Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Emy1973
Emy1973 Author
User level: Level 1
8 points

Network user cannot authenticate to access shared folders

I have a brand new Mac mini (macOS Catalina) where I setup a local user (administrator). I bound it to a OpenDirectory server (hosted on an older Mac mini) where I stored the credentials of another user (user1). The binding was successful because I can see the "user1" in the Directory Utility on the brand new Mac mini. Moreover, on the brand new Mac mini I switched the "Remote Login" on for all the users and I verified that I can access remotely via ssh from my MacBook Pro by using both the local user "administrator" and the network user "user1". Therefore, the authentication seems to work correctly on the Mac mini.

Then, on the desktop of the brand new Mac mini I created a new folder (test). I went again in System Preferences/Sharing and I switched on the "File Sharing": I added the test folder in the Shared Folders and I added both administrator and user1 in the Users window (give them "Read & Write" permissions).

To test the file sharing, I used again my Macbook Pro, and I used the SMB protocol to access the shared folder: with the user "administrator" I can access it but with the network user "user1" the authentication fails.

I searched in the forum and I found this discussion https://discussions.apple.com/thread/251063599 that reports a similar issue and that was solved by adding the missing SMB-NTLMv2 authentication method in the authentication server as explained in https://discussions.apple.com/thread/6053980. However, I checked the list of all the authentication methods available on my authentication server by the command:


dscl /LDAPv3/127.0.0.1 read / AuthMethod


and the dsAuthMethodStandard:dsAuthSMBNTKey item is already present. In fact, when I try to add that method with the command:


dscl -u diradmin -p /LDAPv3/127.0.0.1 -append /Config/dirserv apple-enabled-auth-mech SMB-NTLMv2


I got the message error:


<main> attribute status: eDSSchemaError

<dscl_cmd> DS Error: -14142 (eDSSchemaError)


I cannot think to other causes that prevent the network user to access the shared folder while the local user does. Do you have hints or advices to solve this issue?


Thank you for any suggestion,


Emiliano

Posted on Feb 19, 2020 2:20 PM

Reply
Question marked as Best reply
User profile for user: leroydouglas
leroydouglas
Community+ 2024
User level: Level 10
183,708 points

Posted on Feb 20, 2020 8:12 AM

Emy1973 wrote:

I have a brand new Mac mini (macOS Catalina) where I setup a local user (administrator).

I bound it to a OpenDirectory server (hosted on an older Mac mini) where I stored the credentials of another user (user1).

The binding was successful because I can see the "user1" in the Directory Utility on the brand new Mac mini.

Moreover, on the brand new Mac mini I switched the "Remote Login" on for all the users and I verified that I can access remotely via ssh from my MacBook Pro by using both the local user "administrator" and the network user "user1". Therefore, the authentication seems to work correctly on the Mac mini.

Then, on the desktop of the brand new Mac mini I created a new folder (test). I went again in System Preferences/Sharing and I switched on the "File Sharing": I added the test folder in the Shared Folders and I added both administrator and user1 in the Users window (give them "Read & Write" permissions).

To test the file sharing, I used again my Macbook Pro, and I used the SMB protocol to access the shared folder: with the user "administrator" I can access it but with the network user "user1" the authentication fails.

I searched in the forum and I found this discussion https://discussions.apple.com/thread/251063599 that reports a similar issue and that was solved by adding the missing SMB-NTLMv2 authentication method in the authentication server as explained in https://discussions.apple.com/thread/6053980. However, I checked the list of all the authentication methods available on my authentication server by the command:

dscl /LDAPv3/127.0.0.1 read / AuthMethod
and the dsAuthMethodStandard:dsAuthSMBNTKey item is already present. In fact, when I try to add that method with the command:
dscl -u diradmin -p /LDAPv3/127.0.0.1 -append /Config/dirserv apple-enabled-auth-mech SMB-NTLMv2

I got the message error:

<main> attribute status: eDSSchemaError
<dscl_cmd> DS Error: -14142 (eDSSchemaError)

I cannot think to other causes that prevent the network user to access the shared folder while the local user does.



Have you had this successfully set up and running correctly on another machine, independent of your current new Mac mini macOS Catalina(?) If so what changed besides the new mac mini?


"Network user cannot authenticate to access shared folders"

Is this isolated event or all users?


Configure Open Directory access in Directory Utility on Mac ...


