freefall722

Q: unable to get network users working in server 3

After upgrading to Mavericks and OS X server 3 I've been unable to log into my network accounts from any of my client machines (all also upgraded to Mavericks). The Network Account Server is showing as green on the clients and I don't get any warnings at the login screen but trying to log into any accounts results in the failed attempt "shake" of the password box.

 

I'm now on a fresh install of Mavericks on the server with some test accounts set up and I'm still not able to log in from any of my clients. I can however access any share points I set up. Not really sure what I'm doing wrong here.

Posted on Oct 23, 2013 12:11 AM

Close

Q: unable to get network users working in server 3

  • All replies
  • Helpful answers

first Previous Page 6 of 12 last Next
  • by trilogy1000,

    trilogy1000 trilogy1000 Oct 29, 2013 3:43 PM in response to Ali Kaylan
    Level 1 (45 points)
    Oct 29, 2013 3:43 PM in response to Ali Kaylan

    I agree, whilst I am sympathetic to the plight of those having problems, upgrading a production server with an untested new version is probably not wise.

     

    Having said that, we have clean installed onto a spare machine and so far have had no issue beyond the initial AFP connections. We will start testing it a bit more thoroughly over the next few days but I doubt we'd replace an existing server until at least a couple of dot releases have come. 

     

    We are only just ready to switch from Snow Leopard to Mountain Lion for our production servers so we're in no rush to get to Mavericks. Actually the reason we started testing was we considered skipping ML and going straight to Mavericks but I think that will now be put on hold. ML server seems pretty solid and that we have tested quite a bit.

  • by Fred de Gembloux,

    Fred de Gembloux Fred de Gembloux Oct 29, 2013 3:48 PM in response to nick.leblanc
    Level 1 (10 points)
    Oct 29, 2013 3:48 PM in response to nick.leblanc

    I also experience the same kind of issue.

     

    I can log in in mail, wiki, cad/carddav,... but I cannot change the password nor on the web page, nor with the server app, nor with the workgroup manager 10.9 where I get the following error message : "The password could not be set - In order to set the password of a a user with an Open Directory Password, your own password type must be Open Directory. Administrators with other password types cannot set the password of a user with an Open Directory password."

     

    When I try to connect to my mail (IMAP) with roundcube I consistantly get a User Authentication error (since just after update to server 3.0)

     

    The server was fully functional before upgrading to mavericks/server 3.0

     

    Any idea is welcome !

  • by bibop92,

    bibop92 bibop92 Oct 30, 2013 12:01 AM in response to Ali Kaylan
    Level 1 (0 points)
    Oct 30, 2013 12:01 AM in response to Ali Kaylan

    Hi Ali,

    Thanks for the tip. I even have CC, thought it was not required this time because I had a "full" backup to a second timecapsule.

     

    My error. How in &$^# do I get the timecapsule backup of the server running Mountain Lion back on the now Mavericks upgraded server. Does not seem to accept that.

     

    Will certainly make the mirror image with CC next time, but can you or anybody else help explain how I can reuse my timecapsule backups to roll back?

     

    Thanks already.

     

    best regards,

    bibop.

  • by Ali Kaylan,

    Ali Kaylan Ali Kaylan Oct 30, 2013 4:17 PM in response to freefall722
    Level 1 (5 points)
    Oct 30, 2013 4:17 PM in response to freefall722

    Could it be that switching to SMB2 in Mavericks is the culprit, as documented here and here?

  • by tehNellie,

    tehNellie tehNellie Oct 30, 2013 5:11 PM in response to Ali Kaylan
    Level 1 (0 points)
    Oct 30, 2013 5:11 PM in response to Ali Kaylan

    I've now joined the club of restoring my ML server from Timemachine and all is well.  The client machines are running Mavericks and seem quite happy logging onto a ML server.

     

    I did try creating a brand new Mavericks server from scratch but I was having sufficient problems just getting things working in Workgroup Manager that I think I'll leave the server on ML until there's a compelling reason to try again.

     

    [quote]My error. How in &$^# do I get the timecapsule backup of the server running Mountain Lion back on the now Mavericks upgraded server. Does not seem to accept that.[/quote]

    Boot, on the chime hold alt, choose Timemachine when the options present themselves and restore from there.

  • by pmolfese,

    pmolfese pmolfese Oct 31, 2013 10:08 AM in response to freefall722
    Level 1 (0 points)
    Oct 31, 2013 10:08 AM in response to freefall722

    Exact same problem here.  Upgraded server, all ML clients can connect no problem.  Mavericks client cannot use network logins via SSH or user login to connect.  Hopefully there is a patch soon!

