Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: BrettCJ
BrettCJ Author
User level: Level 1
0 points

eDSAuthFailed (-14090) Error preventing PW changes/new accounts

I run an OD Master off of an Xserve with 10.6.8 Server; with network homes living on that machine's HDs. I recently started getting this error in Workgroup Manager when I attempt to set someone's account to "Require password change at next Login."


Error of type eDSAuthFailed (-14090) on line 3912 of /SourceCarch/WorkgroupManager/WorkgroupManager-361.3.1/Plugins/UserAccounts/Use rAdvancedPluginView.mm


I also get "password cannot be set because you are not authorized to perform this operation" on the same accounts that give me trouble. I can change PWs on some accounts, though. Changing an account for OD-style Password to Crypt allows me to change it, but it still refuses log-in for that user.


Most of the posts I have found regarding this are from Server 10.4, so far. One noted: "My only pointer I could dig up was that when logging in to WGM it is better to use the fully qualified domain name than localhost or IP address and to use the OD user, diradmin."

I'm unable to login to WGM as diradmin, though I can authenticate as diradmin in WGM to our directory. (I can log-in to WGM as admin).

I also attempted this:

After recieving that error (and it can crop up when just changing a users password) the only way I found was to back up the OD, demote from OD Master and re-promote it, then restore the OD and stick to using the FQDN to use WGM.


I had thought that not using the FQDN may've been my issue: I backed-up OD, demoted and re-promoted it, and restored OD...no luck in Workgroup Manager even when logging in using the FQDN.

Have also attempted creating a new user to give WGM control (couldn't log in as them) and root user (no difference made), as well as clearing most saved keychain items.


Can anyone suggest next-steps? demoting/promoting, but not restoring? Would this preserve the home directories but all users would have to reset passwords?


I also copied the content from DirectoryService.debug.log , per instructions in this post: https://discussions.apple.com/thread/515345?answerId=2549202022#2549202022, from when i logged into WGM. See this in the next post.

Xserve-OTHER, Mac OS X (10.6.8)

Posted on Mar 13, 2012 11:55 AM

Reply
5 replies
User profile for user: BrettCJ
BrettCJ Author
User level: Level 1
0 points

Mar 13, 2012 11:57 AM in response to BrettCJ

2012-03-12 11:10:24 EDT - T[0x0000000102381000] - CDSLocalPlugin::OpenRecord(): Got error -14136

2012-03-12 11:10:24 EDT - T[0x0000000102381000] - Client: PasswordService, PID: 88, API: dsOpenRecord(), Local Used : DAR : Node Ref = 33557514 : Record Ref = 50334731 : Result code = -14136

2012-03-12 11:10:24 EDT - T[0x0000000102381000] - Plug-in call "dsOpenRecord()" failed with error = -14136.

2012-03-12 11:10:24 EDT - T[0x0000000102381000] - Port: 16799 Call: dsOpenRecord() == -14136

2012-03-12 11:10:24 EDT - T[0x0000000102487000] - CDSLocalPlugin::CloseRecord(): Got error -14105

2012-03-12 11:10:24 EDT - T[0x0000000102487000] - Client: PasswordService, PID: 88, API: dsCloseDirNode(), Local Used : DAC : Node Ref = 33557514

2012-03-12 11:10:24 EDT - T[0x0000000102487000] - Client: PasswordService, PID: 88, API: dsCloseDirNode(), Local Used : DAR : Node Ref = 33557514 : Result code = 0

2012-03-12 11:10:24 EDT - T[0x0000000102381000] - Client: PasswordService, PID: 88, API: dsCloseDirService(), Server Used : DAC : Dir Ref 16780297

2012-03-12 11:10:24 EDT - T[0x0000000102381000] - Client: PasswordService, PID: 88, API: dsCloseDirService(), Server Used : DAR : Dir Ref 16780297 : Result code = 0

2012-03-12 11:10:24 EDT - T[0x0000000102381000] - Client PID: 88, had 0 open references before cleanup.

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Client: Requesting dsOpenDirNode with PID = 73, UID = 0, and EUID = 0

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Client: krb5kdc, PID: 73, API: dsOpenDirNode(), LDAPv3 Used : DAC : Dir Ref = 16777358 : Node Name = /LDAPv3/127.0.0.1

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Client: krb5kdc, PID: 73, API: dsOpenDirNode(), LDAPv3 Used : DAR : Dir Ref = 16777358 : Node Ref = 33557516 : Result code = 0

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Client: krb5kdc, PID: 73, API: dsDoPlugInCustomCall(), LDAPv3 Used : DAC : Node Ref = 33557516 : Request Code = 1000

