I seem to have run into a weird problem where one of my users cannot log in, but everyone else can.
Originally I thought it was a bad password, so I changed it in WGM to something generic and he tried it, it still said "bad password" both in the login screen and in the LDAP log.
I changed it again, same thing happens.
What happened? What can I do? The rest of the system is working flawlessly.
Intel Xserve 2011, Mac OS X (10.6.6)
The error in the log looks like this when I change the password:
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">\n<plist version=\"1.0\">\n<dict>\n\t<key>dsAliasVersion</key>\n\t<string>Directory Services 1.0</string>\n\t<key>dsRecordLocation</key>\n\t<array>\n\t\t<string>LDAPv3</str ing>\n\t\t<string>127.0.0.1</string>\n\t</array>\n\t<key>dsRecordName</key>\n\t< array>\n\t\t<string>frechette</string>\n\t</array>\n\t<key>dsRecordType</key>\n\ t<string>dsRecTypeStandard:Users</string>\n</dict>\n</plist>\n"
frechette
} with name frechette error Error Domain=com.apple.OpenDirectory Code=4102 UserInfo=0x10211aa70 "Unable to create record frechette in /Local/Default."
I would advise deleting the user (but not the home directory) and re-creating the user in WGM. Then use chown to fix permissions on the user's home directory.
Someone else may have a more surgical approach, but this should do the trick.
I tried making a new account and pointing to the old directory but it also has the same problem...This glitch seems to be happening with a select few accounts.
Is there a master config file hidden somewhere I can locate and just fix manually?
The big red flag for me is this line:
Unable to create record frechette in /Local/Default.It shouldn't be creating the record in /Local/Default, it should be updating it in /LDAPv3/127.0.0.1.
If this is happening to more than one user, I'm thinking it could be directory corruption.
On the overview page of the Open Directory service in Server Admin, does it list LDAP Server, Password Server and Kerberos all as running?
What are the results of the following command, entered in terminal?
sudo changip -checkhostnameYou will have to enter your password for sudo. Please copy/paste the result of the command, without obfuscating any of the domain names or IP addresses.
John.Kitzmiller wrote:
On the overview page of the Open Directory service in Server Admin, does it list LDAP Server, Password Server and Kerberos all as running?
What are the results of the following command, entered in terminal?
sudo changip -checkhostname
You will have to enter your password for sudo. Please copy/paste the result of the command, without obfuscating any of the domain names or IP addresses.
Server Admin says LDAP server, password server, and Kerberos are all running.
The output of changeip (not changip) -check hostname is this:
Primary address = [our xserve's external IP of ethernet 2]
Current HostName = server.server.edu [obfuscating the real name, but it is that of the OD master's DNS name]
DNS Hostname = server.server.edu [same as above]
The names match. There is nothing to change.
dirserv:success="success"
Seems ok on that front to me....
Single user can't log in, rest of LDAP works