Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Samuel79
Samuel79 Author
User level: Level 1
1 points

10.6 Client and 10.7 Server Open Directory

I´ve got an Mac Mini running Lion Server. It´s configured as an Open Directory Server.

And I´ve got some 10.6 Clients running on the same local network.

All Clients have the Mini Server as DNS Server.

And now I want to use NetworkAccounts form the 10.7 Server on the 10.6 Clients.

I´ve connected the 10.6 Clients to the Server (without SSL) and all Clients say "Network Accounts available".

But if I try to log in on the Client it just shakes the login window. I´ve tried it on all my Clients with different Accounts but nothing worked.

It just won´t work! But why? Can you please help me?

What I´m doing wrong? Or is the combination of 10.6 Clients and 10.7 Server not Supported by OpenDirectory on 10.7 Server ?


Thank you !

Mac mini, Mac OS X (10.7.3), i5, 8GB Ram, 500GB HD, Server

Posted on Mar 15, 2012 2:02 PM

Reply
Question marked as Best reply
User profile for user: ousbigkpls
ousbigkpls
User level: Level 1
15 points

Posted on Jul 31, 2012 10:58 AM

Check your authentication against the server from one of the clients using the following command:


dscl /LDAPv3/<server name or IP> authonly <shortname of an account that cannot login>

The server name should be the same name or IP you used when binding your 10.6 client to a 10.7 server.


If you get the response "Failed to authenticate user <shortname> (tDirStatus: -14103)" you are having the same issue I was having. I found an answer to this, but you are not going to like it.


Apparently Workgroup manager and Server.app deal with accounts differently. If you are using Workgroup Manager to import a long list of accounts, don't. Server.app needs to write an addition setting that is not part of Workgroup manager or in Passenger I doesn't work correctly with accounts that have home folders that are not local. Here are the steps I used to resolve the issue:

  1. Export all your accounts and groups
  2. Using Server Admin, demote your OD to a standalone directory
  3. Once the demotion is complete, use Server.app to promote your server to an OD Master

    Update: I've not found it to make a difference if you use server.app or Server Admin to configure your Open Directory Master.

  4. Once the server is again an Open Directory Master, import the users that you exported using Server.app instead of Workgroup Manager.
  5. If you are importing groups, set the Home Directory by editing the account in Server.app before importing groups to avoid overwriting your group settings. Thankfully, you can select multiple accounts at a time.
  6. Import your groups using Server.app
  7. Verify group membership and test the logins

    If you test the login using the dscl command from above, you should get no error after entering the password, but as long as you have a bound client, you should be able to login at this point.


Hope this reaches you in time to help.

View in context
1 reply
Question marked as Best reply
User profile for user: ousbigkpls
ousbigkpls
User level: Level 1
15 points

Jul 31, 2012 10:58 AM in response to Samuel79

Check your authentication against the server from one of the clients using the following command:


dscl /LDAPv3/<server name or IP> authonly <shortname of an account that cannot login>

The server name should be the same name or IP you used when binding your 10.6 client to a 10.7 server.


If you get the response "Failed to authenticate user <shortname> (tDirStatus: -14103)" you are having the same issue I was having. I found an answer to this, but you are not going to like it.


Apparently Workgroup manager and Server.app deal with accounts differently. If you are using Workgroup Manager to import a long list of accounts, don't. Server.app needs to write an addition setting that is not part of Workgroup manager or in Passenger I doesn't work correctly with accounts that have home folders that are not local. Here are the steps I used to resolve the issue:

  1. Export all your accounts and groups
  2. Using Server Admin, demote your OD to a standalone directory
  3. Once the demotion is complete, use Server.app to promote your server to an OD Master

    Update: I've not found it to make a difference if you use server.app or Server Admin to configure your Open Directory Master.

  4. Once the server is again an Open Directory Master, import the users that you exported using Server.app instead of Workgroup Manager.
  5. If you are importing groups, set the Home Directory by editing the account in Server.app before importing groups to avoid overwriting your group settings. Thankfully, you can select multiple accounts at a time.
  6. Import your groups using Server.app
  7. Verify group membership and test the logins

    If you test the login using the dscl command from above, you should get no error after entering the password, but as long as you have a bound client, you should be able to login at this point.


Hope this reaches you in time to help.

Reply

10.6 Client and 10.7 Server Open Directory

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up