Wiki users / login issue

I have set up my first Mac server - SL 10.6 Server, and am working on setting up the wiki.

I have set up users in Server Prefs, and have started the wiki server. The wiki has private settings set for specific groups. When any other user attempts to log in to the wiki, the log in dialog "shakes" in disgust.. lol.. The only way that I can get a user to be able to log in to the wiki is to create an actual account in SysPrefs. Is this right? Do I really have to create a system account for every user that I need to be able to log into the wiki? I was under the assumption a Server Prefs user could access this.

Am I doing something wrong? Please offer a little guidance to this Mac server newbie!

L Nail

2.4 C2D iMac, 2.5 C2D 15" MBP, G5 iMacs, 8-Core Mac Pro, Mac OS X (10.6), G4 iBook, G4 eMac, MDD G4, G4 Cube, iPhone 2.5G, 3G, 3Gs(x3), 1G & 2G iPod

Posted on Aug 31, 2009 9:10 PM

22 replies

Sep 11, 2009 2:10 AM in response to lnail

I might well be seeing the same thing, which seems to be new in 10.6

When I set up the server I did so as a 'local' one, i.e. I gave it a name ending .private

I used workgroup manager to create some users (a mix of admin and not, a plus a mix of test groups

I then found that they did not appear in the users and groups listed in the server preferences application, so then I created some more there.

At which point I started to get the sort of behaviour that is being described. Some could log in to wikis, some couldn't.

I then found that, in workgroup manager, I could switch between these two different sets of users and groups by clicking on the small arrow, next to the blue dot, on the line below the toolbar. (It's followed by the words "Authenticated as * to directory ???" where ??? might be '/local/*' local or 'ldapv3/127.0.0.1/"

Anyway, you need to be careful! I never ran into this problem with 10.5 but I think that that was because I was lucky!

There is a difference between the local users on the server, i.e. those that can use fast switching for example, and those that can log in to the wiki.

My guess is that once you've got it set right you'll never see the problem again. Here's hoping.

hutene

Level 1

40 points

Sep 11, 2009 3:20 AM in response to Bryson Gore

Kia ora,

the problem you describe Bryson, could happen in 10.5. When you make server users you first connect to the ldap directory in server preferences and/or WGManager by connecting to the fully qualified domain name of the server, with the directory administrator pass word, usually the default is diradmin with password is your admin password. You create the users in this directory. And these are the server users.

If you connect to the server in serverprefs and WGmanager using the 'server.local' address and create users they will not be able to access services reliably. In addition local users will cause conflict with the 'server' users if their usernames and passwords are the same.

regards

Sep 11, 2009 8:37 AM in response to hutene

I'm not sure I'm following you here. The issue is the domain the user authenticates "in to." A user created on the server will have access to the services on that server, so long as the server is not part of an existing directory domain. The example here I believe is of a standalone server; for standalone server and services, I cannot think why you'd want to go through the trouble to setup an OD Master?

lnail Author

Level 1

5 points

Sep 11, 2009 8:50 AM in response to lnail

Will someone please clarify this, as I have read conflicting info on the correct way to create and manage users on 10.6 server.

Considering the following:

1.) A "Local" user is a user created in System Prefs, and has a user folder created in MacHD/Users on the server, and 2.) A "Server" user is a user that can use the services provided by the server, and does not have a user folder located on the server in MacHD/Users.

Should a "Server" user be initially created in Server Prefs or in WG Manager?

Unless there are "specifics" (i.e. user aliases, user permissions, etc.) that need to be added/edited for that particular user, then should managing services for that user be handled with Server Prefs only?

Thanks in advance for the clarification.

L Nail

Sep 18, 2009 12:23 PM in response to lnail

Here's my attempt to steer you in the right direction.
If you don't have a local OD master, I don't think you can use Server Prefs to manage users and groups. You may not have a local OD master if you've set the machine up using the Advanced setup. Or, sometimes, if you've changed the IP address and domain name of the server, it can sometimes get a little messed up. I'm a web guy, not a Directory Services guy so I can't explain it better than that, sorry.

In the case of no OD master, you can use system prefs, or Workgroup Manager pointing to the /Local/Default to create your users and groups.

lnail Author

Level 1

5 points

Sep 18, 2009 12:28 PM in response to lnail

A call into Apple support cleared this right up..

Somehow during setup I confused myself with my hostname. My hostname and DNS hostname did not resolve, so the login could not authenticate. Using sudo changeip, and rebuilding my directory, I was able to get things working again.

Nov 3, 2009 9:58 PM in response to lnail

I had exactly the same problem. Hours of frustration resulted. Here's the answer that worked for me. I tried it, and it didn't work. Rebooted the Mac server, and it worked.

http://support.apple.com/kb/TS1619

Symptoms

When using a Mac OS X Wiki Server that is bound to Active Directory, some configuration may be required in order to allow users to authenticate using their Active Directory credentials. This is required because, by default, the wiki server uses CRAM-MD5 authentication, which is not supported by the Active Directory connector. Third-party LDAP servers that are accessed via the LDAPv3 plugin may require the same configuration changes.
Products Affected

Mac OS X Server 10.5, Mac OS X Server 10.6
Resolution

In order to authenticate Active Directory users and/or users stored in other third-party LDAP servers, you must enable clear text authentication for wikid. Note: In order to prevent sending passwords in the clear across the network, it is recommended that you also configure the wiki server for SSL.

Enabling clear text authentication for wikid

Open Terminal and type these commands on one line each:

sudo serveradmin settings teams:enableClearTextAuth = yes
sudo serveradmin stop teams
sudo serveradmin start teams

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Wiki users / login issue