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Client: krb5kdc, PID: 73, API: dsDoPlugInCustomCall(), LDAPv3 Used : DAR : Node Ref = 33557516 : Request Code = 1000 : Result code = 0

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Client: krb5kdc, PID: 73, API: dsDoAttributeValueSearchWithData(), LDAPv3 Used : DAC : 1 : Node Ref = 33557516 : Requested Attr Type = dsAttrTypeStandard:AltSecurityIdentities : Attr Match String = Kerberos:senior-illustration-1$@MASTERCHIEF.MONTSERRAT.EDU : Attr Pattern Match:8193 = eDSExact : Requested Rec Types = dsRecTypeStandard:Users

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Client: krb5kdc, PID: 73, API: dsDoAttributeValueSearchWithData(), LDAPv3 Used : DAC : 2 : Node Ref = 33557516 : Requested Attrs = dsAttributesStandardAll : Attr Type Only Flag = 0 : Record Count Limit = 0 : Continue Data = 0

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Client: krb5kdc, PID: 73, API: dsDoAttributeValueSearchWithData(), LDAPv3 Used : DAR : Node Ref = 33557516 : Number of Found Records = 0 : Continue Data = 0 : Result code = 0

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Client: krb5kdc, PID: 73, API: dsCloseDirNode(), LDAPv3 Used : DAC : Node Ref = 33557516

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Client: krb5kdc, PID: 73, API: dsCloseDirNode(), LDAPv3 Used : DAR : Node Ref = 33557516 : Result code = 0

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Client: slapd, PID: 71, API: libinfo, Server Used : libinfomig DAC : Procedure = gethostbyname_service (34)

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Internal Dispatch, API: dsGetRecordList(), Local Used : DAC : 1 : Node Ref = 33554440 : Requested Rec Names = masterchief.montserrat.edu : Rec Name Pattern Match:8449 = eDSiExact : Requested Rec Types = dsRecTypeStandard:Hosts

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Internal Dispatch, API: dsGetRecordList(), Local Used : DAC : 2 : Node Ref = 33554440 : Requested Attrs = dsAttrTypeStandard:AppleMetaNodeLocation;dsAttrTypeStandard:RecordName;dsAttrTy peStandard:IPAddress : Attr Type Only Flag = 0 : Record Count Limit = 1 : Continue Data = 0

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Internal Dispatch, API: dsGetRecordList(), Local Used : DAR : Node Ref = 33554440 : Number of Found Records = 0 : Continue Data = 0 : Result code = 0

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Internal Dispatch, API: dsGetRecordList(), BSD Used : DAC : 1 : Node Ref = 33554437 : Requested Rec Names = masterchief.montserrat.edu : Rec Name Pattern Match:8449 = eDSiExact : Requested Rec Types = dsRecTypeStandard:Hosts

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Internal Dispatch, API: dsGetRecordList(), BSD Used : DAC : 2 : Node Ref = 33554437 : Requested Attrs = dsAttrTypeStandard:AppleMetaNodeLocation;dsAttrTypeStandard:RecordName;dsAttrTy peStandard:IPAddress : Attr Type Only Flag = 0 : Record Count Limit = 1 : Continue Data = 0

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Internal Dispatch, API: dsGetRecordList(), BSD Used : DAR : Node Ref = 33554437 : Number of Found Records = 0 : Continue Data = 0 : Result code = 0

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Client: slapd, PID: 71, API: libinfo, Server Used : libinfomig DAR : Procedure = gethostbyname_service (34) : Result code = 0

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Client: slapd, PID: 71, API: libinfo, Server Used : libinfomig DAC : Procedure = gethostbyaddr (28)

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Internal Dispatch, API: dsDoAttributeValueSearchWithData(), Local Used : DAC : 1 : Node Ref = 33554440 : Requested Attr Type = dsAttrTypeStandard:IPAddress : Attr Match String = 10.0.0.70 : Attr Pattern Match:8449 = eDSiExact : Requested Rec Types = dsRecTypeStandard:Hosts

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Internal Dispatch, API: dsDoAttributeValueSearchWithData(), Local Used : DAC : 2 : Node Ref = 33554440 : Requested Attrs = dsAttrTypeStandard:AppleMetaNodeLocation;dsAttrTypeStandard:RecordName;dsAttrTy peStandard:IPAddress : Attr Type Only Flag = 0 : Record Count Limit = 1 : Continue Data = 0

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Internal Dispatch, API: dsDoAttributeValueSearchWithData(), Local Used : DAR : Node Ref = 33554440 : Number of Found Records = 0 : Continue Data = 0 : Result code = 0

