Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

OD user login failed - afp issue?

Hello,


we are running OS X 10.8.3 with Server 2.2.1. It works as an Open Directory Master. Users could login, load their profile and use their file shares. But after two weeks the login didn't work anymore. "The user "xyz" can't be logged in at this time" or just a loading wheel forever. A server reboot solved that problem for about 4 days. Afterwards the problem reoccured. I rebooted the server again and so on. Today the server has to be rebooted every morning to enable the OD login.


In the OD error log isn't anything listed. In the OD server log the following entries can be found for every user who tries to login:


Jul 17 2013 11:08:26 305407us    AUTH2: {0xnnnn..., username} WEBDAV-DIGEST authentication succeeded.
Jul 17 2013 11:08:43 488599us    int CAuthProtocol::DoAuth(int): second token: nnnnnnnnnnnnnnnn...


The OD authentication seems to be working for me. The afp error log shows the following errors:


Jul 16 10:49:56 xserve-neu.<domain> AppleFileServer[902] <Info>: Kerberos fail: gss_acquire_cred major status_value <458752>  minor status_value <0>
Jul 16 10:49:56 xserve-neu.<domain> AppleFileServer[902] <Info>:       major error <1>:  No credentials were supplied, or the credentials were unavailable or inaccessible.
Jul 16 10:49:56 xserve-neu.<domain> AppleFileServer[902] <Info>:       minor error <1>: unknown mech-code 0 for mech unknown


This seems to occur once when the server is booted but after the server is started the users can login with their OD accounts for about a day (at the moment). For that I'm not sure if there is a relation.


While the user cannot login the afp access log shows up entries like the following after the "normal" entries (reading files, creating files... for the authenticated user):


Jul 17 09:54:39 xserve-neu.<domain> AppleFileServer[902] <Info>: IP <client IP address> - - "Delete .afpDeleted4632129" 0 0 0
Jul 17 09:54:39 xserve-neu.<domain> AppleFileServer[902] <Info>: IP <client IP address> - - "Logout <username>" 0 0 0
Jul 17 09:54:39 xserve-neu.<domain> AppleFileServer[902] <Info>: IP <client IP address> - - "Logout <username>" 0 0 0
Jul 17 09:54:39 xserve-neu.<domain> AppleFileServer[902] <Info>: IP <client IP address> - - "Login <Guest>" 0 0 0
Jul 17 09:54:40 xserve-neu.<domain> AppleFileServer[902] <Info>: IP <client IP address> - - "Logout <Guest>" 0 0 0
Jul 17 09:54:40 xserve-neu.<domain> AppleFileServer[902] <Info>: IP <client IP address> - - "Login <Guest>" 0 0 0
Jul 17 09:54:40 xserve-neu.<domain> AppleFileServer[902] <Info>: IP <client IP address> - - "Logout <Guest>" 0 0 0
Jul 17 09:54:40 xserve-neu.<domain> AppleFileServer[902] <Info>: IP <client IP address> - - "Login <Guest>" 0 0 0
Jul 17 09:54:40 xserve-neu.<domain> AppleFileServer[902] <Info>: IP <client IP address> - - "Logout <Guest>" 0 0 0
Jul 17 09:54:40 xserve-neu.<domain> AppleFileServer[902] <Info>: IP <client IP address> - - "Login <Guest>" 0 0 0
Jul 17 09:54:40 xserve-neu.<domain> AppleFileServer[902] <Info>: IP <client IP address> - - "Logout <Guest>" 0 0 0
Jul 17 09:54:40 xserve-neu.<domain> AppleFileServer[902] <Info>: IP <client IP address> - - "Login <Guest>" 0 0 0
Jul 17 09:54:40 xserve-neu.<domain> AppleFileServer[902] <Info>: IP <client IP address> - - "Logout <Guest>" 0 0 0
Jul 17 09:56:37 xserve-neu.<domain> AppleFileServer[902] <Info>: IP <client IP address> - - "Logout " -5023 0 0
Jul 17 09:56:37 xserve-neu.<domain> AppleFileServer[902] <Info>: IP <client IP address> - - "Logout " -5023 0 0
Jul 17 09:59:42 xserve-neu.<domain> AppleFileServer[902] <Info>: IP <client IP address> - - "Logout " -5023 0 0
Jul 17 09:59:42 xserve-neu.<domain> AppleFileServer[902] <Info>: IP <client IP address> - - "Logout " -5023 0 0


I tried to restart the afp service using the server.app while the problem occured. The start of the service hangs at "file sharing informations are read".


I read about ktutil list to check the kerberos connection. I get the following output on the server for every client related to afp:


  1  aes256-cts-hmac-sha1-96  afpserver/<clientname>.local@XSERVE.<DOMAIN>                                                      
  1  aes128-cts-hmac-sha1-96  afpserver/<clientname>.local@XSERVE.<DOMAIN>                                                      
  1  des3-cbc-sha1            afpserver/<clientname>.local@XSERVE.<DOMAIN>


For me it looks as though AFP is the problem but I have not the faintest idea how to fix it. I hope you have.


Could be mobile accounts a workaround for the meantime?


Your help is greatly appreciated!


Kind regards,


ragob66

Posted on Jul 17, 2013 5:23 AM

Reply
3 replies

Sep 13, 2013 3:45 AM in response to ragob66

Hello,


the problem occured because of an error in the implementation of the Backup daemon. The system comes back to normal when the daemon is restarted. The vendor of the backup software fixed this problem with a software update based on the information I sent them about the related system process.


The problem could be tested by trying to activate a profile afp share. That takes a long time while the problem was ongoing. Otherwise it happens in nearly no time. Interestingly non profile afp shares behave different. These could be mounted in nearly no time even when the problem occurs.


Thanks!


Kind regards,


ragob66

OD user login failed - afp issue?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.