You are unable to log in...; Network Home directories; 10.4 & 10.5 Servers
I have a solution!
Note: this is a new post because all previous posts dealing with this topic have been archived, MANY without an answer.
Problem:
Users with Network Home directories can't log in. After entering their correct username and password, the following error message appears:
"You are unable to login to the user account 'username' at this time. Logging in to the account failed because an error occurred."
Problem occurs with v10.5 Leopard client attempting to login to a Network Home directory hosted on a v10.4 Tiger server.
_Significant Troubleshooting Symptom:_
Client mac Console log (all Messages) contains the following entry at the time the user attempted to login to their Network Home directory:
authorizationhost[509] ERROR | -[HomeDirMounter
mountNetworkHomeWithURL:attributes:dir:Path:username:] |
PremountHomeDirectoryWith Authentication( url=afp://server.example.com/Homes, homedir=
/Network/Servers/server.example.com/Volumes/ServerHardDisk/Homes/username,
name=username )
returned 2
_Computing/Network Environment:_
v10.5 Leopard server doing: DNS; Open Directory with Kerberos for Single Sign-On; AFP for half of all users' Network Home directories.
v10.4 Tiger server doing: AFP for the other half of the Network Home directories. Also, note that Open Directory is not running on this server, BUT IT IS CONFIGURED (using Server Admin) as "Connected to a Directory System" and has joined the Kerberos realm on the v10.5 Leopard server.
v10.5 Leopard clients.
Solution:
v10.5 User Management manual
http://manuals.info.apple.com/enUS/User_Managementv10.5.pdf
says share points for Network Home directories have to have Guest Access ENABLED. See step 5 on page 117 and step 12 on page 118. Note that these are two different settings, but seem consistent with each other.
I had followed/complied/set Guest Access according to steps 5 (page 117) and 12 (page 118) on BOTH the v10.5 Leopard AND the v10.4 Tiger servers. The solution that allows users to log on normally is:
Uncheck/disable Guest Access (as set in step 12 page 118) for the v10.4 Leopard server only. Leave "Share this item using AFP" checked. Uncheck "Allow AFP guest access."
The above worked for me. Your milage may vary. If anyone knows how to report this to Apple for fixing in the server software and/or clarification in User Management manual, please do. If anyone knows that this solution "breaks" other stuff, please post back.
Note: this is a new post because all previous posts dealing with this topic have been archived, MANY without an answer.
Problem:
Users with Network Home directories can't log in. After entering their correct username and password, the following error message appears:
"You are unable to login to the user account 'username' at this time. Logging in to the account failed because an error occurred."
Problem occurs with v10.5 Leopard client attempting to login to a Network Home directory hosted on a v10.4 Tiger server.
_Significant Troubleshooting Symptom:_
Client mac Console log (all Messages) contains the following entry at the time the user attempted to login to their Network Home directory:
authorizationhost[509] ERROR | -[HomeDirMounter
mountNetworkHomeWithURL:attributes:dir:Path:username:] |
PremountHomeDirectoryWith Authentication( url=afp://server.example.com/Homes, homedir=
/Network/Servers/server.example.com/Volumes/ServerHardDisk/Homes/username,
name=username )
returned 2
_Computing/Network Environment:_
v10.5 Leopard server doing: DNS; Open Directory with Kerberos for Single Sign-On; AFP for half of all users' Network Home directories.
v10.4 Tiger server doing: AFP for the other half of the Network Home directories. Also, note that Open Directory is not running on this server, BUT IT IS CONFIGURED (using Server Admin) as "Connected to a Directory System" and has joined the Kerberos realm on the v10.5 Leopard server.
v10.5 Leopard clients.
Solution:
v10.5 User Management manual
http://manuals.info.apple.com/enUS/User_Managementv10.5.pdf
says share points for Network Home directories have to have Guest Access ENABLED. See step 5 on page 117 and step 12 on page 118. Note that these are two different settings, but seem consistent with each other.
I had followed/complied/set Guest Access according to steps 5 (page 117) and 12 (page 118) on BOTH the v10.5 Leopard AND the v10.4 Tiger servers. The solution that allows users to log on normally is:
Uncheck/disable Guest Access (as set in step 12 page 118) for the v10.4 Leopard server only. Leave "Share this item using AFP" checked. Uncheck "Allow AFP guest access."
The above worked for me. Your milage may vary. If anyone knows how to report this to Apple for fixing in the server software and/or clarification in User Management manual, please do. If anyone knows that this solution "breaks" other stuff, please post back.
Mac Pro 2 x 2.66 GHz Dual-Core Intel Xeon, Mac OS X (10.4.11)