Mavericks Server Keychain not properly storing information network users.

Pls. keep to the point and not make a sidekick to other problems (For SMB Problems there are couple of workarounds like "SMBUp 1.4.1)

Point is that the problems are still not solved by Apple and as far I think (after different talks with Apple), this problems will not be solved in future releases. Shared Computer (as we used with the OD) isn't a key feature for Apple anymore.

I suggest the 10.11 and 10.12 will more and more be crastrated. We as business users are not longer key clients for apple (anymore)

Regards

Gérard

The whole "what is/isn't a business use and how much does Apple care about it" issue is a little beyond my scope at the moment, but I think Network Homes is clearly well down the priority list (and, therefore, it's time to think: "how bad do I need them?)".

If a user has IMAP mail(/calendars/contacts), some managed settings, auto mounts the network shares they're "supposed" to use and knows whatever they save locally will not follow them around ... that doesn't sound too bad. Sounds better than the status quo.

Speculating wildly, I think Apple want it to work something like this: you sign into a work Mac using an Apple ID; the local OD says whether that person can sign in and (maybe) gives them some settings; all their "internet accounts" connect, giving them mail, cloud storage. Home folder is a local one like any other Mac.

I think there's some work on logouthooks (to kill secd, maybe reboot, and also testing for "db-corrupt" files, which looks like it might be a reliable indicator) which might get us a stable workaround (i.e. I'm not advocating everyone gives up), but I for one am putting as much thought into phasing network homes out, and I don't think it will be too bad.

These set of instructions should have shipped with the OS. Thanks mate.🙂

Has anyone noticed any improvements with the advent of El Capitan or with the release of OS X Server 5? The original bug 15792007 still seems to be open, so I'm not getting my hopes up.

Sad news 😟

It really seems to be rocket science for Apple to kill all processes after a network user's logout.

We've been working in our school with network accounts since 10.4 but it looks like we have to give it up sooner or later.

Going on like this is not an option forever.

Apple shouldn't wonder when schools are going to switch to another operating system.

Hello

I am not wundering that issue is still not solved.

As I sorted out this problem beginning this year I was in contact with Apple in Cork. Had some AppleCare Cases open for some weeks till Apple broke the contact. Their were no response to our E-Mails or Phone-Calls. The People from Second Level of the Enterprise Support are not available anymore and the case is still open!!!

From March to May this year we visited Apple Switzerland. In the beginning we thought they are interesting in solving the problems. We had different discussions with some Product Managers, System Engineers & Account Engineer Major Accounts of the local Apple Headquarter here in Switzerland. They start some internal investigations internally and with their business and education partners. After 6 weeks this ended also in a "Cul du Sac"! They ignored that there where problems with this issue and from that point their was no input anymore from them and the contact was broken!

The Problem is still not solved, as Erich confirms. Since June I haven't installed any Open Directory User for my clients anymore. In future I will not spend any minute for this issue. Apple died for me as supplier for Business Equipment. I will only install macs in an environment without OD or AD and only make simple AFP oder SMB Mounts.

In my Test Environment I have the since March the ßetas of 10.11 and the server and I saw a lot of improvements, but not on this issue!

It seems that Apple products can't have any bugs (by absolute rule), not because they not exist but because the Company will believe they are from another World and can't made any mistakes. I think this is a Strategy from the Top of the Company. People who are not willing believe this are censored by Apple. In Middle of this year Apple deleted a Thread from me in this Support Community for another Bug. I believe Apple has at this moment the same structures in the Management as "Kim Jong-un" leads his country ;-)

Gérard

I've discoverered that if you copy all the keyxchanin data in the local items across to the login items then you dont need to reboot the machine between logins.

I noticed before doing that, the local keychain items for the user dissapeared when you login again without a reboot. My method above seems to fix this.

I've got server 5 running on 10.11 and clients on 10.11

Hello John

Can you tell me more about you method of the fixing? How are you plan to copy all these password to the local items keychain. How will a teacher in a classroom use this method when he have 40 iMac to manage? He will need a second job as IT-Administrator of a school. Is this not extremly time consuming?

Gérard

I manage a network of about 40 iMacs with about 50 users accessing various machines across a week.

I logged in on each user then opened keychains. I then selected the local items to display the list of items. I then selected all in that list and copy (command c)

Then I selected login items and pasted the keychains into the list. Yes its very boring to have to type the users password as many times as there are keychains. Also some will not copy/paste across, like google sync type and some iCloud. so all I did their was open the keychain from local items and create a new one in login items then pasting the information across to the window.

Another thing to mention is that if the user logs in a second time without a restart then mail will throw up a message re accessing a keychain and ask for permission. I selected ALWAYS ALLOW. This I think only happens once.

I know this is not perfect or ideal but it helps with users constantly switching computers.

I am now dealing with another problem of when I do a netrestore then login I lose the profile manager settings for the user. I have to download it again. Anyone ideas.

I miss 10.6.5 when it was all working properly.

Hope this helps

Hello John

How much time did you spend to copy all the keychains of the 50 users over the fifty iMacs? I supposed this takes more then a week! Maybe you can send Apple a bill because they haven't fix this serious bug in OS X.

I think if you live in the USA you can go to the Court and got a compensation for the loss you have by using such a bad system!

Regards

Gérard

Hello Erich

You first write this thread!

Can you change the title of this Thread? from "Mavericks Server Keychain not properly storing information network users" to "All OS X Server Keychains not properly storing information network users (10.9 and later)"

Because the problem is still not solved, we prevent that other Users will open a new Thread for the same Issue for Yosemite or El Capitan based Server Systems!

Regards

Gérard

I've only discovered this workaround about 3 days ago and I am only applying it to the users who definitely hot desk.