User profile for user: bkpippert
bkpippert Author
User level: Level 1
15 points

Why can't network user accounts login to the Open Directory from the local network?

I am looking for a little help/direction in deciphering the below Server 3.0 system logs and resolving this problem. The logs are generated when any local network user account attempts to login to the Open Directory from a 10.9 client Mac on the local network. Any local network account can successfully login to the Open Directory when using the computer hosting the Server 3.0.


Background info:

All devices have a fresh installed of 10.9

Using a registered domain

The server has the following services running

- Caching (working great!)

- File Sharing (have tried both AFP and SMB)

- Profile Manager (no profiles established yet)

- DNS (Tested DNS using dig -x (ip and hostname) and sudo changeip -checkhostname. Results show everything working as desired)

- Open Directory

- Software Update

Using apple networking devices


The device and domain name information has been changed in the below logs to server.example.com and 4example


Nov 3 12:51:32 --- last message repeated 1 time ---

Nov 3 12:51:32 server.example.com kdc[9240]: Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ

Nov 3 12:51:32 server.example.com kdc[9240]: AS-REQ Brian@server.example.com from 192.168.2.11:62610 for krbtgt/server.example.com@server.example.com

Nov 3 12:51:32 --- last message repeated 1 time ---

Nov 3 12:51:32 server.example.com kdc[9240]: Client sent patypes: ENC-TS

Nov 3 12:51:32 server.example.com kdc[9240]: ENC-TS pre-authentication succeeded -- Brian@server.example.com

Nov 3 12:51:32 server.example.com kdc[9240]: Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96

Nov 3 12:51:32 server.example.com kdc[9240]: Requested flags: forwardable

Nov 3 12:51:32 server.example.com kdc[9240]: TGS-REQ Brian@server.example.com from 192.168.2.11:53369 for host/4example.local@server.example.com [canonicalize, forwardable]

Nov 3 12:51:32 server.example.com kdc[9240]: Searching referral for 4example.local

Nov 3 12:51:32 server.example.com kdc[9240]: Server not found in database: krbtgt/LOCAL@server.example.com: no such entry found in hdb

Nov 3 12:51:32 server.example.com kdc[9240]: Failed building TGS-REP to 192.168.2.11:53369

Nov 3 12:51:32 server.example.com kdc[9240]: TGS-REQ Brian@server.example.com from 192.168.2.11:56684 for krbtgt/LOCAL@server.example.com [forwardable]

Nov 3 12:51:32 server.example.com kdc[9240]: Server not found in database: krbtgt/LOCAL@server.example.com: no such entry found in hdb

Nov 3 12:51:32 server.example.com kdc[9240]: Failed building TGS-REP to 192.168.2.11:56684

OS X Mavericks (10.9)

Posted on Nov 3, 2013 10:43 AM

Reply
6 replies
User profile for user: bkpippert
bkpippert Author
User level: Level 1
15 points

Nov 4, 2013 6:33 PM in response to bkpippert

I solved my own problem, hopefully these steps resolve the problems others are having.


Rebooted server, during start-up pressed Command-R, to start from the recovery system

Ran the disk utility first “Repair Disk” (no errors were found)

Ran the disk utility again “Repair Disk Permissions” noticed numerous permission problems fixed to include two files relating to ldap.

On the client machines under system preferences - users & groups - login options - edit network account server remove existing OD

On the client machines under system preferences - network - advanced… - DNS tab, remove all DNS IPs but the Open Directory Server (which is running DNS), if the Open Directory IP is not listed added it.

On the client machines under system preferences - users & groups - login options - edit network account server add the Open Directory

Reply
User profile for user: Doogy
Doogy
User level: Level 1
101 points

Nov 17, 2013 6:33 PM in response to bkpippert

Its more of a name resolution issue with mavericks.

10.8.5 mac working fine here

10.8.5 client to 10.9 server ok

10.9 client to 10.9 server issue


at times lookup get an error on 10.9 machines: kcferrordomaincfnetwork


also lookup no more displays full details in 10.9


and for whatever reason network utility is more easily accessible!!

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Why can't network user accounts login to the Open Directory from the local network?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up