Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Erich Wetzel
Erich Wetzel Author
User level: Level 2
384 points

Mavericks Server Keychain not properly storing information network users.

OS 10.9.1, Server 3.0.2. Clients OS 10.9.1 bound to server Open Directory and managed with Profile Manager. 10.6.8 Mail server bound to 10.9.1 server Open Directory. Messages is running on the 10.9.1 server which hosts the users.


Changeip -checkhostname indicates DNS is correct for the server. Server is running on a FQDN, no .local or other DNS issues.


For everything below: the Keychain for any of the users does not need to be repaired.


Generally things are going well with one exception which is a big problem.


Each time a network user logs and tries to use either Mail to connect to our mail server via IMAP or Messages in they are prompted for passwords. Messages takes the password and logs in. Mail acts as though the password was incorrect and asks for it again, it does not pass the connection to the mail server. There is no trace of the attempted login on the mail server logs.


Functional workarounds:


1 - OS reinstall allows immediate login on the mail server and connections as expected. This is a little too much for day to day use.


2 - (From somewhere in the forums forgot who, sorry), User login, go to User's network home/Library/Keychains and move any keychains with long strings of letters and numbers as name to another folder or put in trash, immediately reboot, User login again, enter passwords in Mail, immediate connection to mail server and expected behavior from Mail.app.


As a network user machine in a multi user environment, the next user will have to repeat the entire procedure above, including the reboot, to get access to the contents of the mail server. The first user in the example above will have to repeat it, if they come back to the same machine and log in again.


This is what we are doing now. It appears that it would work on a personal machine with local users and has solved a lot of issues in the forum. It is helping but does not solve the keychain problem for network users.


Does anyone have any advice.


Thanks.


-Erich

OS X Server

Posted on Jan 10, 2014 6:34 PM

Reply
Question marked as Best reply
User profile for user: John Lockwood
John Lockwood
User level: Level 6
13,685 points

Posted on Jan 28, 2017 12:32 PM

It is our experience that it is still problem, in fact several different problems. 😟


Whilst there are many issues two of the major ones are -


  1. The 'new' local items keychain used for Apple programs passwords e.g. Mail, Contacts, etc. is stored in a per machine specific folder rendering it unusable for hot-desking
  2. Each new version of OS X has increased the use of SQLite databases to store settings and data and when used over a network as with network home directories these either get corrupted or locked so they cannot be used making programs like Mail, Contacts, and even Safari unusable, recent new uses include local items keychain itself and the new suggestions database for spotlight and looking up contacts and calendar entries in emails etc.


While I am still in the processing of reporting these issues to Apple especially the new SQLite problems I am in the process of changing all our users and giving up on network home directories. 😟

View in context
278 replies
User profile for user: Sebastian Johannsen
Sebastian Johannsen
User level: Level 1
0 points

May 16, 2014 11:11 AM in response to Erich Wetzel

Alright. I talked today to Enterprise Support. The problem is well known.

OS X 10.9.3 should fix the problem, changes reliability for network home user. Some customers have also written an apple script, but i can't.

I installed today on every computer 10.9.3 and tried to cause the problem again. Unfortunately I was successfull. The problem was not solved in my case.

I wrote to enterprise support again, they didn't close the ticket. We will talk next week.

For everybody, who understands a little more about apple script: The problem is launchd, which still runs for the user in the background, after he logged out. When the next user is logging in, it causes a problem.

If you write an apple script, restarting / cancelling launchd after every logout, you will be fine.


I will tell you more next week.

Reply
User profile for user: elmojnr
elmojnr
User level: Level 1
5 points

May 26, 2014 5:54 PM in response to Erich Wetzel

Hey There.


I have run all the latestest updates and at present it does seem to be fixed !!! YEAH BABY. But before I say for 100% I am giong to run for a few days and see if any users still experience the issue. When I did run the server update I did have to enter in my passwords for everything just the one time but since then it hasn't dropped them.

Reply
User profile for user: Sebastian Johannsen
Sebastian Johannsen
User level: Level 1
0 points

Jun 6, 2014 1:55 PM in response to Hector Castillo

Alright guys. I installed yesterday 3.1.2, although I am still in touch with enterprise support, whose are a little offline because of WWDC. I can say that today I tried with 2 user accounts what happends after switching. The problem with calendar and contacts is still there, but Mail is working with no password problems. I will have this under supervision and will report, what happends.

I wrote today to enterprise support again and am waiting.

Hopefully they still care about Mavericks.

Reply
User profile for user: robertoraskovsky
robertoraskovsky
User level: Level 1
0 points

Jul 22, 2014 10:09 AM in response to Erich Wetzel

Here is an update, I have just got off the phone, talking to Apple Support regarding this issue (again).

It is still an open case. I was told that the bug has been raised to " highly critical" and is logged as bug Radar Customer Bug Number 15792007 (be aware they also have a seperate internal bug ID). He mentioned that there are only a handful of bugs with this status. The latest update to Radar was on 14th July 2014, so the man I spoke to ensured me the issue was being dealt with by engineers. His only work around for now is to use iCloud Keychain, for me this is not an option as I don't want this information stored on the cloud. To clarify, the bug is listed to occur with Network Homes. If you receive this problem with local homes, please do call up and update the bug. He said the more people that raise this as a major issue, the quicker it will be dealt with.


I register my interest in this bug and was told that if a solution is found or updates to the bug are logged, I will be notified.


If you would like to do the same, the number I called was 00800 2775 2775 and I spoke to Peter Sheahan on ext: 88455.


Sorry I can't be of any more help so far.

Reply

Mavericks Server Keychain not properly storing information network users.

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up