unable to get network users working in server 3

Hi Ali,

Hi all,

All in all I have tested 3 times to update Mavericks, update server 3 app, to find the server does not function anymore, then roll back to Mountain Lion server via TimeCapsule

Every loop takes roughly 10 hours to complete.

I am now defenitively back on Mountain Lion server and will stay there for the moment.

Mavericks with Server 3 app is just not functional.

Perhaps Apple's future strategy is cloud based and tries to make OSX server uninteresting?

Maybe it is just a team that does not know what it takes to create a stable *server* product.

Lot's of their decisions on the OSX server do not make much sense (*1) and every update complelety wrecks my server resulting in a complete new fresh install. That takes tons of time.

(*1)

silly decisions such as:

Lack of *detailed* server documentation, as it existed up to 10.6.

Whole pages of the helpfile simply empty. Why call it help file if it does not even show anything.

Unfinished GUIs, with a lack of options to use all features.

Missing mail fetcher.

Dropped support for Active Directory.

Error prone DNS configurations.

Buggy Profile Manager.

Lack of scripting to support rights settings for multiple users or groups. Why do I have to go through the silly GUI time and time again? Even Novell 3.1 had those features (that was 1992!)

Oh well, rant over.

Response from Apple regarding my complaint:

"Hi! This is xxxxxx from the iTunes Store Support Team. I have taken over the ownership of your request and will be attending to your email to ensure that your issue is resolved.

I'm very sorry to hear OS X Server is not functioning the way you hoped and you are dissatisfied with your purchase.

In five to ten business days, a credit of 13.99 GBP should post to the credit card that appears on your receipt.

I trust that you'll be able to view your refund within the following days. Should difficulty arise with your account, please don't hesitate to reply. Thanks and have a great day. "

No answer to the problems but at least they refunded me.

In the same boat with you all guys!

Maked a fresh clean install on newly buyed Mac mini Server and same issues with Network User Accounts. I tested connection with OD Server 10.9 from 10.4.11 to 10.8.5 clients and they works without troubles, but same OS X Mavericks clients refuses to log in to NUA. Also tryed to connect to Directory with accounts from Directory Utility and it surprisingly worked! But enterings from Login Menu - no go! What to do? Have no idea...

DNS also configured with FQDN. But FQDN in DNS server appears right, but in System Preferences it shows as ".local" hostname...

I also found myself unable to login to network services, such as filesharing, after upgrading to Mavericks and then Server 3.

Not really understanding what Open Directory is or what it is used for, in my hunting around for a solution, I came to this section in the server app and wondered why it said that it was unable to locate a 'replica'. It didn't look like OD was really serving and purpose... so I turned it off.

Going back to my Users panel, I could now see that they were all gone. This wasn't a big problem for me since I'm really the only user... so, I just added myself in again... same name... same password as before.

BINGO! Everything works now.

I know that this isn't really the answer that most of you were looking for but I thought that I'd throw in my two cents in hopes that it helps someone. My guess is that the upgrade has messed up the Open Directory somehow and that since this controls access to resources that is causing the password screen shake.

It also seems that I now have an account on the server in the Users & Groups section of the System Preferences. Again, not a big deal for me but not ideal if your running a server for a larger group.

Clients 10.9 and server 10.9 with server 3.0:

Observation:

When connecting to an afp-share from a client.

writing in a random password give an error message.

writing the correct password makes the window shake.

Turning off Open directory services:

writing in a random password makes the window shake.

writing the correct password makes the window shake.

I also encountered similarly problem when I upgraded from 10.8.5 (with v2 server) to 10.9 (with v3 server). After struggling with it for hours, finally I did the following things to have the problem solved:

1) I changed to use .mylan instead of .local or .private (I read from other posts that .local or .private could cause some strange conflict).

2) Using sudo changeip -checkhostname to make sure the setting is correct.

