unable to get network users working in server 3

I also experience the same kind of issue.

I can log in in mail, wiki, cad/carddav,... but I cannot change the password nor on the web page, nor with the server app, nor with the workgroup manager 10.9 where I get the following error message : "The password could not be set - In order to set the password of a a user with an Open Directory Password, your own password type must be Open Directory. Administrators with other password types cannot set the password of a user with an Open Directory password."

When I try to connect to my mail (IMAP) with roundcube I consistantly get a User Authentication error (since just after update to server 3.0)

The server was fully functional before upgrading to mavericks/server 3.0

Any idea is welcome !

Hi Ali,

Thanks for the tip. I even have CC, thought it was not required this time because I had a "full" backup to a second timecapsule.

My error. How in &$^# do I get the timecapsule backup of the server running Mountain Lion back on the now Mavericks upgraded server. Does not seem to accept that.

Will certainly make the mirror image with CC next time, but can you or anybody else help explain how I can reuse my timecapsule backups to roll back?

Thanks already.

best regards,

bibop.

Could it be that switching to SMB2 in Mavericks is the culprit, as documented here and here?

I've now joined the club of restoring my ML server from Timemachine and all is well. The client machines are running Mavericks and seem quite happy logging onto a ML server.

I did try creating a brand new Mavericks server from scratch but I was having sufficient problems just getting things working in Workgroup Manager that I think I'll leave the server on ML until there's a compelling reason to try again.

[quote]My error. How in &$^# do I get the timecapsule backup of the server running Mountain Lion back on the now Mavericks upgraded server. Does not seem to accept that.[/quote]

Boot, on the chime hold alt, choose Timemachine when the options present themselves and restore from there.

Exact same problem here. Upgraded server, all ML clients can connect no problem. Mavericks client cannot use network logins via SSH or user login to connect. Hopefully there is a patch soon!

Hi Ali,

I tried but I cannot get the server 3 app not running and without it I cannot change the AFP protocol to SMB(2). Prior to upgrade I had ML server 2.2 running AFP exclusively.

Anyways, after a week of trying I will restore the TimeCapsule backup and fall back on Mountain Lion + server 2.2.

I think this Apple product's support is progressively getting worse.

No documentation to speak of, buggy implementations, vague GUI with limited configuration options.

And every update so far wrecks the server leading to a fresh and new install.

I had new server installation due to Open Directory got corrupted and malfunctioned after normal operation.

Same due to the buggy Profile Manager, leading to completely locked up server and clients.

Now it is a simple, forced upgrade to a new server 3 app because the of the Mavericks upgrade.

As if I have tons of time to spend for that.

Apple -1 on this release.

To summarize our collective misery so far:

• ML server + ML & Mav clients - OK
• Mav server + ML clients - OK
• Mav server + Mav clients - Broken

For the SMB transport thing, I tried:

Force smb1 on a client by following this. In essence creating a file named nsmb.conf in /etc directory containing:

[default]

smb_neg=smb1_only

-> no luck. [I did this on the Mav client. Did not try on the Mav server.]

Seperately, I turned off the wireless interface on the server, retaining the gigabit wired connection. The account server went red instead of green on the Mav client. So I deleted and readded the network account server on the Mav client. I was magically able to login with Mav. Alas, the joy only lasted until the next test reboot.

PS. Mav server has broken roundcube webmail as well, and I haven't been able to resurrect that either.

Same problem withroundcube ==> authentication error... While reconfiguring a new instance, imap (mailbox) login test consistantly failed for all user while smtp was working (email send test).

Still can't logon despite:

I've done a fresh install of Mavicks *and* server on one of two MBA's and thereofre I now have 2 Mavericks servers running (the other being the restored ML Server on my mini).

By doing this I am not messing up my 'production' server on the Mini.

Bound the 2nd MBA to the MBA server no problems. I've tried various suggests on this forum e.g.

- added and removed the server sveral times to the client i.e bound and unbound - no beans

- Specified DNS name & IP of server on client MBA - no beans

- Tried Darren Miller suggestion of sudo ktutil get -p diradmin ldap/myserver@MYSERVER.LOCAL - no beans (obviously with my server details)

- Whilst DNS is running and appears ok - I am not expert - so I can't determine whether its setup ok but left as apple defaults - no beans

- Added and removed Master OD several times - No beans

- Tried renaming server from say, airserver.local to airserver.lan - No beans

- I don't know how to point the server to use SMB (1) instead of of AFP (or SMB2) - does it make any difference?

