Critical problem after update OS X Server 3.0,anyone can help me?

I have this issue too. Further information: When trying to change a user's password using Workgroup Manager (10.9), I get this error:

The password could not be set.

In order to set the password of a a user with an Open Directory Password, your own password type must be Open Directory. Administrators with other password types cannot set the password of a user with an Open Directory password.

... however I am authenticated to the directory as the directory admin (diradmin) and the password is of type 'Open Directory'.

Users on the network attempting to log in for File Sharing or Time Machine (anyone other than 'admin', that is, who inexplicably works fine) are unable to log in. The Console shows:

NetAuthSysAgent[707]: ERROR: AFP_OpenSession - Login failed with 80

and

NetAuthSysAgent[707]: NAHSelectionAcquireCredential The operation couldn’t be completed. (com.apple.NetworkAuthenticationHelper error -1765328228 - acquire_kerberos failed #####.######@LOCAL: -1765328228 - unable to reach any KDC in realm LOCAL, tried 0 KDCs)

[where #####.###### is the user attempting to log in].

Any help here would be appreciated as network services are essentially disabled.

I have the same issue after upgrading to Mavericks and Sever 3.0. I google a bit and found, that the Open Directory master is the root cause. I've done the following:

1. backed up the Open Directory using the archive function

2. remove my Open Directory master using the (-)

3. create a new Open Directory master using the archive

Now the Profile Manager runs without probs. I can push settings to my devices, can change user passwords without error....but I still have the trouble with the Mail Server. The Mail Server starts only, when I deactivate the Virus Filter, blacklisting and so on. And when the Mail Server is running, then I can't connect - even when I try on the server using terminal "telnet servername 25". I getting always the error "connection refused".

I appreciate any help!

OS X Server (Mavericks): After upgrading or migrating, network user cannot be created

I've just tried this. I get

touch: /var/db/openldap/migration/.rekerberize: No such file or directory

I've been on the phone to Apple Support for over 5 hours on and off since upgrading to Mavericks, which is a bit frustrating. The last chap I spoke to thinks he tracked the issue down to a drive misconfiguration, so I've gone for a full reformat, and a completely clean reinstall of Mavericks, and Server.app.

Now, same issues. It was suggested that I try creating a home folder share point on the primary hard drive (we have a drive for OS, and a drive for files); when I try and do this Server.app says that the drive is 'read-only'. A permissions fix doesn't resolve that.

This is getting quite frustrating. Any other suggestions appreciated.

To go further, you will have to look at the various logs for the services that aren't working. See whether there are any error messages.

I may have a similar problem. Since the update of the server can not log Macs with 10.9. With older OS will be fine.

Multiple contacts with Apple, but no solution yet.

Try this from Apple KB >>>

After upgrading to Lion Server, AFP clients may no longer be able to authenticate via Kerberos. The AFP service may be referencing the LKDC.

Resolution

On the AFP server, execute the following command in Terminal using the correct Kerberos REALM_NAME and a user account authorized to make changes in the Kerberos database:

sudo sso_util configure -r REALM_NAME -a diradmin afp

Note: You will be prompted for two passwords. First, for the current user's password, and then for the directory administrator's password.

Restart the server.

I tried the Terminal command with no success:

sudo touch /var/db/openldap/migration/.rekerberize

sudo killall PasswordService

Finally I deleted my Open Directory and craeted a new master and recreated all my users, a pain, but everyone can connect now.

I've tried this, doesn't seem to help me.

I've got a clean install of Mavericks and Server.App, and a brand new Open Directory. It works for the first couple of users, then I get the password and authentication errors.

I am wondering if this is related to me installing Workgroup manager, so having tried both the sudo touch /var/db/openldap/migration/.rekerberize and sudo sso_util configure -r REALM_NAME -a diradmin afp terminal commands without success, I'm going to do yet another clean install, and this time try without putting Workgroup Manager on. Time I learnt how to apply Profile Manager instead I think!

Here's what I discovered just a few hours ago.

I had created a new Mavericks Server install, done the migration wizard from 10.6.8 and got the same errors. "Existing connection is not authenticated. Password chage denied". Performed sudo touch /var/db/openldap/migration/.rekerberize, yada yada. Then I ran through the whole gamut of trouble shooting and norrowed it down to this:

Before starting, make an archive of your previous OD (SL or Lion). After doing the migration your users may not be there and you have to reimport the LDAP again, sometimes after step 2 below.

1. Double check your DNS service on the server you're building. Make sure any test DNS names and real DNS names have correct corresponding IP addresses. I used two so I could switch back and forth from names and IPs. Set your local DNS in the network control panel to 127.0.0.1 so its referrencing itself while you build.

2. Double check your host name under 'fileserver' and correct any errors. The local and domain have to match. example: fileserver.local, fileserver.my.domain.com. Verify all hostnames and IP address and make sure they match in DNS service. Use changeip command in terminal if you wish, but under 'Fileserver' in the 'Server.app' menu it works fine. After this you may need to re-import from your original server's LDAP archive.

3. Run the "touch" commands listed above.

4. Reboot.

5. Archive your directory again and name it for referrence. Save it to a flash drive so you can use it again if you need to rebuild later (you probably won't)

5. (here's the kicker) Turn off OD and look at your certificates in Server.app. Generate a new self-signed certificate and assign everything to that. You might need to stop OD to change its cert. Delete any expired or unused certificates. Rerun the touch commands and reboot (to be sure).

6. reimport from the LDAP archive you just saved.

6. Go through your users and edit server access. (trick, hold down the option key to turn them all on per user with a single click.s I was able to add users, edit users and connect on AFP and SMB.

After I did this it all worked, even adding users. I even did a fresh build of Mavericks server and was able to just import from the new LDAP archive with no issues.

Sorry, Did edits after I numbered everything and can't edit now. You get the gist.

Hi guys.

First, I apologyze for my english: I'm italian and I'll do my best to describe the problem, thet I guess you already know.

Since the upgrade to Maverick and relative server.app upgrade, even to 3.0.1, I got always the same error during network users creation:

"Existing connecting is not authenticated: password change denied".

I tried hundreds times in every issued way, even the latest of 20/11/2013 by Lunchbox LP.

NOTHING!!!

NOTHING!!!

NOTHING!!!

Does somebody Knows if Apple is going to solve this and all the other server 3.0.x bugs (including L2TP) with a BIGFIX?

Thank you.

THERE'S ANOTHER THING....

AFTER THIS LATEST Solution, + AND - BUTTONS ON NETWORK USERS PAN ARE OFF..

Is this helpful to understand the main problem?

Now I clone back the machine and I try again.... for the 10000000E000 time.....

Thank you.