Currently Being ModeratedDec 11, 2011 5:46 PM (in response to schoysi)
+1 on freshly installed Lion Server 10.7.2, newly created network accounts, no migration whatsoever.
Here's what dscl shows on the newly created network account 'fubar'. Note the funky Kerberos email id "untitled_1@HOST.DOMAIN.COM". Workgroup Manager always comes up with the default account name Untitled_1 before you edit anything. Does this persist? Is this the issue?
$ sudo dscl
Entering interactive mode... (type "help" for commands)
> cd /LDAPv3/127.0.0.1/Users/fubar
/LDAPv3/127.0.0.1/Users/fubar > ls
/LDAPv3/127.0.0.1/Users/fubar > read
dsAttrTypeNative:objectClass: person inetOrgPerson organizationalPerson posixAccount shadowAccount top extensibleObject apple-user
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
UserShell: /bin/bashMac mini, Mac OS X (10.7.1), 8 GB
Currently Being ModeratedJan 17, 2012 1:34 PM (in response to S.T.Smith)
After doing a fresh install of Server 10.7.2 and noticing the property
AltSecurityIdentities: Kerberos:untitled_1@HOST.DOMAIN.COM on all network users created with Workgroup Manager were causing the error: Misconfiguration detected in hash 'Kerberos', to be displayed in the Open Directory Log and System Log, I used Directory Utility (part of Server.app) to modify the AltSecurityIdentities property for those users.
I will monitor if this fixes the error messages.
Currently Being ModeratedMar 1, 2012 3:54 PM (in response to schoysi)
It's probably a good idea to use the Server app any time you can. If you create a user with Workgroup Manager, you'll notice that the user has the untitled_1@REALMNAME for the AltSecurityIdentities attribute.
However, if you create a user with the Server app, the AltSecurityIdentities attribute will be just fine.
Currently Being ModeratedJun 12, 2012 10:57 AM (in response to im3ngs)
I have noticed the same issue on my server. But only one of the users is getting the error line in the log and yet all have the same firstname.lastname@example.org in that line. Why one and not the others? Do I need to change this since no one seems to notice any problems on their end, just me looking at the logs.
Currently Being ModeratedJul 10, 2012 6:58 AM (in response to schoysi)
"After doing a fresh install of Server 10.7.2 and noticing the property
AltSecurityIdentities: Kerberos:untitled_1@HOST.DOMAIN.COM on all network users created with Workgroup Manager were causing the error: Misconfiguration detected in hash 'Kerberos', to be displayed in the Open Directory Log and System Log, I used Directory Utility (part of Server.app) to modify the AltSecurityIdentities property for those users."
Could someone please give more info on where this setting is located in Directory Utility? I am new to OS X server and having this exact same issue. Thanks.
Currently Being ModeratedJul 10, 2012 7:05 AM (in response to guitarkid55)
first you have to autheticate in the directory Utility with your directory credentials (diradmin)
Then switch to Users (Viewing) and select the user with the problem.
On the righ side you can select the "AltSecurityIdentities" and edit this setting. An click "save".
Hope this helps solving your problem.