Still getting the no such entry found in hdb blah in log:

02/11/2013 18:38:55.526 kdc[10490]: AS-REQ airuser2@AIRSERVER.LOCAL from 192.168.0.31:51179 for krbtgt/AIRSERVER.LOCAL@AIRSERVER.LOCAL

02/11/2013 18:38:55.535 kdc[10490]: AS-REQ airuser2@AIRSERVER.LOCAL from 192.168.0.31:51179 for krbtgt/AIRSERVER.LOCAL@AIRSERVER.LOCAL

02/11/2013 18:38:55.537 kdc[10490]: Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ

02/11/2013 18:38:55.552 kdc[10490]: AS-REQ airuser2@AIRSERVER.LOCAL from 192.168.0.31:55615 for krbtgt/AIRSERVER.LOCAL@AIRSERVER.LOCAL

02/11/2013 18:38:55.563 kdc[10490]: AS-REQ airuser2@AIRSERVER.LOCAL from 192.168.0.31:55615 for krbtgt/AIRSERVER.LOCAL@AIRSERVER.LOCAL

02/11/2013 18:38:55.565 kdc[10490]: Client sent patypes: ENC-TS

02/11/2013 18:38:55.566 kdc[10490]: ENC-TS pre-authentication succeeded -- airuser2@AIRSERVER.LOCAL

02/11/2013 18:38:55.569 kdc[10490]: Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96

02/11/2013 18:38:55.569 kdc[10490]: Requested flags: forwardable

02/11/2013 18:38:55.588 kdc[10490]: TGS-REQ airuser2@AIRSERVER.LOCAL from 192.168.0.31:53303 for host/macbook-air-caroline.local@AIRSERVER.LOCAL [canonicalize, forwardable]

02/11/2013 18:38:55.590 kdc[10490]: Searching referral for macbook-air-caroline.local

02/11/2013 18:38:55.591 kdc[10490]: Server not found in database: krbtgt/LOCAL@AIRSERVER.LOCAL: no such entry found in hdb

02/11/2013 18:38:55.591 kdc[10490]: Failed building TGS-REP to 192.168.0.31:53303

02/11/2013 18:38:55.597 kdc[10490]: TGS-REQ airuser2@AIRSERVER.LOCAL from 192.168.0.31:59090 for host/macbook-air-caroline.local@AIRSERVER.LOCAL [forwardable]

02/11/2013 18:38:55.599 kdc[10490]: Server not found in database: host/macbook-air-caroline.local@AIRSERVER.LOCAL: no such entry found in hdb

02/11/2013 18:38:55.599 kdc[10490]: Failed building TGS-REP to 192.168.0.31:59090

Note that MBA logs onto ML server (mini) perfectly fine - so I am completely out of ideas as what issue is - I can only assume (as before) its too buggy to use - APPLE YOU NEED TO FIX THIS

when is Maverick Server 10.9.1 coming out??

Not soon enough, Apple, poor quality software products like this is not acceptable, I though this was Microsoft's job?

Just asked for a refund, lets see what happens.

Had the same issue which I was able to fix by doing a clean install. I noticed the following. Installing server on a mavericks clean install created a permissions issue that I have not been able to fix on "etc/

As some people pointed out. I have also been fighting DNS settings for months. I use an iMac as server, where my kids log in and work. I have a Mac air that log in as network account

I have always wondered how the imac's DNS preferences should be configured. Using 127.0.0.1 has never worked for me, as it kills internet connectivity

Will try using SMB as protocol for home folders, see if it makes it work better

lesliefromstockton-on-tees;

Even if you get compensated, we will never get the hours we have wasted back, ever. All for beta grade software at best. For the last two years, Apple has been chipping away my confidence and trust built for them over the past 3 decades. And I suspect the reason we do not have a solution 12 days into it, is probably because they are busy refining important details of the next iPhone, such us the hue of gold.

Same summary than Ali Kaylan!

In my case a fresh clean install on the server got me to this (newly created home accounts and restored data user data from backup)

1) Open directory and file sharing don't automatically start when you setup a new server as was the case until 10.8.

2) Users folder on server wasn't on the file shares (amazing!!!), so my mobile network accounts on my ML Mac Pro couldn't sync until I shared Users on server. Simple issue but Users must be included on the shares as soon as you create a network user (as was the case before)

3) didn't work with the suggested .private extension. When trying to start open directory it said a mistmach between the name (server.private) and network address (!!???). Changing to server.local as before allowed to start and get to the curren sitution as described by Ali Kaylan

4) Can't bind any of my clients (Mavericks and ML) to server with diradmin account (authentication failed message). It does bynd anonymously (no user/password)

Hope this provide something useful