Wiki users / login issue

from memory, you need to allow other users to view/read the wiki. The group members should be able to read write to the group/users wikis and others can be allowed read/access or read/write access or no access.

That is set up properly. I have a group that consists of the users I can't get logged in. That group is allowed read/write/admin privileges for the wiki.

That said I see you say system prefs for users, and if that is correct then you are making new local accounts on your physical box, that hosts your server and they then can access the wiki, then you are a bit off the mark (I think!).

Users created in serverprefs should be able to access their user wiki and the wikis they have group permission to access, as I said above the access permissions are set in the wiki page.

This is exactly my point. The users that I have created in Server Prefs should be able to access their user wiki and any wikis that they have permission to access. But that's just it.. they are not able to access them. The only way that it will allow access is if I create a local account in System Prefs.

To test that, I created a local account for one user in the group, and immediately after doing so that user was able to log into the wiki. The other users in the group still cannot login to the wiki. Only the user that I created a local account for.

I hope I am not offending you when is state that systemprefs/accounts is for local users and accounts on the computer (physical box) that hosts the server (software application). Serverprefs is for managing people and groups hosted on the server (software application) serveradmin is for controlling and administering the server (software application) and workgroup manager controls more broadly, people, groups, machines that connect to the server and machine groups.

No offense taken. I've used Macs all of my life and felt like I understand how it worked. Usually things work how you think they should on a Mac. 😀 But it wasn't, hence this thread.

Hope you can help me.

Message was edited by: lnail

My server was not bound to the OD directory properly.

Running the command in terminal you described results in: "The names match. There is nothing to change. dirserv:success = "success"."

However, I don't believe that I have Kerberos running.

On a side note. I did a complete reinstall thinking maybe I did something wrong during setup. I was able to get two other users able to login to the wiki. One is the other "Wiki Creator" setup in Server Admin/Web/Settings/Wiki. The other is a plain user that is with no admin privs anywhere (server/wiki/etc.) that was setup in Server Prefs. Both of these users can access the wiki's that I have created. Anyone else though is unable to access the wiki's.

Any other ideas?

Well, it seemed as if it was working as I was able to get two users able to login, but the remaining 59 users are unable to login at all.

There is nothing alike in the two users that stands out. One is a server admin and a "Wiki Creator", the other is neither - just a standard user. Every other user (59 of them) can not log in at all.

Message was edited by: lnail

Okay.. I tried turning off the web services, disabling SSL in the web, disabling SSL in OD, and disableing SSL in Server Prefs. Then I restarted the web and tried to login with another user that way.. no go. It wouldn't even let me log in with the two users that did work.

I then reenabled SSL on in ServerPrefs, in OD, and in Web services, and then started the web services. Now NO ONE can log in except me.

Where am I going wrong here?

Okay.. I think I have found part of my problem. Yesterday morning, everything was fine with my two users, and I am going to assume that it may have been alright with the other users too. But somehow, I changed something that caused this all to go haywire and I have no idea where to start to get it put back, shy of a complete reinstall.. again!

In SysPrefs>Accounts>Login Options>Network Account Server.. It says that the server is not responding. Also, in Server Admin>Open Directory>Settings>General>Replica Tree.. this is missing now.. it was there yesterday, but it is not now. Crappy thing is that I didn't get it backed up yet, because I didn't think I had my settings right yet. Also, and this may or may not be related to the current issue, but I haven't yet been able to Kerberize the OD.

In ServerPrefs>Users (where I set up all users / I have the only local account on the server).. It says that it is "Not set up to manage users and groups". I spent almost a whole day entering in every employee and setting up groups. The same message appears under Groups.

All of the Server Admin>Open Directory>Settings>Policies that I set up are no longer showing.. it's like it is back to default??

Attached is the OD Configuration Log for the day it was "working", yesterday (when all **** broke out), and this morning with me trying to figure it all out. Also, below that is the Password Service Error log, and below that the Directory Services Error Log.