3) This step is important: make sure the FQDN is correctly setup in the DNS. I have been running my mac server for years, and until yesterday I found out that the default DNS setup (zone) by Apple was incorrect, where the host name was incorrectly included in zone name! Refer to this link to learn what a correct setup should be:

http://www.justinrummel.com/10-8-mountain-lion-server-dns/

4) Finally, I destroyed the OD and recreated it.

Bingo! All strange errors and login problems gone, and finally I have a working Mavericks server.

It's interesting you raise about the FQDN being incorrectly setup - I'd forgotten about that but did have the same issue when we first setup our Lion server.

Also what you said about DNS. IT wouldn't surprise me if many people's existing DNS is not correct and Mavericks is less forgiving of this resulting in problems for upgraded servers.

I installed Mavericks from scratch on a formatted drive and used a new FQDN. I bound to a ML OD master but apart from the shaking dislog on the first time login (see my earlier post about logging in with SMB and then AFP to fix that) it has worked fine since - with any client.

I'm certainly not ready to commit this to a production server but for basic file sharing and web (the only things we have tested so far) it seems to be working OK.

If you are still having problems definitely check the DNS as suggested by dleunghk above.

I believe I may have identified the final guilty party in my saga, and it looks like it is Little Snitch 3.3. As mentioned here previously, through the steps we have taken, we got it mostly working with some of us having continued difficulty with Maverick client with Maverick server. In my case, I had a working mobile maverick client, just not the regular client.

Turning off the Little Snitch 3.3 on both the Mav client and the server enabled proper operation. I will test further and report back.

UPDATE: After testing further, I can definitely say that Little Snitch 3 (version 3.3) has been playing an active part in the Maverick Server saga in my case:

• LS3 works fine on the server and on the client unless both of them are Mavericks.
• LS3 works fine if Mavericks client is mobile.
• LS3 prevents log in on a properly set-up Mav server + desktop client based on the details shared in this forum.
• Using LS3's "Restart in permissive mode..." does not resolve this problem, as I had been using that all along.

Furthermore, I had seperately discovered that LS3 has issues remembering previous rules on network accounts, and I had previously reported that to Objective Development.

It works for me only if I stop Little Snitch 3.3 network filter on server and client.

I have reported this as a bug to Objective Development.

That maybe for you but this isn't what I've seen as I've been using Fresh Installs of (i.e. erase HDD) Mavericks on Server and/or Client without installing Little Snitch.

Glad you've resolved for yourself but there is, unquestionably, a wider and more serious problem.

Thanks

ROb

I agree that there is indeed a far bigger problem than Little Snitch as we have collectively documented here. The Little Snitch issue just adds to it... Incidentally, we are almost at week three with no proper resolution from Apple.

I see 3.0.1 is out.

Fixes "for various Profile Manager Migration issues' - doesn't sound anything to do with our current issue to me...but I'd love to be proved wrong of course....

Thanks

Rob

I'll be ****** -- IT WORKED!!

Upgraded the test (mavericks) Server to 3.0.1 on the Macbook Air and lo and behold, I was able to log-on successfully on a Mini Client (Mavericks) !!

Although it should be noted the account that I had created using server 3.0 didn't work properly (unlike previously where it wouldn't get pass the logon screen, it actually got the desktop but nothing worked) - So I created a new user and bingo logged in and out like its supposed to, Note I did reboot both the server (after 3.0.1 update) AND client Mac.

So it seemed there were other fixes in the 3.0.1 update

One other thing to note - and think this this is another bug although not as serious as the main theme:

So on the Mini Client, I added the test server (MBA, called airserver) in addition to the production server (called Mountainserver). When I rebooted I got a list of users from BOTH servers as you'd expected BUT whilst I was able to login airsever ok (after creating a new) account, I COULDN'T log into mountainsever (got 'its not possible to log into thie account at this time' sort of error).

Only by removing airserver from the Mac Client and rebooting was I then able to log back into mountainserver again i.e. BAU. So perhaps there is problem with more that 1 sever, but its ok for me as the original problem appears to be resolved

I look foward to anyone else confirming success with 3.0.1?

Thanks

Rob

Update did not solve the problem, cant login via AFP - but can via SMB