Newsroom Update

Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: JP256
JP256 Author
User level: Level 1
0 points

10.6.8 Server - workgroup manager not authenticated

I have 10.6.8 Server that has suddenly stopped accepting the dradmin password when using Workgroup Manager. Workgroup Manager connects, but in not authenticated mode. When I click the lock icon and am prompted for the ID & Password it is rejected. I know with 100% certainty I am using the correct administrator ID and password. I am running Workgroup Manager directly on the server computer. I'm able to log on to the computer as the local administrator. Server Admin works fine with no authentication issues.


I have not applied the 10.6.8 Supplemental update, but wonder if that might be helpful.


It is very concerning to be locked out of my own server. Any suggestions why this is happening and how to reslove it?


Thank you,

-Joe

Mac mini, Mac OS X (10.6.8), 10.6.8 Server

Posted on Jul 28, 2011 2:53 PM

Reply
8 replies
User profile for user: parexcel
parexcel
User level: Level 1
0 points

Aug 5, 2011 1:38 PM in response to JP256

I have seen in earlier posts going back to 10.4 I believe that this happens, and rebooting often cures it, but one person reported success by getting the right combination of choices for Open Directory > Policies > Binding under the heading Security. He/she said they rebooted between changing the combination to use, so it could well have been the rebooting that solved it.


Can you get more detailed info about the reason for the failure to authenticate from the Open Directory logs?

Reply
User profile for user: JP256
JP256 Author
User level: Level 1
0 points

Aug 5, 2011 3:20 PM in response to parexcel

The logs revealed that dradmin was actually authenticating successfully, but for some reason Workgroup Manager was still in unauthenticated mode. I installed 10.6.8 Supplemental update and found no improvement.


All users have portable home directories and everything with Open Directory was functioning properly. DNS and Kerberos were confirmed to be working properly. Several restarts and shutdown/startups were performed and I never was able to get Workgroup Manager to authenticate. So after a few hours troubleshooting last weekend I decided to restore the server to a disk image that was created 20 days earlier. I elected to do this this because I needed to get it resolved on the weekend to minimize the chance of downtime during business hours. The only thing on the boot drive is the server OS an everything else is stored on an external RAID so it was fairly simple for me to restore then get everything current again.


I kept an image of the server with the problem so I can restore it to a standby server to experiment with any possible fixes that I may come across in the future. As of now I don't know why it happened nor how to fix it without restoring.

Reply
User profile for user: parexcel
parexcel
User level: Level 1
0 points

Aug 11, 2011 8:01 AM in response to JP256

I can't think of anything in particular to try, except maybe to make sure diradmin had all its proper privs.


The problem I am actually having, posted elsewhere, is that when I change the password for diradmin to comply with regulations requiring password changes every 90 days, Samba stops working. Logs show that SMB users authenticate properly, but Samba fails to authenticate its diradmin attempt.


Everything I've found on the web suggests that's just how it is. I've tried disabling / enabling Samba and various types of authentication in hopes of triggering the GUI to rebuild Samba configs, but no luck. I don't know Samba internals but my poking around suggested I wasn't going to be able to hack a password into it.

Reply
User profile for user: jpt11
jpt11
User level: Level 1
0 points

Sep 9, 2011 2:57 PM in response to JP256

I had success with the method that parexcel mentioned. I had turned on a couple Security Preferences in Server Admin->Open Directory->Policies->Binding; in my case Disable clear text passwords and Encrypt all packets.


Once I rebooted, I could no longer login to the server. After I disabled these security options and rebooted, I was once again able to login.


I don't know if you are having the same problem, but it definitely sounds like it.


Jeff

Reply
User profile for user: BioRich
BioRich
User level: Level 1
93 points

Oct 18, 2012 4:31 PM in response to jpt11

Just to add to this old thread, I just did exactly that, and it worked:


1. Server Admin: Open Directory: Settings: Policy: Binding: engage Disable Cleartext... & Encrypt all packets...Save.


2. Disengage what I just clicked. Save.


3. Restart box


4. Workgroup Manager: login as network admin, authenticate using diradmin


I have faint memories of this problem before, and years later, it just crept up once again.


Cheers

Reply

10.6.8 Server - workgroup manager not authenticated

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up