Reset Open Directory on macOS Server with the command line



Set up file sharing on Mac - Apple Support

How to connect with File Sharing on your Mac - Apple Support



You can try a Try a SafeBoot https://support.apple.com/en-us/HT201262

Takes noticeable longer to get to the login screen, does a 5-15 minute disk repair before it fully boots up, and certain system caches get cleared and rebuilt, including dynamic loader cache, etc. Login and test. Reboot and test



View in context

Similar questions

2 replies
Question marked as Best reply
User profile for user: leroydouglas
leroydouglas
Community+ 2024
User level: Level 10
183,708 points

Feb 20, 2020 8:12 AM in response to Emy1973

Emy1973 wrote:

I have a brand new Mac mini (macOS Catalina) where I setup a local user (administrator).

I bound it to a OpenDirectory server (hosted on an older Mac mini) where I stored the credentials of another user (user1).

The binding was successful because I can see the "user1" in the Directory Utility on the brand new Mac mini.

Moreover, on the brand new Mac mini I switched the "Remote Login" on for all the users and I verified that I can access remotely via ssh from my MacBook Pro by using both the local user "administrator" and the network user "user1". Therefore, the authentication seems to work correctly on the Mac mini.

Then, on the desktop of the brand new Mac mini I created a new folder (test). I went again in System Preferences/Sharing and I switched on the "File Sharing": I added the test folder in the Shared Folders and I added both administrator and user1 in the Users window (give them "Read & Write" permissions).

To test the file sharing, I used again my Macbook Pro, and I used the SMB protocol to access the shared folder: with the user "administrator" I can access it but with the network user "user1" the authentication fails.

I searched in the forum and I found this discussion https://discussions.apple.com/thread/251063599 that reports a similar issue and that was solved by adding the missing SMB-NTLMv2 authentication method in the authentication server as explained in https://discussions.apple.com/thread/6053980. However, I checked the list of all the authentication methods available on my authentication server by the command:

dscl /LDAPv3/127.0.0.1 read / AuthMethod
and the dsAuthMethodStandard:dsAuthSMBNTKey item is already present. In fact, when I try to add that method with the command:
dscl -u diradmin -p /LDAPv3/127.0.0.1 -append /Config/dirserv apple-enabled-auth-mech SMB-NTLMv2

I got the message error:

<main> attribute status: eDSSchemaError
<dscl_cmd> DS Error: -14142 (eDSSchemaError)

I cannot think to other causes that prevent the network user to access the shared folder while the local user does.



Have you had this successfully set up and running correctly on another machine, independent of your current new Mac mini macOS Catalina(?) If so what changed besides the new mac mini?


"Network user cannot authenticate to access shared folders"

Is this isolated event or all users?


Configure Open Directory access in Directory Utility on Mac ...


Reset Open Directory on macOS Server with the command line



Set up file sharing on Mac - Apple Support

How to connect with File Sharing on your Mac - Apple Support



You can try a Try a SafeBoot https://support.apple.com/en-us/HT201262

Takes noticeable longer to get to the login screen, does a 5-15 minute disk repair before it fully boots up, and certain system caches get cleared and rebuilt, including dynamic loader cache, etc. Login and test. Reboot and test



Reply
User profile for user: Emy1973
Emy1973 Author
User level: Level 1
8 points

Feb 20, 2020 10:19 AM in response to leroydouglas

Hello leroydouglas, and thank you for your answer.


I had not tested shared folders before, but today I tried to create shared folders on other Mac mini in my network (each bound to the same Authentication server) equipped with older MacOS (High Sierra, Mojave, even El capitan) and I repeat the setup and tests. The result is still the same: local users on each machine can remotely access via SMB protocol the shared folders, while network users, who I have in theory enabled to access the shared folders, are not authenticated. This makes me think that the problem is on some setup of the OD authentication server and not in the setup of the shared folders. The procedure to setup the shared folders I followed is exactly the one I read in the last two links you posted.


I have a lot of users on the Authentication server and I tried many of them: none of them can access the shared folders (while all of them can access the (shared folder) machines via ssh when I enable also "Remote login".


I had already known the links you posted, apart from the one about how to reset OpenDirectory with a command line, which can be in general useful but I would like to avoid rebuilding the full list of users in my authentication server, if possible.


Do you suggest to try a SafeBoot on the OD authentication server, right?


Reply

Network user cannot authenticate to access shared folders

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up