unable to get network users working in server 3

I have been having the same issue and it looked to be that the DNS service was not automatically enabled or setup moving to server 3.1.1 I dont know if this is related as thre is 11 pages prior to my reply but ir fixed it for me even though I had the green light etc without DNS there was no authentictacted method to allow my network users to log in.

i was able to log in after changing the default home from a Homes folder, to "local only" -- it then prompted me to create a mobile home account.

I have had this issue now for quite some time and I have done all the changes read in this thread and many others with no luck at all. Basically I am at a point now where I have told the CEO of our company our network no longer works because we upgraded to OSX 10.9 and whats worse is there is no solution in sight. Same issue everyone else has, 10.9.2 server will not authenticate 10.9 clients but will older clients. We have tried everything so now I am pulling the plug. It is not just the authentication, everything within the control panel just seems buggy. Nothing works as it is supposed to. Central authentication is a fundamental service and out of the box Apple's server and client OS do not support this function nor will they for most individuals even with the support of numerous experienced IT personal.

I am extremely disappointed in the lack of attention or response to this issue from Apple. This has cost us a great deal of money but it will be the last Apple product we ever buy. Back to Windows.

I might have an answer for a few using old iMacs (early 08's). I logged into a client, standalone, removed the server (sys pref>user & groups>login options>Network account server) and found it was no longer available when I attemped to rebind.

Not sure why but when I did restarted using the finger acrobatics reseting the PRAM, then booting into safe mode (hold shift during start up until apple logo appears), while in safe mode run a disk permissions repair, restart. log back in as standalone and found i could bind to the server again.

It appears to work although, now I'm getting a pesky pop up saying theres a problem connecting to the server ip (twice), while loging on as a network user, but it still logs in... after a while! When I login standalone, it asks for the server username and password, then pops up with the same message (twice again) that it cant connect to the server ip again. I've no idea where its coming from as there are no mounted drives for it to request the server ip as standalone.

Anyway, I've also notived that Lion macbooks have no issues at all and login with no pop up, but mavericks macbook (only bothered with one) is a PIA and after many attempts and permission resets, it finally logged a username.

I hope the permissions reset helps some of you and hope someone can come up with an solution to this blasted IP pop up for me in return.

Thanks

Everyone having this issue,

Our consultancy supports dozens of facilities around the country, primarily Xsan post production facilities, and have slowly been upgrading them to Mavericks. With those upgrades we've discovered numerous issus. This being one of them.

We don't have a full on solution to this issue yet, but have figured out a workaround to the network user logins that has worked for us 100% of the time. Although annoying as it is, it solves the problem when it arises while we work on the bigger issue at hand (which I think we are close to resolving as well).

That being said, one particular facility will have days where there 10.9.3 Mac Pro systems can login to their Open Directory accounts, and some days where they can't. This facility has another edit station that is still running 10.6.8 and does not have this issue at all. Our directory servers are Mac Minis running 10.9.3 and the latest version of the server app v3.1.2.

What we have found, is that by rebooting the Open Directory master, then logging into the local admin account on the 10.9.3 edit station(s), we can go into System Preferences > Accounts > Login Options > Edit, and unbind and rebind the edit station. Then after a reboot, the OD users are able to login again.

Like I said, having to do this several days a week isn't an ideal solution, but our editors can keep working and because these are new Mac Pros, we don't have the option of rolling back the OD servers to an earlier version of the OS because the Mac Pros come with 10.9 installed.

Hope this helps at least some of you keep working in 10.9.3. We will post back if we find a more permanent solution.

have you checked that the clock on the workstation and server are matching?

i found that the clock in mavericks loses time and after resetting the clock (by logging in to a local account on the machine, opening date/time prefs and de/reselecting network time server) i can log in. the issue didn't occur in 10.6.8 machine because it uses a different version of ntpd.

our solution was simply to move everyone to local accounts, since we don't need open directory for anything really anyway.

I believe your solution is working because when you reboot, upon boot it sets the clock.

We have checked time on all systems. All systems use an internal NTP server and are all syncing properly.

I can further verify that there isn't any time drift because the directory replica doesn't ever get rebooted when this issue occurs and the Master and Primary are in sync to the second.

Simply rebooting the workstation doesn't fix the issue nor does rebooting the OD Master by itself. Also, logging into a local account on the workstation and unbinding and rebinding doesn't solve the issue. It is the combination of rebooting the Directory server, unbinding/rebinding the client and then rebooting the workstation. In that order.

I've been struggling to get network logins to work with Mavericks Server. This is completely unacceptable from Apple.

I'm an experienced Mac user but I've wasted more time on this POS than on setting up Windows 2012 Server, and that's with zero Windows experience. Pretty shameful stuff from Apple.

Anyway, I started out the process documenting all the steps and things I tried and abandoned that approach after getting nowhere so I don't have exact steps but this worked for me:

In my case, forget all the talk about DNS in this thread, that side of things seems to work as a stock Server.app configuration which is added after setting up a host. What did it for me was to destroy the OD master (yeah ... I know), set up hostname as SERVERNAME.DOMAIN.DOMAIN e.g., macminiserver.mydomain.private, computer name I set to SERVERNAME. Then I added a user and was able to login from a client.