  • by bibop92,

    bibop92 bibop92 Nov 2, 2013 5:27 AM in response to Ali Kaylan
    Level 1 (0 points)
    Nov 2, 2013 5:27 AM in response to Ali Kaylan

    Hi Ali,

    I tried but I cannot get the server 3 app not running and without it I cannot change the AFP protocol to SMB(2). Prior to upgrade I had ML server 2.2 running AFP exclusively.

     

    Anyways, after a week of trying I will restore the TimeCapsule backup and fall back on Mountain Lion + server 2.2.

     

    I think this Apple product's support is progressively getting worse.

    No documentation to speak of, buggy implementations, vague GUI with limited configuration options.

    And every update so far wrecks the server leading to a fresh and new install.

    I had new server installation due to Open Directory got corrupted and malfunctioned after normal operation.

    Same due to the buggy Profile Manager, leading to completely locked up server and clients.

    Now it is a simple, forced upgrade to a new server 3 app because the of the Mavericks upgrade.

    As if I have tons of time to spend for that.

     

    Apple -1 on this release.

  • by Ali Kaylan,

    Ali Kaylan Ali Kaylan Nov 2, 2013 7:22 AM in response to bibop92
    Level 1 (5 points)
    Nov 2, 2013 7:22 AM in response to bibop92

    To summarize our collective misery so far:

     

    • ML server + ML & Mav clients - OK
    • Mav server + ML clients - OK
    • Mav server + Mav clients - Broken

     

    For the SMB transport thing, I tried:

     

    • Force smb1 on a client by following this. In essence creating a file named nsmb.conf in /etc directory containing:

     

              [default]

              smb_neg=smb1_only

     

    -> no luck. [I did this on the Mav client. Did not try on the Mav server.]

     

    Seperately, I turned off the wireless interface on the server, retaining the gigabit wired connection. The account server went red instead of green on the Mav client. So I deleted and readded the network account server on the Mav client. I was magically able to login with Mav. Alas, the joy only lasted until the next test reboot.

     

    PS. Mav server has broken roundcube webmail as well, and I haven't been able to resurrect that either.

  • by Fred de Gembloux,

    Fred de Gembloux Fred de Gembloux Nov 2, 2013 8:32 AM in response to Ali Kaylan
    Level 1 (10 points)
    Nov 2, 2013 8:32 AM in response to Ali Kaylan

    Same problem withroundcube ==> authentication error... While reconfiguring a new instance, imap (mailbox) login test consistantly failed for all user while smtp was working (email send test).

  • by iDash,

    iDash iDash Nov 2, 2013 11:57 AM in response to Fred de Gembloux
    Level 1 (0 points)
    Nov 2, 2013 11:57 AM in response to Fred de Gembloux

    Still can't logon despite:

     

    I've done a fresh install of Mavicks *and* server on one of two MBA's and thereofre I now have 2 Mavericks servers running (the other being the restored ML Server on my mini).

     

    By doing this I am not messing up my 'production' server on the Mini.

     

    Bound the 2nd MBA to the MBA server no problems. I've tried various suggests on this forum e.g.

      - added and removed the server sveral times to the client i.e bound and unbound - no beans

    - Specified DNS name & IP of server on client MBA - no beans

      - Tried Darren Miller suggestion of sudo ktutil get -p diradmin ldap/myserver@MYSERVER.LOCAL  - no beans (obviously with my server details)

      - Whilst DNS is running and appears ok - I am not expert - so I can't determine whether its setup ok but left as apple defaults - no beans

      - Added and removed Master OD several times - No beans

      - Tried renaming server from say, airserver.local to airserver.lan - No beans

      - I don't know how to point the server to use SMB (1) instead of of AFP (or SMB2) - does it make any difference?

     

    Still getting the no such entry found in hdb blah in log:

     

    02/11/2013 18:38:55.526 kdc[10490]: AS-REQ airuser2@AIRSERVER.LOCAL from 192.168.0.31:51179 for krbtgt/AIRSERVER.LOCAL@AIRSERVER.LOCAL

    02/11/2013 18:38:55.535 kdc[10490]: AS-REQ airuser2@AIRSERVER.LOCAL from 192.168.0.31:51179 for krbtgt/AIRSERVER.LOCAL@AIRSERVER.LOCAL

    02/11/2013 18:38:55.537 kdc[10490]: Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ

