Erich Wetzel

Q: Mavericks Server Keychain not properly storing information network users.

OS 10.9.1, Server 3.0.2. Clients OS 10.9.1 bound to server Open Directory and managed with Profile Manager. 10.6.8 Mail server bound to 10.9.1 server Open Directory. Messages is running on the 10.9.1 server which hosts the users.

 

Changeip -checkhostname indicates DNS is correct for the server. Server is running on a FQDN, no .local or other DNS issues.

 

For everything below: the Keychain for any of the users does not need to be repaired.

 

Generally things are going well with one exception which is a big problem.

 

Each time a network user logs and tries to use either Mail to connect to our mail server via IMAP or Messages in they are prompted for passwords. Messages takes the password and logs in. Mail acts as though the password was incorrect and asks for it again, it does not pass the connection to the mail server. There is no trace of the attempted login on the mail server logs.

 

Functional workarounds:

 

1 - OS reinstall allows immediate login on the mail server and connections as expected. This is a little too much for day to day use.

 

2 - (From somewhere in the forums forgot who, sorry), User login, go to User's network home/Library/Keychains and move any keychains with long strings of letters and numbers as name to another folder or put in trash, immediately reboot, User login again, enter passwords in Mail, immediate connection to mail server and expected behavior from Mail.app.

 

As a network user machine in a multi user environment, the next user will have to repeat the entire procedure above, including the reboot, to get access to the contents of the mail server. The first user in the example above will have to repeat it, if they come back to the same machine and log in again.

 

This is what we are doing now. It appears that it would work on a personal machine with local users and has solved a lot of issues in the forum. It is helping but does not solve the keychain problem for network users.

 

Does anyone have any advice.

 

Thanks.

 

-Erich

OS X Server

Posted on Jan 10, 2014 6:42 PM

Close

Q: Mavericks Server Keychain not properly storing information network users.

  • All replies
  • Helpful answers

Previous Page 2 of 19 last Next
  • by ajm_from_WA,

    ajm_from_WA ajm_from_WA Mar 1, 2014 8:12 AM in response to Benjamin Losch
    Level 1 (11 points)
    Mar 1, 2014 8:12 AM in response to Benjamin Losch

    Have you found a way to deploy managed preferences for thunderbird?

  • by elmojnr,

    elmojnr elmojnr Mar 6, 2014 6:51 PM in response to Erich Wetzel
    Level 1 (5 points)
    Mar 6, 2014 6:51 PM in response to Erich Wetzel

    Hey Erich,

     

    Same issue here.  It breaks for Mail, Calendars, Messanger and Contacts.  Actually anything that needs to autheicate with the OD. 

     

    Any joy from anyone on a proper fix?  The Reboot machine kinda gets tiring

  • by ajm_from_WA,

    ajm_from_WA ajm_from_WA Mar 6, 2014 7:23 PM in response to elmojnr
    Level 1 (11 points)
    Mar 6, 2014 7:23 PM in response to elmojnr

    I've been able to use profile manager to deliver a payload that works for messages.  Have not tried calendars and contacts. 

     

    I could not get anything working for mail.  Instead, i'm using an app called postbox which is working just fine with network users and no loss of passwords.

  • by elmojnr,

    elmojnr elmojnr Mar 8, 2014 12:21 AM in response to ajm_from_WA
    Level 1 (5 points)
    Mar 8, 2014 12:21 AM in response to ajm_from_WA

    It seems to be around the Keychain that the problem is.  Only reason is that none of my website passwords are saved either. 

     

    I'm not ready to commit to a new mail program yet but thats for the suggestions of postbox.

  • by ziondotcom,

    ziondotcom ziondotcom Apr 30, 2014 8:23 PM in response to Benjamin Losch
    Level 1 (10 points)
    Apr 30, 2014 8:23 PM in response to Benjamin Losch

    10.9.2 has the same issue for me. Only a reboot of the clients after user logs out allows the next user to login and enter their mail password (and sometimes iCloud password) and then mail works. But this is really disappointing for Apple to leave the Network Home User community high-and-dry?!?

  • by ajm_from_WA,

    ajm_from_WA ajm_from_WA Apr 30, 2014 8:38 PM in response to ziondotcom
    Level 1 (11 points)
    Apr 30, 2014 8:38 PM in response to ziondotcom

    Postbox.  Just use postbox.  I've had no troubles since changing to postbox.

