Unable to log onto account server

Question

Level 1

10 points

Unable to log onto account server

I recently setup a Snow Leopard server for my company (Our current server is the Early 2006 model and does not support ML). This server is supporting both Snow Leopard and Mountain Lion clients. We are currently using the server as a portal for users accessing our Promise RAID share, which is working well. They all have their own accounts.

I am now trying to bind computers to the server, so that they may use network login accounts. For some reason, the client computers are detecting the server, showing groups and users, and seems to be working fine, but I cannot log in with network accounts, I just get a window shake.

I ran an id on some usernames on one of the clients, and they all showed the user information, so they are definitely connecting to the server and retreiving authentication information. Why can't I log into a network account?

Xserve, Mac OS X (10.6.8)

Posted on Feb 18, 2013 7:07 AM

Reply

Answer 1

Don Roedl

Level 2

211 points

Feb 18, 2013 7:36 PM in response to mnorthern

Hi MN, ...so the workstations bind successfully to the server, but shaking window upon login attempt? If you login to the workstation as the local admin can you then mount the users home dir over AFP?

Reply

Answer 2

mnorthern Author

Level 1

10 points

Feb 19, 2013 7:32 AM in response to Don Roedl

Don,

That is correct. I previously forgot to setup usershares for each user, which I have done now.

Now I am getting an error "You are unable to log in to the user account "<user>" at this time. Logging in to the account failed because an error occured"

I'm not sure how I would go about mounting the user's home dir over AFP from the local admin account, but I can access the fileshare that the home dirs are on using AFP with credentials that I'm having trouble logging in with.

Reply

Answer 3

Don Roedl

Level 2

211 points

Feb 19, 2013 7:55 AM in response to mnorthern

To mount the users home directory over AFP while logged in as the local admin, invoke the connect to server command, Enter the name or IP address of the server, and then enter the users name and password. The users home directory should then appear in the list of options.

Two quick questions:

How did you set up the user shares for each user? (by user shares you mean home directories, correct?)

Are the user shares located on the same volume as the server operating system, a second volume on the same box, Or on another device?

Reply

Answer 4

mnorthern Author

Level 1

10 points

Feb 19, 2013 8:20 AM in response to Don Roedl

I was able to successfully mount the user home dir over AFP.

1. I set up the user share (home directory) through server manager. I created a Home sharepoint, then enabled automount. Then, in workgroup manager, I created the home directory on the sharepoint that I set up.

2. The user shares are located on a Promise RAID that we have also setup as a fileshare. I created a separate folder within the fileshare to be used as their home shares.

Reply

Answer 5

Don Roedl

Level 2

211 points

Feb 19, 2013 8:39 AM in response to mnorthern

Ok. Moving along......For the purpose of simple troubleshooting I would try this:

Setup a 'test' account with the user home directory located on the Users folder on same volume as the operating system on the OD server. See if this account can login successfully and mount the test users home dir at login.

Reply

Answer 6

mnorthern Author

Level 1

10 points

Feb 20, 2013 5:26 AM in response to Don Roedl

Created the account with a home directory located on the Users folder on the Main HD.

I get the same message.

I have some screenshots as well

Reply

Answer 7

mnorthern Author

Level 1

10 points

Feb 20, 2013 6:23 AM in response to Don Roedl

Here is another of the issue I'm getting.

You can see below, it is communicating to the server because I set a Login policy to say "GROUP POLICY".

Also, if I type invalid credentials, I get an immediate window shake, so there seems to be some sort of authentication going on. Maybe there could be an issue with Kerberos?

Reply

Answer 8

Don Roedl

Level 2

211 points

Feb 20, 2013 10:14 AM in response to mnorthern

If login doesn't work with the most basic User folder then the problem is not just with the user homes defined elsewhere. That is what I wanted to know - you can't log in to the box period. How is your DNS setup looking? You have forward and reverse DNS set up, and lookups test out correctly?

Reply

Answer 9

Don Roedl

Level 2

211 points

Feb 20, 2013 10:36 AM in response to mnorthern

You may find this information useful:

To verify correct DNS configuration on a Mac OS X Server system, use the changeip command.

Here is an example:

$ sudo changeip -checkhostname

Password:

Primary address = 10.20.30.3

Current HostName = host.example.com

DNS HostName = host.example.com

The names match. There is nothing to change.

dirserv:success = "success" $

This is the expected output for a host named host.example.com at the private IP address 10.20.30.3. You might see The DNS hostname is not available, please repair DNS and re-run this tool. or some other message as output from this command. However — if you do not receive that There is nothing to change. text in the output — then your DNS configuration has an issue; an unreachable DNS server, or a DNS configuration error.

Reply

Answer 10

mnorthern Author

Level 1

10 points

Feb 20, 2013 11:36 AM in response to Don Roedl

I received the expected output on the server.

However, currently, DNS is being handled by our Active Directory server for all clients. The company only has about 15 people using Macs. Will the machines still be able to authenticate with the Mac Server if they are using our Windows server for DNS?

I think I'll have to look into adding the Mac workstations to our existing DNS with lookup zones set to the Mac Server..

Reply

Answer 11

Don Roedl

Level 2

211 points

Feb 20, 2013 11:41 AM in response to mnorthern

"Will the machines still be able to authenticate with the Mac Server if they are using our Windows server for DNS?"

Yes, it doesn't matter what box does the DNS. Have you tested one of the workstations to ensure that forward and reverse lookups to the SL server are working properly?

Reply

Answer 12

mnorthern Author

Level 1

10 points

Feb 20, 2013 11:50 AM in response to Don Roedl

I did an nslookup on the Mac SL Server, which timed out "no servers could be reached". Looks like it is a problem with DNS. I'll have to look into how to add these Mac computers to our DNS. Thank you so much for your help!!!!

Reply