    02/11/2013 18:38:55.552 kdc[10490]: AS-REQ airuser2@AIRSERVER.LOCAL from 192.168.0.31:55615 for krbtgt/AIRSERVER.LOCAL@AIRSERVER.LOCAL

    02/11/2013 18:38:55.563 kdc[10490]: AS-REQ airuser2@AIRSERVER.LOCAL from 192.168.0.31:55615 for krbtgt/AIRSERVER.LOCAL@AIRSERVER.LOCAL

    02/11/2013 18:38:55.565 kdc[10490]: Client sent patypes: ENC-TS

    02/11/2013 18:38:55.566 kdc[10490]: ENC-TS pre-authentication succeeded -- airuser2@AIRSERVER.LOCAL

    02/11/2013 18:38:55.569 kdc[10490]: Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96

    02/11/2013 18:38:55.569 kdc[10490]: Requested flags: forwardable

    02/11/2013 18:38:55.588 kdc[10490]: TGS-REQ airuser2@AIRSERVER.LOCAL from 192.168.0.31:53303 for host/macbook-air-caroline.local@AIRSERVER.LOCAL [canonicalize, forwardable]

    02/11/2013 18:38:55.590 kdc[10490]: Searching referral for macbook-air-caroline.local

    02/11/2013 18:38:55.591 kdc[10490]: Server not found in database: krbtgt/LOCAL@AIRSERVER.LOCAL: no such entry found in hdb

    02/11/2013 18:38:55.591 kdc[10490]: Failed building TGS-REP to 192.168.0.31:53303

    02/11/2013 18:38:55.597 kdc[10490]: TGS-REQ airuser2@AIRSERVER.LOCAL from 192.168.0.31:59090 for host/macbook-air-caroline.local@AIRSERVER.LOCAL [forwardable]

    02/11/2013 18:38:55.599 kdc[10490]: Server not found in database: host/macbook-air-caroline.local@AIRSERVER.LOCAL: no such entry found in hdb

    02/11/2013 18:38:55.599 kdc[10490]: Failed building TGS-REP to 192.168.0.31:59090

     

    Note that MBA logs onto ML server (mini) perfectly fine - so I am completely out of ideas as what issue is - I can only assume (as before) its too buggy to use - APPLE YOU NEED TO FIX THIS

  • by iDash,

    iDash iDash Nov 2, 2013 11:57 AM in response to iDash
    Level 1 (0 points)
    Nov 2, 2013 11:57 AM in response to iDash

    when is Maverick Server 10.9.1 coming out??

  • by lesliefromstockton-on-tees,

    lesliefromstockton-on-tees lesliefromstockton-on-tees Nov 2, 2013 2:35 PM in response to iDash
    Level 1 (25 points)
    Nov 2, 2013 2:35 PM in response to iDash

    Not soon enough, Apple, poor quality software products like this is not acceptable, I though this was Microsoft's job?

  • by lesliefromstockton-on-tees,

    lesliefromstockton-on-tees lesliefromstockton-on-tees Nov 2, 2013 4:34 PM in response to lesliefromstockton-on-tees
    Level 1 (25 points)
    Nov 2, 2013 4:34 PM in response to lesliefromstockton-on-tees

    Just asked for a refund, lets see what happens.

  • by awaldraff,

    awaldraff awaldraff Nov 3, 2013 5:42 AM in response to freefall722
    Level 1 (5 points)
    Mac OS X
    Nov 3, 2013 5:42 AM in response to freefall722

    Had the same issue which I was able to fix by doing a clean install. I noticed the following. Installing server on a mavericks clean install created a permissions issue that I have not been able to fix on "etc/

     

    As some people pointed out. I have also been fighting DNS settings for months. I use an iMac as server, where my kids log in and work. I have a Mac air that log in as network account

     

    I have always wondered how the imac's DNS preferences should be configured. Using 127.0.0.1 has never worked for me, as it kills internet connectivity

     

    Will try using SMB as protocol for home folders, see if it makes it work better

  • by Ali Kaylan,

    Ali Kaylan Ali Kaylan Nov 3, 2013 6:06 AM in response to lesliefromstockton-on-tees
    Level 1 (5 points)
    Nov 3, 2013 6:06 AM in response to lesliefromstockton-on-tees

    lesliefromstockton-on-tees;

     

    Even if you get compensated, we will never get the hours we have wasted back, ever. All for beta grade software at best. For the last two years, Apple has been chipping away my confidence and trust built for them over the past 3 decades. And I suspect the reason we do not have a solution 12 days into it, is probably because they are busy refining important details of the next iPhone, such us the hue of gold.

first Previous Page 6 of 12 last Next