  • by Sebastian Johannsen,

    Sebastian Johannsen Sebastian Johannsen May 7, 2014 10:09 PM in response to Erich Wetzel
    Level 1 (0 points)
    May 7, 2014 10:09 PM in response to Erich Wetzel

    Same problem here. 70 users and it is a disaster. Ever wondered, what's the problem. Maybe 10.9.3 does anything. If someone has a workaround, except rebooting all the time, please post it. Enterprise support, please help. This is a major issue in Server! Am using 10.9.2 and 3.1.1.

  • by ziondotcom,

    ziondotcom ziondotcom May 8, 2014 1:46 PM in response to Sebastian Johannsen
    Level 1 (10 points)
    May 8, 2014 1:46 PM in response to Sebastian Johannsen

    Call Apple Enterprise Support and open a ticket. Otherwise they won't know you are affected. Forums don't count. This is ridiculous though...

  • by Erich Wetzel,

    Erich Wetzel Erich Wetzel May 8, 2014 2:25 PM in response to Erich Wetzel
    Level 2 (341 points)
    May 8, 2014 2:25 PM in response to Erich Wetzel

    Alternately or additionally submit a bug report https://bugreport.apple.com. I have been submitting reports on this by way of Appleseed since the release of 10.9. I suppose that a larger volume of submissions will draw more attention.

  • by robertoraskovsky,

    robertoraskovsky robertoraskovsky May 8, 2014 2:37 PM in response to Erich Wetzel
    Level 1 (0 points)
    May 8, 2014 2:37 PM in response to Erich Wetzel

    I have just submitted a bug report. If everyone else who encounters this problem can do the same, mayb Apple will listen and fix this frustrating problem!! It's rediculous!

  • by Sebastian Johannsen,

    Sebastian Johannsen Sebastian Johannsen May 13, 2014 5:16 AM in response to ziondotcom
    Level 1 (0 points)
    May 13, 2014 5:16 AM in response to ziondotcom

    Thanks for the advise. Done.

    The support was excellent. We had gone through all the trouble and made several reports, which then had been uploaded to Apple. The support is coming back to me this week. I will let you know, what they found.

    The problem is acutally well known at Apple and should have been fixed already in 3.0.1.

  • by Sebastian Johannsen,

    Sebastian Johannsen Sebastian Johannsen May 16, 2014 11:11 AM in response to Erich Wetzel
    Level 1 (0 points)
    May 16, 2014 11:11 AM in response to Erich Wetzel

    Alright. I talked today to Enterprise Support. The problem is well known.

    OS X 10.9.3 should fix the problem, changes reliability for network home user. Some customers have also written an apple script, but i can't.

    I installed today on every computer 10.9.3 and tried to cause the problem again. Unfortunately I was successfull. The problem was not solved in my case.

    I wrote to enterprise support again, they didn't close the ticket. We will talk next week.

    For everybody, who understands a little more about apple script: The problem is launchd, which still runs for the user in the background, after he logged out. When the next user is logging in, it causes a problem.

    If you write an apple script, restarting / cancelling launchd after every logout, you will be fine.

     

    I will tell you more next week.

  • by Hector Castillo,

    Hector Castillo Hector Castillo May 16, 2014 11:25 AM in response to Sebastian Johannsen
    Level 1 (20 points)
    May 16, 2014 11:25 AM in response to Sebastian Johannsen

    Same here, updated clients and server to 10.9.3 and still having the same issue, please keep insisting Enterprise Support, I have an open ticket too and called them yesterday.

  • by Sebastian Johannsen,

    Sebastian Johannsen Sebastian Johannsen May 26, 2014 1:30 PM in response to Hector Castillo
    Level 1 (0 points)
    May 26, 2014 1:30 PM in response to Hector Castillo

    Hi Hector.

    I received today an update from Enterprise Support. They are checking the issue still, have to wait. Did you try to update server to 3.1.2? I am doing next week Thursday. Hopefully they'll found a solution soon.

  • by elmojnr,

    elmojnr elmojnr May 26, 2014 5:54 PM in response to Erich Wetzel
    Level 1 (5 points)
    May 26, 2014 5:54 PM in response to Erich Wetzel

    Hey There. 

     

    I have run all the latestest updates and at present it does seem to be fixed !!! YEAH BABY.  But before I say for 100% I am giong to run for a few days and see if any users still experience the issue.  When I did run the server update I did have to enter in my passwords for everything just the one time but since then it hasn't dropped them.

Previous Page 2 of 19 last Next