neal,

    Kevin Neal Kevin Neal Dec 22, 2015 1:15 PM in response to Sascha Schmidt
    Level 3 (513 points)
    Servers Enterprise
    Dec 22, 2015 1:15 PM in response to Sascha Schmidt

    One thing you could check is whether you are authenticated to make changes in Directory Utility

     

    First open Server.app then choose "Tools" from the top menu and open "Directory Utility"

     

    Click on the Directory Editor icon

     

    from the first drop down list choose: Viewing "Users"

     

    in the second drop down choose: in node "/LDAPv3/127.0.0.1"

     

    Then click the padlock and enter the user name and password for the directory admin, this will most likely be different than the admin account of the server

  • by Sascha Schmidt,

    Sascha Schmidt Sascha Schmidt Dec 23, 2015 9:02 AM in response to Kevin Neal
    Level 1 (5 points)
    Servers Enterprise
    Dec 23, 2015 9:02 AM in response to Kevin Neal

    Hm, the directory admin isn't me as the standard admin? Otherwise I cannot remember an additional login I could have created at OS X server installation.

    Is there a chance to remember the login/recover it?

     

    *Update*

    I could recover the password for the user "diradmin" and auth as you described. But how does it help?

  • by Kevin Neal,

    Kevin Neal Kevin Neal Dec 23, 2015 10:18 AM in response to Sascha Schmidt
    Level 3 (513 points)
    Servers Enterprise
    Dec 23, 2015 10:18 AM in response to Sascha Schmidt

    once you have authenticated does in now let you create users in server.app?

  • by Melan Parkstrider,

    Melan Parkstrider Melan Parkstrider Jan 2, 2016 5:52 AM in response to Kevin Neal
    Level 1 (0 points)
    Jan 2, 2016 5:52 AM in response to Kevin Neal

    I'm experiencing this as well.  I set this server up originally, under OS 10.8 and never specified a different password for LDAP or Directory Services.  In fact I don't recall every being requested to set one.  I upgraded to El Capitan and Server 5.015 and new experience this issue requesting passwords. 

     

    I have checked in the Directory Utility/Directory Editor for Users>LDAPv3/127.0.0.1 and it does indicate Not Authenticated.  Can any suggest how I can reset the password or suggest were I can read to learn how to do so?

  • by Melan Parkstrider,

    Melan Parkstrider Melan Parkstrider Jan 2, 2016 10:15 AM in response to Melan Parkstrider
    Level 1 (0 points)
    Jan 2, 2016 10:15 AM in response to Melan Parkstrider

    ***Resolved***

    For the sake of integrity of this thread my problem was the result of not realizing the username being requested was diradmin and not the admin account I used to login to the computer.  Once I tried diradmin and the regular password I normally use for the server I was able to authenticate and make the necessary changes to my users as normal.  It appears that the upgrade to 5.015 Server requires re-authentication.

  • by Sascha Schmidt,

    Sascha Schmidt Sascha Schmidt Jan 11, 2016 12:50 PM in response to Kevin Neal
    Level 1 (5 points)
    Servers Enterprise
    Jan 11, 2016 12:50 PM in response to Kevin Neal

    I could auth with the user "diradmin" against the Server.app and afterwards I could create uses. With my "normal" user (with admin privileges) I cannot add users.

     

    I know and I'm sure that I could configure users with my normal admin account the osx release before.

     

    Is this right or did my user loose any permissions?

  • by Nick Gilpin,

    Nick Gilpin Nick Gilpin Jan 31, 2016 7:27 PM in response to Sascha Schmidt
    Level 1 (0 points)
    Jan 31, 2016 7:27 PM in response to Sascha Schmidt

    Hi Sascha,

     

    I had exactly the same problem as you. Im managing a server that was setup before my time, and it didn't even have the original password documented. This password was never required to add users (as I now have a new admin password that I use) - I've added many users since creating my new admin password on this server. I've recently updated the server to El Capitan and Server 5.015 and the issue began - I couldn't create users as I was not able to authenticate once inside the server app (adding a new user required logging into the LDAPv3 node and none of my username password combos worked).


    I changed my account password, I rebuilt the keychain and I tried a lot of other things.


    Finally I had success logging into the LDAPv3 node (as described by Kevin Neal above) with diradmin (as the username) and a password that I guessed (that was obviously the original password for the server). Once I logged onto my server app (with my 'new' password), I could add users with diradmin and the 'old' password. I guess I was lucky to find that password! 


    Although I think you can reset the open directory password this way, OS X Server: How to reset the Open Directory administrator password - Apple Support if you ever need to, but I didm't need to try that in the end. 



  • by Perbjorkhem,

    Perbjorkhem Perbjorkhem Aug 12, 2016 3:35 AM in response to Nick Gilpin
    Level 1 (4 points)
    Mac OS X
    Aug 12, 2016 3:35 AM in response to Nick Gilpin

    I updated to OS X 10.11.6 and then the server to 5.1.7 and had the exact same problem.

    How crazy is that, that you are admin but cannot administer. Stupid system.

    Anyway, thanks to you I could go to the link and then enter the very long unix code and be able to change password and now I can work with my users.

     

    Server -app is really bad software. I have had problems with it since day one. Can´t someone make a server app that works?