Cannot create users in Server 3.0.1

Here's what I discovered just a few hours ago.

I had created a new Mavericks Server install, done the migration wizard from 10.6.8 and got the same errors. "Existing connection is not authenticated. Password chage denied". Performed sudo touch /var/db/openldap/migration/.rekerberize, yada yada.

http://support.apple.com/kb/TS5289

Then I ran through the whole gamut of trouble shooting and norrowed it down to this:

Before starting, make an archive of your previous OD (SL or Lion). After doing the migration your users may not be there and you have to reimport the LDAP again, sometimes after step 2 below.

1. Double check your DNS service on the server you're building. Make sure any test DNS names and real DNS names have correct corresponding IP addresses. I used two so I could switch back and forth from names and IPs. Set your local DNS in the network control panel to 127.0.0.1 so its referrencing itself while you build.

2. Double check your host name under 'fileserver' and correct any errors. The local and domain have to match. example: fileserver.local, fileserver.my.domain.com. Verify all hostnames and IP address and make sure they match in DNS service. Use changeip command in terminal if you wish, but under 'Fileserver' in the 'Server.app' menu it works fine. After this you may need to re-import from your original server's LDAP archive.

3. Run the "touch" commands listed above.

4. Reboot.

5. Archive your directory again and name it for referrence. Save it to a flash drive so you can use it again if you need to rebuild later (you probably won't)

6. (here's the kicker) Turn off OD and look at your certificates in Server.app. Generate a new self-signed certificate and assign everything to that. You might need to stop OD to change its cert. Delete any expired or unused certificates. Rerun the touch commands and reboot (to be sure).

7. Reimport from the LDAP archive you just saved.

8. Go through your users and edit server access. (trick, hold down the option key to turn them all on per user with a single click.s I was able to add users, edit users and connect on AFP and SMB.

After I did this it all worked, even adding users. I even did a fresh build of Mavericks server and was able to just import from the new LDAP archive with no issues.

(Note: If you end up making any changes to the hostname, IP address, etc., it appears you have to destroy open directory and redo-it, creating a new certificate first, then import the archive again)

Hope that helps.

I had this problem too. ran this fix and it worked. the part this doesn't say is you have to have the server.app running as you run the sudo in terminal. then RESTART server.app.

http://support.apple.com/kb/TS5289

worked like a charm.

Hi, tonight I found the solution without reinstalling OS X Mavericks .

After the upgrade , I could not create users in network server 3.0.1.

I solved it .

In my case, I realized that destroying the OD from the configuration panel in Server app , it was still visible in the Utility Directory and in the Users & Groups pane of System Preferences (check Log- In Options: the green light should be on next Sever network account, even after destroying the OD in Server.app) .

I pressed the Edit button next to Server network account and i found Server.local still turned on as Open Directory Service…

I suggest to do so, it worked for me:

DESTROY THE OPEN DIRECTORY IN SERVER.APP (YOU CAN ARCHIVE, BUT YOU WILL HAVE TO CREATE A FULLY NEW OPEN DIRECTORY ANYWAY).

TURN OFF THE OPEN DIRECTOTY SERVICE.

DELETE ALL DNS RECORD : ALL RECORDS AND ALL ZONES! DO NOT TURN OFF THE SERVICE!

OPEN UTILITY DIRECTORY (IN SYSTEM PREFERENCES OR DIRECTLY FROM SERVER . APP).

TO EDIT, LOG IN AS ADMINISTRATOR BY PRESSING THE USUAL PADLOCK ON BOTTOM LEFT CORNER OF THE PANEL AND CLICK TWICE ON LDAPv3.

YOU SHOULD FIND THE DIRECTORY STILL IN THE LIST! (SHOULD BE 127.0.0.1 AS DEFAULT) IS IT SO? SELECT AND DESTROY!!!

GO BACK TO SERVER.APP AND CREATE A NEW DOMAIN. FOR EXAMPLE :

COMPUTER NAME: SERVER.LOCAL

HOST NAME : SERVER.MYDOMAIN.PRIVATE

I HAVE A VPN. TO BE SURE, I MATCHED COMPUTER NAME AND HOST NAME.

IN MY CASE : "SERVER" AND I LEFT THE SAME IP THAT I HAD BEFORE .

FOLLOW ALL THE STEPS FOR THE CREATION OF THE NEW DOMAIN AS SUGGESTED BY SERVER.APP, INCLUDING THE UPDATE OF DNS SERVICE.

AFTER THIS STEP, AS USUAL, SERVER.APP GENERATES A NEW ALERT.

CHECK THE ALERT SERVICE IN THE SIDEBAR: “THE HOST NAME IS CHANGED”.

DOUBLE CLICK ON ALERT AND CLICK THE "RECOVERY" BUTTON.

THE GREEN CONTROL SIGN SHOULD APPEAR, AFTER SERVICES UPDATING.

CHECK THE DNS: SERVER.APP CREATED THE PRIMARY AND SECONDORY ZONES WITH THE NEW NAME SERVER AND THE COMPUTER, EVEN IN THE REVERSE ZONE.

NOW ACTIVATE OPEN DIRECTORY SERVICE.

IT SHOULD START FROM SCRATCH AND FULL FUNCIONALLY.

YOU CAN CREATE A NEW ADMINISTRATOR ACCOUNT AND EVERYTHING GOES.

PLEASE, LET ME KNOW IF IT WORK FOR SOMEBODY ELSE.

THANK YOU

This worked fine, thanks for the workaround

Just reinstalling the Open Directory did the trick for me.

Did you have to remake all of your users, etc?

I did.