Previous 1 2 Next 15 Replies Latest reply: Apr 20, 2012 10:29 PM by Tim Chapman
Tim Chapman Level 1 (20 points)

I have just purchased a mac mini with a lion server preinstalled (10.7.3).  The server is for home use with 5 users hanging of it and (eventually) a number of mobile devices>


I have set up the server and am using a Open Directory Master.  I have then inputed groups and users.


I have been able to select the server on the client machines (two mac pros and one macbook pro) under the Network Account Server section of the Users & Groups preferences pane.  I can select all users or nominated ones without a problem.  I can also see the server through finder and mount the shared folders.


However, I can not get get the server to accept network logins (on any of three machines that I have tried to do it from).  I keep getting a "You are unable to log in to the user account "xxx" at this time.  Logging in to the account failed because an error occured."  I get no indication what that error may be.


This is the same result for each client and for each user.


After being frustrated for some time I resent the open directory by changing it to a standalone and then recreating a master.  I reentered the users and groups and then tried again.  Same result.


I have not adjusted the hostname or DNS as they seem to be working fine.


All clients and the server are operating of the latest Lion installation.  All were up to date before I started the server setup.


This is killing me.

Does anyone have any suggestion what I need to look at.



Mac Pro (Mid 2010), Mac OS X (10.7.3), 2 x 2.93 6 Core Intel Xeon 32GB 13
  • Jonathan Melville Level 2 (450 points)

    How did you create your Open Directory Master?

  • Tim Chapman Level 1 (20 points)

    Hi Jonathan - I use the server admin app - selected the server andthe Open Directory service and changed the role of the Open Directory under the General tab to Standalone and then to Master.  I had initially setit up using the manage network accounts in the server app.  It didn't seem to make a difference which way I did it.  I still got the same result when trying to log in with the clients.

  • Jonathan Melville Level 2 (450 points)

    Hey Tim,


    It's actually problematic to create ODM's using Server Admin in Lion Server. You should use ONLY when creating your Master. I bet if you recreate your master with, everything will work properly.


    Also create all users and groups and assign Network Home Directories in 

  • Tim Chapman Level 1 (20 points)

    Ok - I will give that a go and see what happens.  What is the best way to delete the old ODM and start from scratch?

  • Tim Chapman Level 1 (20 points)

    I am afraid that recreating the ODM, users etc only from the server app did not fix the problem.  I still get the same error message.  There is obviously a tweak somewhere that I need to deal with.  I can see the server, I can move files, I can sign on directly from finder using AFP and entering a user name and password which is excepted.  For some reason I just can not get the network login working.

  • Tim Chapman Level 1 (20 points)

    Ok - some updates.


    I raised a brand new user (one I haven't used before) and log in it works.  Then, in the server app, I change the home folder from local to the server (Users), I then the get the same error as before.  So the only thing I changed was the home page reference.  When I change it back again - it works.  So there seems to be some problem with the network identifying or accessing the home folder.

  • forappie Level 1 (25 points)


    Lion Server can be very challenging at times as I also discovered. I had the same problem but gave up more quickly than you since I wasn't that desperate.


    Potential causes you may still want to review:

    Success and let us know when you succeed.

  • Tim Chapman Level 1 (20 points)

    It does not seem to be a permissions issue as the users folder as correct permissions set for root rw with admin and others ro.  I have also done a repair permissions through disk utility.


    I have checked the home tab in the workgroup manager app and it appears to be pointing correctly to the users folder.


    I have also set preferences for the user under the workgroup manager user account creation tab for mobility to create a mobile account when logging on - still get the same error message.

  • Tim Chapman Level 1 (20 points)

    forappie - thanks for the response and the reading hints.  I had in fact been following Terry's (excellent) article which I purchased as an ebook.  I have followed his suggestions to the letter from what I can tell and am still having the issue.


    With the home folder set to local, I was able to log in and have the dialog box about setting up a home folder come up on login.  However, when I go to sync the home folder I get a "Sync could not complete because your network home at "(null)" does not allow writing"  This seems to imply a permission issue again?


    Got me stumped (and a little annoyed).



  • forappie Level 1 (25 points)


    It isn't quite clear to me whether you are migrating users from existing (local) accounts to network accounts or creating entirely new network accounts. The migration route from an existing local account to a new Lion Server network account didn't work for me and I got the same error message as you do (I gave up since).



    What worked for me is the following is creating entirely new network accounts as follows:

    1. Ensure the Users folder on the server is enabled for Home directories:
    2. In add a user via the Accounts/Users
    3. In Workgroup Manager I executed the following settings under Preferences:
      wgm-1-account creation.png

    ... I wasn't allowed to add any more images ... I will continue in a new post.

  • forappie Level 1 (25 points)





    Lastly I selected the afp://.../Users on the Accounts tab in WGM as the Home directory location:



    After this I entered the 'testuser' network account for the first time directly on the server. Subsequently I accessed the testuser account from another Mac. I did have some problems the first time as it didn't get past Synchronisation but I clicked cancel and proceeded without a home directory. When I did get in I synced the account.


    Hope this helps.


    Although I can access network accounts created like this now from a Mac, these account give me still authentication problems when accessed via VPN or as account when I want to access the Profile Manager. Any help is highly appreciated (see my post

  • Tim Chapman Level 1 (20 points)

    Hi forappie - thanks for the effort I can't tell you how much I appreciate the time you have taken.


    I have done everything exactly as used proposed above.  I still get exactly the same error. I can not get the accounts to sync.  I can see the server, connect, download and upload files no problems - but whenever I have anything other than local selected as the home folder for the user I can not connect the user.


    I am beginning to think a reinstall of the server and starting again makes sense.


    Is there a way to restore everything on the server to default and start over without a reinstall?


    Going bananas



  • Tim Chapman Level 1 (20 points)

    Interestingly - when I log onto the server from the user account I can not access the user directory on the server.  I have checked the permissions and on the server the permission is set to allow the 'testuser' to rw.  When I get info on the user 'testuser' user directory on the client machine (after I have logged on to the server using cmd k through finder) it also shows rw access for the 'testuser' however when I go to open the folder it still gives me a can't open error because I don't have permissions!!! HHuh!!


    I can mount the user/testuser folder directly and have no problems accessing it.

    So it seems to me there is something funky happening with the r/w permissions on the user folder.


    I have these set to (through the server app file sharing portal:


    system administrator (owner) rw

    administrator (primary group) ro

    everyone else ro


    plus spotlight.


    These are the defaults as I haven't changed them deliberately.


    When I go to the hardware portal and select storage the permissions are shown as:


    root rw

    admin ro

    others ro


    which I think seems consistent.


    The "testuser" folder under users shows


    everyone custom

    testuser rw

    staff ro

    others ro


    which again seems consistent?



    Any thoughts?

  • forappie Level 1 (25 points)


    I experimented a bit further and it appears I have to recreate my OD master as well as the network user accounts. See my separate post on this:



Previous 1 2 Next