---------------Open Directory Configuration Log----------------
onfig record
Finished
2009-09-01 15:10:49 -0500 - command: /usr/sbin/sso_util configure -x -r [Server FQDN] -f /LDAPv3/127.0.0.1 -a diradmin -p ** -v 1 all
2009-09-01 15:10:50 -0500 - Contacting the directory server
Creating the service list
Creating the service principals
Creating the keytab file
Configuring services
WriteSetupFile: setup file path = /temp.XVId/setup
2009-09-01 15:10:50 -0500 - command: /sbin/kerberosautoconfig -f /LDAPv3/127.0.0.1 -u -v 1
2009-09-01 15:10:50 -0500 - command: /usr/sbin/kdcsetup -e
2009-09-01 15:10:50 -0500 - command: /usr/sbin/mkpassdb -kerberize
2009-09-01 15:10:50 -0500 - Updating user records and principals
2009-09-01 15:10:50 -0500 - command: /usr/bin/ldapsearch -x -LLL -H ldapi://%2Fvar%2Frun%2Fldapi -b cn=config cn=config olcSizeLimit
2009-09-01 15:10:50 -0500 - Current max results - 11000
2009-09-01 15:10:50 -0500 - command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2009-09-01 15:10:50 -0500 - Stopping LDAP server (slapd)
2009-09-01 15:10:51 -0500 - Starting LDAP server (slapd)
2009-09-01 15:10:52 -0500 - command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2009-09-01 15:10:52 -0500 - Stopping LDAP server (slapd)
2009-09-01 15:10:52 -0500 - Starting LDAP server (slapd)
2009-09-01 15:10:53 -0500 - command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2009-09-01 15:10:53 -0500 - Stopping LDAP server (slapd)
2009-09-01 15:10:53 -0500 - Starting LDAP server (slapd)
2009-09-01 15:10:53 -0500 - Attempting to re-open /LDAPv3/127.0.0.1 node
2009-09-01 15:10:53 -0500 - Verified /LDAPv3/127.0.0.1 node is available
2009-09-01 15:10:53 -0500 - command: /usr/sbin/vpnaddkeyagentuser -q /LDAPv3/127.0.0.1
2009-09-01 15:10:54 -0500 - Removed file at path /var/run/slapconfig.lock.
2009-09-01 15:10:54 -0500 - slapconfig -selfwrite
2009-09-01 15:33:02 -0500 - slapconfig -kerberize
2009-09-01 15:33:03 -0500 - Error: Incorrect Password.
2009-09-01 15:33:16 -0500 - slapconfig -kerberize
2009-09-01 15:33:16 -0500 - Error: Incorrect Password.
2009-09-02 10:46:47 -0500 - slapconfig -setmacosxodpolicy
2009-09-02 10:46:47 -0500 - command: /usr/bin/ldapadd -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2009-09-03 14:59:53 -0500 - slapconfig -sso_util
2009-09-03 14:59:53 -0500 - command: /usr/sbin/sso_util generateconfig -r [Server FQDN] -R Kerberos1 -f /LDAPv3/127.0.0.1 -U [My Full Account Name] -a [My Account ShortName] -p ** -u -v 1 all
2009-09-03 14:59:53 -0500 - <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>errorValue</key>
<integer>2</integer>
</dict>
</plist>
2009-09-03 15:00:08 -0500 - slapconfig -sso_util
2009-09-03 15:00:08 -0500 - command: /usr/sbin/sso_util generateconfig -r [Server FQDN] -R [My Server Name] -f /LDAPv3/127.0.0.1 -U [My Full Account Name] -a [My Account ShortName] -p ** -u -v 1 all
2009-09-03 15:00:08 -0500 - <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>errorValue</key>
<integer>2</integer>
</dict>
</plist>
2009-09-03 15:00:36 -0500 - slapconfig -kerberize
2009-09-03 15:00:36 -0500 - Error: Incorrect Password.
2009-09-03 15:00:41 -0500 - slapconfig -kerberize
2009-09-03 15:00:41 -0500 - command: /usr/sbin/sso_util info -r /LDAPv3/127.0.0.1 -p
2009-09-03 15:00:41 -0500 - Warning: Kerberos is already configured on this server, use -f to override current settings.
2009-09-03 15:08:18 -0500 - slapconfig -setmacosxodpolicy
2009-09-03 15:08:18 -0500 - command: /usr/bin/ldapadd -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2009-09-03 15:08:18 -0500 - slapconfig -setldapconfig
