12 Replies Latest reply: Feb 20, 2013 11:50 AM by mnorthern
mnorthern Level 1 Level 1 (10 points)

I recently setup a Snow Leopard server for my company (Our current server is the Early 2006 model and does not support ML). This server is supporting both Snow Leopard and Mountain Lion clients. We are currently using the server as a portal for users accessing our Promise RAID share, which is working well. They all have their own accounts.


I am now trying to bind computers to the server, so that they may use network login accounts. For some reason, the client computers are detecting the server, showing groups and users, and seems to be working fine, but I cannot log in with network accounts, I just get a window shake.


I ran an id on some usernames on one of the clients, and they all showed the user information, so they are definitely connecting to the server and retreiving authentication information. Why can't I log into a network account?

Xserve, Mac OS X (10.6.8)
  • Don Roedl Level 2 Level 2 (210 points)

    Hi MN, ...so the workstations bind successfully to the server, but shaking window upon login attempt? If you login to the workstation as the local admin can you then mount the users home dir over AFP?

  • mnorthern Level 1 Level 1 (10 points)



    That is correct. I previously forgot to setup usershares for each user, which I have done now.


    Now I am getting an error "You are unable to log in to the user account "<user>" at this time. Logging in to the account failed because an error occured"


    I'm not sure how I would go about mounting the user's home dir over AFP from the local admin account, but I can access the fileshare that the home dirs are on using AFP with credentials that I'm having trouble logging in with.

  • Don Roedl Level 2 Level 2 (210 points)

    To mount the users home directory over AFP while logged in as the local admin, invoke the connect to server command, Enter the name or IP address of the server, and then enter the users name and password. The users home directory should then appear in the list of options.


    Two quick questions:

    How did you set up the user shares for each user? (by user shares you mean home directories, correct?)

    Are the user shares located on the same volume as the server operating system, a second volume on the same box, Or on another device?

  • mnorthern Level 1 Level 1 (10 points)

    I was able to successfully mount the user home dir over AFP.


    1. I set up the user share (home directory) through server manager. I created a Home sharepoint, then enabled automount. Then, in workgroup manager, I created the home directory on the sharepoint that I set up.

    2. The user shares are located on a Promise RAID that we have also setup as a fileshare. I created a separate folder within the fileshare to be used as their home shares.

  • Don Roedl Level 2 Level 2 (210 points)

    Ok. Moving along......For the purpose of simple troubleshooting I would try this:


    Setup a 'test' account with the user home directory located on the Users folder on same volume as the operating system on the OD server. See if this account can login successfully and mount the test users home dir at login.

  • mnorthern Level 1 Level 1 (10 points)

    Created the account with a home directory located on the Users folder on the Main HD.


    I get the same message.


    I have some screenshots as well



  • mnorthern Level 1 Level 1 (10 points)

    Here is another of the issue I'm getting.




    You can see below, it is communicating to the server because I set a Login policy to say "GROUP POLICY".

    Also, if I type invalid credentials, I get an immediate window shake, so there seems to be some sort of authentication going on. Maybe there could be an issue with Kerberos?

  • Don Roedl Level 2 Level 2 (210 points)

    If login doesn't work with the most basic User folder then the problem is not just with the user homes defined elsewhere. That is what I wanted to know - you can't log in to the box period. How is your DNS setup looking? You have forward and reverse DNS set up, and lookups test out correctly?

  • Don Roedl Level 2 Level 2 (210 points)

    You may find this information useful:


    To verify correct DNS configuration on a Mac OS X Server system, use the changeip command.

    Here is an example:

    $ sudo changeip -checkhostname


    Primary address     = 

    Current HostName    = host.example.com

    DNS HostName        = host.example.com 

    The names match. There is nothing to change.

    dirserv:success = "success" $

    This is the expected output for a host named host.example.com at the private IP address You might see The DNS hostname is not available, please repair DNS and re-run this tool. or some other message as output from this command. However — if you do not receive that There is nothing to change. text in the output — then your DNS configuration has an issue; an unreachable DNS server, or a DNS configuration error.

  • mnorthern Level 1 Level 1 (10 points)

    I received the expected output on the server.


    However, currently, DNS is being handled by our Active Directory server for all clients. The company only has about 15 people using Macs. Will the machines still be able to authenticate with the Mac Server if they are using our Windows server for DNS?


    I think I'll have to look into adding the Mac workstations to our existing DNS with lookup zones set to the Mac Server..

  • Don Roedl Level 2 Level 2 (210 points)

    "Will the machines still be able to authenticate with the Mac Server if they are using our Windows server for DNS?"


    Yes, it doesn't matter what box does the DNS. Have you tested one of the workstations to ensure that forward and reverse lookups to the SL server are working properly?

  • mnorthern Level 1 Level 1 (10 points)

    I did an nslookup on the Mac SL Server, which timed out "no servers could be reached". Looks like it is a problem with DNS. I'll have to look into how to add these Mac computers to our DNS. Thank you so much for your help!!!!