I'm sure I've done almost the same thing a few times but that last time it stuck and everything works OK.

Now I'm worried that an update, power outage, etc will revert the server back to it's non-working state. I'm appalled at the flakiness of this product. Would it be too much trouble for someone at Apple to actually address this very serious issue?

lesliefromstockton-on-tees

Thanks this worked for me. My DNS is served from my airport router and my local machine was looking there not at the server. Adding both my Router IP and server IP to the local machine allowed me to login my network user on the mavericks client. No issue logging in from ML client.

Reply to anyone listening at Apple?

It seems illogical that when you create a network account via Workgroup Manager that you then need to go to server and then enable that created network account access to File Sharing

So I need to find a simpler way to create a network user with network access than hand select 1721 accounts (which were imported from a previous wgm server) and allow them access to their network account - it seems every update takes away network management tools - this is an additional step that was not required in versions pre-10.7 server

It seems the simplest way to go to allow your Workgroup Manager (Open Directory) accounts access to filesharing is via Server group access

This tool does allow granular control but still an account created in Workgroup Manager (download via apple support) should by default have access to their assigned fileshare... still Apple as mucked around with network management -- taking away tools - such as Radius - which is preinstalled but no more gui - so, when trying to find an issue- especially managing 30 plus devices- gets really annoying

Has this issue been solved? Ever? I mean, has ever Apple told us where the problem is?

Here is my situation:

I have a Mac Mini server running Maverick latest version. And I have an iMac running again Maverick, latest version. DNS is provided by a Linux box, on the same network, and it works just fine, both normal and reverse resolution.

--------------------------------------------------------------------------

imac:~ John$ dig family.myorg.org

; <<>> DiG 9.8.3-P1 <<>> family.myorg.org

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42363

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:

;family.myorg.org. IN A

;; ANSWER SECTION:

family.myorg.org. 10800 IN A xx.xxx.193.147

;; AUTHORITY SECTION:

myorg.org. 600 IN NS ns2.yyyyy.com.

myorg.org. 600 IN NS ns.myorg.org.

;; ADDITIONAL SECTION:

ns.myorg.org. 10800 IN A xx.xxx.193.146

ns2.xxxxxxx.com. 158484 IN A 65.yyy.yyy.218

;; Query time: 4 msec

;; SERVER: xx.xxx.193.146#53(xx.xxx.193.146)

;; WHEN: Fri Sep 19 09:25:28 2014

;; MSG SIZE rcvd: 134

-----------------------------------------------------------------------

And reverse

-----------------------------------------------------------------------

imac:~ John$ dig -x xx.xxx.193.147

; <<>> DiG 9.8.3-P1 <<>> -x xx.xxx.193.147

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50235

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:

;147.193.xxx.xx.in-addr.arpa. IN PTR

;; ANSWER SECTION:

147.193.xxx.xx.in-addr.arpa. 10800 IN PTR family.myorg.org.

;; AUTHORITY SECTION:

193.xxx.xx.in-addr.arpa. 10800 IN NS ns.myorg.org.

;; ADDITIONAL SECTION:

ns.myorg.org. 10800 IN A xx.xxx.193.146

;; Query time: 57 msec

;; SERVER: xx.xxx.193.146#53(xx.xxx.193.146)

;; WHEN: Fri Sep 19 09:28:12 2014

;; MSG SIZE rcvd: 112

-----------------------------------------------------------------------

The exact same results, I get if I dig the server name or if I dig -x the IP address from the server. So in essence the DNS is working correctly.

Hoowever I have the following issues:

1. In the System Preferences, Remote Management, when I try to add users to the list of users who can manage this computer remotely, I do not see any of my network users, only the admin, who is of course a local user. Even though I have selected "All users" in the Remote Management, still, only the admin can use the screen sharing facility from the iMac.

2. When I try to connect via afp from the iMac to the Server, I get the shaky password block. If I use SMB I can connect fine (both options are checked in the File Sharing).

3. I can't log in from the server console, with any of the network accounts, only with admin.

All these things used to work fine, before upgrading to Maverick.

I've tried various ideas on how to correct this, most of them from this thread, with no result.

Needless to say, that any help would be appreciated.

The problem solved, long time ago. OS X Server must be used as one and only one dns server for all clients. And only then, clients will connect to network accounts in Open Directory.

P.S.: this is commonly requirement of Mavericks clients to server, as mountain lion and lower (even Tiger), works in other network configurations.

What?!?!?!

That's a joke, right?!?!?!

I mean, why should I use that server as my DNS server, when I already have a DNS server in my network?!?!

The more we move down Apple's version, the worst the server environment becomes.

Nope, its not a joke. Apple seriuos as never. There we can see, (my thoughts) that Apple DON'T WANT to support and take any responsibility for network compatability with the third party systems by centralizing theyr own network infrastructure. Also this is merketing step, so i think you can understand it, you living in capitalism, right? 🙂