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Internal Dispatch, API: dsDoAttributeValueSearchWithData(), BSD Used : DAC : 1 : Node Ref = 33554437 : Requested Attr Type = dsAttrTypeStandard:IPAddress : Attr Match String = 10.0.0.70 : Attr Pattern Match:8449 = eDSiExact : Requested Rec Types = dsRecTypeStandard:Hosts

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Internal Dispatch, API: dsDoAttributeValueSearchWithData(), BSD Used : DAC : 2 : Node Ref = 33554437 : Requested Attrs = dsAttrTypeStandard:AppleMetaNodeLocation;dsAttrTypeStandard:RecordName;dsAttrTy peStandard:IPAddress : Attr Type Only Flag = 0 : Record Count Limit = 1 : Continue Data = 0

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Internal Dispatch, API: dsDoAttributeValueSearchWithData(), BSD Used : DAR : Node Ref = 33554437 : Number of Found Records = 0 : Continue Data = 0 : Result code = 0

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Client: slapd, PID: 71, API: libinfo, Server Used : libinfomig DAR : Procedure = gethostbyaddr (28) : Result code = 0

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Client: PasswordService, PID: 88, API: dsOpenDirService(), Server Used : DAR : Dir Ref 16780301 : Result code = 0

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Client: PasswordService, PID: 88, API: dsFindDirNodes(), Server Used : DAC : Dir Ref 16780301 : Data buffer size = 4096

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Client: PasswordService, PID: 88, API: dsFindDirNodes(), Server Used : DAR : 1 : Dir Ref = 16780301 : Requested nodename = /Local/Default

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Client: PasswordService, PID: 88, API: dsFindDirNodes(), Server Used : DAR : 2 : Dir Ref = 16780301 : Result code = 0

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Client: Requesting dsOpenDirNode with PID = 88, UID = 0, and EUID = 0

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Client: PasswordService, PID: 88, API: dsOpenDirNode(), Local Used : DAC : Dir Ref = 16780301 : Node Name = /Local/Default

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Client: PasswordService, PID: 88, API: dsOpenDirNode(), Local Used : DAR : Dir Ref = 16780301 : Node Ref = 33557518 : Result code = 0

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Client: PasswordService, PID: 88, API: dsOpenRecord(), Local Used : DAC : Node Ref = 33557518 : Rec Type = dsRecTypeStandard:Users : Rec Name = 0x4c791ebb2f506415000002050000040d@masterchief.montserrat.edu

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - CDSLocalPlugin::OpenRecord(): Got error -14136

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Client: PasswordService, PID: 88, API: dsOpenRecord(), Local Used : DAR : Node Ref = 33557518 : Record Ref = 50334735 : Result code = -14136

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Plug-in call "dsOpenRecord()" failed with error = -14136.

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Port: 16803 Call: dsOpenRecord() == -14136

2012-03-12 11:10:29 EDT - T[0x0000000102487000] - CDSLocalPlugin::CloseRecord(): Got error -14105

2012-03-12 11:10:29 EDT - T[0x0000000102487000] - Client: PasswordService, PID: 88, API: dsCloseDirNode(), Local Used : DAC : Node Ref = 33557518

2012-03-12 11:10:29 EDT - T[0x0000000102487000] - Client: PasswordService, PID: 88, API: dsCloseDirNode(), Local Used : DAR : Node Ref = 33557518 : Result code = 0

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Client: PasswordService, PID: 88, API: dsCloseDirService(), Server Used : DAC : Dir Ref 16780301

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Client: PasswordService, PID: 88, API: dsCloseDirService(), Server Used : DAR : Dir Ref 16780301 : Result code = 0

2012-03-12 11:10:29 EDT - T[0x0000000102381000] - Client PID: 88, had 0 open references before cleanup.

Reply
User profile for user: BrettCJ
BrettCJ Author
User level: Level 1
0 points

Mar 15, 2012 8:11 AM in response to BrettCJ

Bump...
does anyone have any recommendations for this?


If I demote then promote the OD Master and don't restore the OD Archive, would that clear all saved password but still keep home directories associated without issue? Would I have to re-import accounts/computers etc into WGM to achive this affect?


Students return from Spring Break on Monday, am hoping to have this at some point of more-squared by then...


Thank you!

Reply
User profile for user: rdgilbert
rdgilbert
User level: Level 1
0 points

May 2, 2012 12:22 PM in response to BrettCJ

Brett,


I somehow managed to fix this on my Lion Server. I was using the Server App but you should be able to duplicate the same actions with WGM.


I deleted the account I could not change or reset the password for. Rebooted. Added the account back but with a completely different password never used before. Save.


After that, I was able to make other changes to the password and so was the user. No more error.


I hope this can work for you and everyone else.


Cheers,

Ricky

Reply

eDSAuthFailed (-14090) Error preventing PW changes/new accounts

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up