2009-09-03 15:08:19 -0500 - command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2009-09-03 15:08:19 -0500 - Stopping LDAP server (slapd)
2009-09-03 15:08:20 -0500 - Starting LDAP server (slapd)
2009-09-03 15:32:36 -0500 - slapconfig -setmacosxodpolicy
2009-09-03 15:32:36 -0500 - command: /usr/bin/ldapadd -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2009-09-03 15:32:36 -0500 - slapconfig -selfwrite
2009-09-03 15:42:33 -0500 - slapconfig -setmacosxodpolicy
2009-09-03 15:42:33 -0500 - command: /usr/bin/ldapadd -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2009-09-03 15:42:34 -0500 - slapconfig -selfwrite
2009-09-03 15:44:33 -0500 - slapconfig -setmacosxodpolicy
2009-09-03 15:44:33 -0500 - command: /usr/bin/ldapadd -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2009-09-04 07:04:04 -0500 - slapconfig -setmacosxodpolicy
2009-09-04 07:22:45 -0500 - slapconfig -setmacosxodpolicy
2009-09-04 07:22:58 -0500 - slapconfig -setmacosxodpolicy
2009-09-04 07:38:13 -0500 - slapconfig -kerberize
2009-09-04 07:38:13 -0500 - Error: Incorrect Password.
2009-09-04 07:38:18 -0500 - slapconfig -kerberize
2009-09-04 07:38:19 -0500 - Error: Incorrect username or password. You must enter a directory domain administrator username and password.
2009-09-04 07:38:24 -0500 - slapconfig -kerberize
2009-09-04 07:38:24 -0500 - Error: Incorrect Password.
2009-09-04 07:38:34 -0500 - slapconfig -kerberize
2009-09-04 07:38:34 -0500 - Error: Incorrect Password.
2009-09-04 07:41:41 -0500 - slapconfig -backupdb
2009-09-04 07:41:41 -0500 - command: /usr/sbin/sso_util info -r /LDAPv3/127.0.0.1 -p
2009-09-04 07:41:41 -0500 - sso_util command failed with status 2
2009-09-04 07:41:41 -0500 - 1 Backing up LDAP database
2009-09-04 07:41:41 -0500 - popen: /usr/sbin/slapcat -l /tmp/slapconfig backupstage3398277UKVq/backup.ldif, "r"
2009-09-04 07:41:41 -0500 - popen: /bin/cp /var/db/openldap/openldap-data/DB_CONFIG /tmp/slapconfig backup_stage3398277UKVq/DBCONFIG, "r"
2009-09-04 07:41:41 -0500 - popen: /bin/cp -r /etc/openldap /tmp/slapconfig backupstage3398277UKVq/, "r"
2009-09-04 07:41:41 -0500 - 2 Backing up password server database
2009-09-04 07:41:41 -0500 - popen: /usr/sbin/mkpassdb -backupdb /tmp/slapconfig backup_stage3398277UKVq/passwordserverbackup/ > /dev/null, "r"
2009-09-04 07:41:41 -0500 - popen: /bin/cp -r /Library/Preferences/com.apple.passwordserver.plist /tmp/slapconfig backupstage3398277UKVq/, "r"
2009-09-04 07:41:41 -0500 - popen: /usr/sbin/mkpassdb -list > /tmp/slapconfig backupstage3398277UKVq/sasl-plugin-list, "r"
2009-09-04 07:41:41 -0500 - popen: /bin/hostname > /tmp/slapconfig backupstage3398277UKVq/hostname, "r"
2009-09-04 07:41:41 -0500 - 3 Backing up Kerberos database
2009-09-04 07:41:41 -0500 - popen: /bin/hostname > /tmp/slapconfig backupstage3398277UKVq/hostname, "r"
2009-09-04 07:41:41 -0500 - popen: /usr/sbin/sso_util info -pr /LDAPv3/127.0.0.1 > /tmp/slapconfig backup_stage3398277UKVq/localodkrb5realm, "r"
2009-09-04 07:41:41 -0500 - Error: Command failed with exit code 512: /usr/sbin/sso_util info -pr /LDAPv3/127.0.0.1 > /tmp/slapconfig backup_stage3398277UKVq/localodkrb5realm
2009-09-04 07:41:41 -0500 - popen: /usr/bin/tar czpf /tmp/slapconfig backupstage3398277UKVq/krb5backup.tar.gz /var/db/krb5kdc/kdc.conf /var/db/krb5kdc/kadm5.acl /var/db/krb5kdc/kadm5.keytab /var/db/krb5kdc/.k5.* /Library/Preferences/edu.mit.Kerberos /etc/krb5.keytab , "r"
2009-09-04 07:41:41 -0500 - Error: Command failed with exit code 256: /usr/bin/tar czpf /tmp/slapconfig backupstage3398277UKVq/krb5backup.tar.gz /var/db/krb5kdc/kdc.conf /var/db/krb5kdc/kadm5.acl /var/db/krb5kdc/kadm5.keytab /var/db/krb5kdc/.k5.* /Library/Preferences/edu.mit.Kerberos /etc/krb5.keytab
