bkpippert
Level 1
(15 points)
Q: Why can't network user accounts login to the Open Directory from the local network?
I am looking for a little help/direction in deciphering the below Server 3.0 system logs and resolving this problem. The logs are generated when any local network user account attempts to login to the Open Directory from a 10.9 client Mac on the local network. Any local network account can successfully login to the Open Directory when using the computer hosting the Server 3.0.
Background info:
All devices have a fresh installed of 10.9
Using a registered domain
The server has the following services running
- Caching (working great!)
- File Sharing (have tried both AFP and SMB)
- Profile Manager (no profiles established yet)
- DNS (Tested DNS using dig -x (ip and hostname) and sudo changeip -checkhostname. Results show everything working as desired)
- Open Directory
- Software Update
Using apple networking devices
The device and domain name information has been changed in the below logs to server.example.com and 4example
Nov 3 12:51:32 --- last message repeated 1 time ---
Nov 3 12:51:32 server.example.com kdc[9240]: Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ
Nov 3 12:51:32 server.example.com kdc[9240]: AS-REQ Brian@server.example.com from 192.168.2.11:62610 for krbtgt/server.example.com@server.example.com
Nov 3 12:51:32 --- last message repeated 1 time ---
Nov 3 12:51:32 server.example.com kdc[9240]: Client sent patypes: ENC-TS
Nov 3 12:51:32 server.example.com kdc[9240]: ENC-TS pre-authentication succeeded -- Brian@server.example.com
Nov 3 12:51:32 server.example.com kdc[9240]: Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
Nov 3 12:51:32 server.example.com kdc[9240]: Requested flags: forwardable
Nov 3 12:51:32 server.example.com kdc[9240]: TGS-REQ Brian@server.example.com from 192.168.2.11:53369 for host/4example.local@server.example.com [canonicalize, forwardable]
Nov 3 12:51:32 server.example.com kdc[9240]: Searching referral for 4example.local
Nov 3 12:51:32 server.example.com kdc[9240]: Server not found in database: krbtgt/LOCAL@server.example.com: no such entry found in hdb
Nov 3 12:51:32 server.example.com kdc[9240]: Failed building TGS-REP to 192.168.2.11:53369
Nov 3 12:51:32 server.example.com kdc[9240]: TGS-REQ Brian@server.example.com from 192.168.2.11:56684 for krbtgt/LOCAL@server.example.com [forwardable]
Nov 3 12:51:32 server.example.com kdc[9240]: Server not found in database: krbtgt/LOCAL@server.example.com: no such entry found in hdb
Nov 3 12:51:32 server.example.com kdc[9240]: Failed building TGS-REP to 192.168.2.11:56684
OS X Mavericks (10.9)
bkpippert
Level 1
(15 points)
I solved my own problem, hopefully these steps resolve the problems others are having.
Rebooted server, during start-up pressed Command-R, to start from the recovery system
Ran the disk utility first “Repair Disk” (no errors were found)
Ran the disk utility again “Repair Disk Permissions” noticed numerous permission problems fixed to include two files relating to ldap.
On the client machines under system preferences - users & groups - login options - edit network account server remove existing OD
On the client machines under system preferences - network - advanced… - DNS tab, remove all DNS IPs but the Open Directory Server (which is running DNS), if the Open Directory IP is not listed added it.
On the client machines under system preferences - users & groups - login options - edit network account server add the Open Directory
