unable to get network users working in server 3

Upgraded to 3.0.1, still not working.

I created again a new test network account on Mavericks server. Logs in perfectly from Lion client, Login screen shakes on Mavericks client, so nothing changed

Mavericks Server with ML or Lion client works

Mavericks Server with Mavericks client DON'T work

Not sure if this is related but I can't bind my client to server with user and password. It does bind anonymously and there is a green dot in the network account server on the users pane at system preferences.

I dont know if anyone has mentioned this in this thread before but here it is again>>>

After upgrading to Lion Server, AFP clients may no longer be able to authenticate via Kerberos. The AFP service may be referencing the LKDC.

Resolution

On the AFP server, execute the following command in Terminal using the correct Kerberos REALM_NAME and a user account authorized to make changes in the Kerberos database:

sudo sso_util configure -r REALM_NAME -a diradmin afp

Note: You will be prompted for two passwords. First, for the current user's password, and then for the directory administrator's password.

Restart the server.

I am now fully up, just to reiterate my painful steps, and with some of the trivial details to help the less experienced:

• Image the server using Carbon Copy Cloner. (I used the version 3.4.7, the last free version, which seems to be still running OK with Mavericks.)
• Using .local set-up. My external domain name is used only in VPN, mail and websites settings.
• Using a DNS set-up manually created while "show all records" is in effect. (Any other way relying on Apple's automatic scripts seems to screw it up.) Primary zone "local", and each machine is listed as with their names under local. Except nameservers that are listed as x.local under the local zone. Looking for "only some clients" with "forwarding server" 10.0.1.1, my airport extreme router. The server and all of the clients are in the DNS.
• Server uses 127.0.0.1 as it own DNS followed by my airport extreme router at 10.0.1.1, followed by 8.8.8.8, and 8.8.4.4, DNS servers from google. [This is set-up in the network panel of System Preferences on the server.]
• Clients substitute the 10.0.1.x (my server) in place of 127.0.0.1 in the DNS, otherwise the same. All clients use my DNS services. [This is set-up in the network panel of System Preferences on the client.]
• Confirm reverse lookup works per Apple's directions. Server and the clients.
• Once all of the steps above are complete, blow away your Open Directory, and reset it from scratch. (What a pain in the derrière.) Set users, groups and file sharing up.
• [Optional] Bring trust certificates from profiles to clients using http://10.0.1.x/mydevices, so you don't have to confirm every time when you join.
• [May or may not be needed] Delete and rejoin the network account server on all clients.
• Make sure all Little Snitch installations in clients and the server have been removed.
• Server is 3.0.1, but this was also working before once I removed Little Snitch.

I hope this helps.

I had a similar problem - Mountain Lion server was unstable, so I upgraded to Mavericks and server 3; and also tried to rationalise the DNS issues, including renaming the server.

Result was a complete failure. Lion clients would give the "unable to login at this time" message; Mavericks client would shake as if the password were wrong. But if I logged in on a local account, I could see the server and connect to the home directories.

Restoring the DNS arrangments to the previous state didn't help.

Solution was to delete all certificates except for one which seemed to best match the server name; destroy and recreate the open directory object; manually recreate all the network users and groups; and manually grant each user read-write permission to their existing home directory.

Many thanks to all who have contributed to this thread - I couldn't have done it without you. And I hope my experience will be useful in turn.

Futher to the above - I have discovered that if you create a user without specifying a disk usage constraint, evidently some default constraint applies. This caused some users to be unable to write to their own home directories, desktop etc, messages about needing to repair the library, applications not launching etc.

Setting a suitably large disk limit (e.g 20 GB) solved the problem. Mavericks server.

Wish I'd seen this (and other) threads before clicking the install button...however, we're back up and running without too much downtime.

We had 4 ML machines working happily with ML server. We updated all the clients to Mav, all OK. We updated the ML server to Mav + Server 3.0.1 and had problems with users being unable to access network accounts or fileshares as lots of folks have described above. However without too much inconvenience, we seem to be up and running again.

By changing the server address in the connect to server window from afp://xxxx to smb://xxxx we got connections back on all our shares. We still didn't have network logon access however...

On individual machines, we removed the profiles and the network account server. The network server was then re-added, the machines re-enrolled in the Profile Manager and fresh profiles downloaded and voila, users were able to login again.