2009-09-04 07:41:41 -0500 - popen: /bin/cp /var/db/dslocal/nodes/Default/config/KerberosKDC.plist /tmp/slapconfig backupstage3398277UKVq/KerberosKDC.plist, "r"
2009-09-04 07:41:41 -0500 - popen: /bin/cp /System/Library/LaunchDaemons/com.apple.PasswordService.plist /tmp/slapconfig backupstage3398277UKVq/LaunchDaemons/, "r"
2009-09-04 07:41:41 -0500 - 4 Backing up configuration files
2009-09-04 07:41:41 -0500 - popen: /bin/cp /System/Library/LaunchDaemons/org.openldap.slapd.plist /tmp/slapconfig backupstage3398277UKVq/LaunchDaemons/, "r"
2009-09-04 07:41:41 -0500 - popen: /bin/cp -r /Library/Preferences/DirectoryService /tmp/slapconfig backupstage3398277UKVq/, "r"
2009-09-04 07:41:41 -0500 - popen: /bin/cp /Library/Preferences/com.apple.openldap.plist /tmp/slapconfig backupstage3398277UKVq/, "r"
2009-09-04 07:41:41 -0500 - popen: /bin/cp /Library/Preferences/SystemConfiguration/com.apple.smb.server.plist /tmp/slapconfig backupstage3398277UKVq/, "r"
2009-09-04 07:41:41 -0500 - popen: /bin/cp /Library/Preferences/com.apple.samba.plist /tmp/slapconfig backupstage3398277UKVq/, "r"
2009-09-04 07:41:41 -0500 - Error: Command failed with exit code 256: /bin/cp /Library/Preferences/com.apple.samba.plist /tmp/slapconfig backupstage3398277UKVq/
2009-09-04 07:41:41 -0500 - popen: /usr/bin/sw_vers > /tmp/slapconfig backupstage3398277UKVq/version.txt, "r"
2009-09-04 07:41:41 -0500 - popen: /bin/cp -r /var/db/dslocal /tmp/slapconfig backupstage3398277UKVq/, "r"
2009-09-04 07:41:41 -0500 - 5 Backing up local directory database
2009-09-04 07:41:41 -0500 - popen: /usr/bin/tar czpf /tmp/slapconfig backupstage3398277UKVq/shadowbackup.tar.gz /var/db/shadow, "r"
2009-09-04 07:41:41 -0500 - popen: /usr/bin/gnutar cpf /tmp/slapconfig backupstage3398277UKVq/sambabackup.tar /var/db/samba /etc/smb.conf, "r"
2009-09-04 07:41:41 -0500 - command: /usr/bin/gnutar --delete -f /tmp/slapconfig backupstage3398277UKVq/sambabackup.tar var/db/samba/secrets.tdb
2009-09-04 07:41:41 -0500 - command: /usr/bin/gzip -f4 /tmp/slapconfig backupstage3398277UKVq/sambabackup.tar
2009-09-04 07:41:41 -0500 - Backed Up Keychain
2009-09-04 07:41:41 -0500 - 6 Creating archive
2009-09-04 07:41:41 -0500 - command: /usr/bin/hdiutil create -ov -plist -puppetstrings -layout UNIVERSAL CD -fs HFS+ -volname ldap_bk -srcfolder /tmp/slapconfig backupstage3398277UKVq -format SPARSE -encryption AES-256 -stdinpass /Path/To/My/Backups/Open Directory/BackupName_Date
2009-09-04 07:41:47 -0500 - Removed directory at path /tmp/slapconfig backupstage3398277UKVq.
2009-09-04 07:41:47 -0500 - Removed file at path /var/run/slapconfig.lock.
2009-09-04 07:55:11 -0500 - slapconfig -kerberize
2009-09-04 07:55:11 -0500 - Error: Incorrect Password.



------------------Password Service Error Log--------------
-- Start: Server rolled log on: Sep 3 2009 14:52:32 --
Sep 3 2009 14:58:16 client response doesn't match what we generated
Sep 4 2009 07:44:14 Registration is finished error: (10, -72000).
Sep 4 2009 07:44:14 Registration is finished error: (10, -72000).



------------------Directory Services Error Log-------------------
2009-09-01 15:10:47 CDT - T[0x0000000100581000] - Attempt #1 to initialize plug-in PasswordServer failed.
Will retry initialization at most 100 times every 1 second.
2009-09-03 15:10:53 CDT - T[[0x00007FFF707B2BE0]] - Improper shutdown detected
2009-09-04 06:22:46 CDT - T[[0x00007FFF707B2BE0]] - Improper shutdown detected
2009-09-04 07:44:14 CDT - T[[0x00007FFF707B2BE0]] - DNSServiceProcessResult returned -65563

15/5 cable.

I'm debating on rebuilding..



lnail