I realise all networks will be different, but hopefully this will help some people...

I still have not seen a solution on the "Networ" folder being created and when a second user logs in (without rebooting) the home folders are unavailible. It appears to not be correctly dismounting the home folders since I can log back in with "user 1" fine, but if I try to log in "user 2" i get the home folder unavailible message. If i reboot, i can login with "user 2" fine, but then if I log out and try to login with "user 1" i get the home folder unavailible. All worked fine with AFP and ML Server+ ML Clients. DIdn't have this problem with Server 3.0 and Lion clients. seems to be client side to me....i logged in with admin account via ssh and noticd that after logout, the home folder for the previous user was still mounted. I've instruced my folks to select "reboot" instead of logout as a workaround. Everything else appears to be working fine (for the moment....)

I have the exact same problem. Apart from macs I upgraded straight from 10.7 to 10.9 log in network accounts just fine.

Any macs going from 10.8.5 to Mavericks 10.9 cant log in. Something overwritten/reconfigured and broken in this 8>9upgrade? I suspect that the 10.9 client might be trying to force Kerberos on the log in credentials but we have never needed to use this service and just rely on Password Service etc.

This means any new macs we buy on 10.9 we cant use on our network because of this issue. We have 400+ macs and 1500 users to consider. I have officially logged this to the Apple bug site but not had any feedback as yet.

i have had success with 10.9.1 clients being able to log in again using network accounts(shaking password box previously) to our Mavericks server. After looking at all the client settings again I noticed that the time server settings had changed to Apple Europe sync after the upgrade to 10.9. and the times on the 10.9 clients (not logging in) had drifted by about 8-12 minutes from the time on the server. I normally have this set to use our own server for the time sync and I had overlooked this as its very important for the client and server to be within a few minutes for Kerberos authentication etc. I know this is a basic thing but I had overlooked at this being a problem! This has worked on all our recently upgraded macs to Mavericks from Lion and Mountain Lion after making sure the times are syncing between the client and servers. This is certainly worth checking out if you havent already done so.

P.S. to those who had trouble binding the client to the server this fixed this issue also after the times on the client and server were synchronised

Update to Server 3.0.2 didn`t fix anything about the networ folder problem.

"I've instruced my folks to select "reboot" instead of logout" still works as bypass, but I ask myself when Apple will make networklogin full functional again?

peter

Message was edited by: Peter Rauen

I found success after performing the update by then going to the client machines (on local admin account) and in system prefs > Network > Advanced I removed and readded the correct DNS address, then restarted the computers. Four computers so far are loging in to network accounts without trouble.

All, nothing works for me. I've rebooted as per Peter advice, removed and readded DNS addresses as per AJBaer's, same time server, etc.

I have a simple configuration as I descrived earlier: Airport Extreme as a DNS server, mini server and MBP and Mac Pro clientes which worked perfectly until I upgraded to Mavericks. Even worst, now I cannot access network folders from standard (non admin) accounts from a ML client (which used to work until some weeks ago).

Pls help

I'm in a meeting but I wanted to point out to use OSX server you need to be using the server for dns, not airport. Your clients dns should point to server and dns should be on in server app if you are using clients to login to server. Did I understand correctly?

CCSchool, sorry, but I've been using this setup since Leopard with no problems at all, mobile accounts, printer server, etc, etc. Why server should be the DNS server? I could have other box as DNS server and mini as Open Directory and file server ...

Sorry about your trouble...I've always been under the impression that if you are going to have a server as the domain controller, it should also serve dns and forward it's dns queries to the router (the airport extreme in your case). I didn't see your previous description of what you have, but my understanding is just as you listed above. You have a client, a mini server, and an airport extreme. Are you binding the client (which is ML or mavericks?) to the mini server (running OD I assume), you could try manually setting the DNS on the client to the mini server and see if it helps. If it does, great, if not, sorry - but it's an easy enough try. I hope it helps. As you can see, lots of folks are having lots of issues with the new server and mavericks clients. My issue (still) is that I can't log one person in, logout, and then login wiht another user without first rebooting the machine. Frustrating!

At any rate, what I described above is what I"m using in a network with 25 machines or so, and having the clients point to the server for DNS is required in MS Active Directory. I hope this is somewhat helpful, or at least an easy something to try!