Erich Wetzel

Q: Mavericks Server Keychain not properly storing information network users.

OS 10.9.1, Server 3.0.2. Clients OS 10.9.1 bound to server Open Directory and managed with Profile Manager. 10.6.8 Mail server bound to 10.9.1 server Open Directory. Messages is running on the 10.9.1 server which hosts the users.

 

Changeip -checkhostname indicates DNS is correct for the server. Server is running on a FQDN, no .local or other DNS issues.

 

For everything below: the Keychain for any of the users does not need to be repaired.

 

Generally things are going well with one exception which is a big problem.

 

Each time a network user logs and tries to use either Mail to connect to our mail server via IMAP or Messages in they are prompted for passwords. Messages takes the password and logs in. Mail acts as though the password was incorrect and asks for it again, it does not pass the connection to the mail server. There is no trace of the attempted login on the mail server logs.

 

Functional workarounds:

 

1 - OS reinstall allows immediate login on the mail server and connections as expected. This is a little too much for day to day use.

 

2 - (From somewhere in the forums forgot who, sorry), User login, go to User's network home/Library/Keychains and move any keychains with long strings of letters and numbers as name to another folder or put in trash, immediately reboot, User login again, enter passwords in Mail, immediate connection to mail server and expected behavior from Mail.app.

 

As a network user machine in a multi user environment, the next user will have to repeat the entire procedure above, including the reboot, to get access to the contents of the mail server. The first user in the example above will have to repeat it, if they come back to the same machine and log in again.

 

This is what we are doing now. It appears that it would work on a personal machine with local users and has solved a lot of issues in the forum. It is helping but does not solve the keychain problem for network users.

 

Does anyone have any advice.

 

Thanks.

 

-Erich

OS X Server

Posted on Jan 10, 2014 6:42 PM

Close

Q: Mavericks Server Keychain not properly storing information network users.

  • All replies
  • Helpful answers

first Previous Page 19 of 19
  • by Gerard Dirks,

    Gerard Dirks Gerard Dirks Sep 8, 2016 4:14 PM in response to Erich Wetzel
    Level 1 (38 points)
    Desktops
    Sep 8, 2016 4:14 PM in response to Erich Wetzel

    Hello Erich

     

    Sorry to tell you but the problem isn't solved.

     

    After updating our server and clients to 10.11.6 everything seems to work. but about 2 weeks later the problem returned. At this moment we are at the point if we need to install Security Update 10.11.6 2016-001

     

    Today I talk about  1 1/2 hour with Apple, and of course the guy told me that he don't know about the issued and I referred to the still open Apple Case :-(

     

    After we simulate the problem over and over, he suggest me to wait an installed the "os x sierra" which will be released 16th sept. 2016! I refuse to install an new system who comes directly out of "beta". I am not intend to become a beta tester for apple. When they know how the problem can be solved they should also bring a service pack for 10.9.5, 10.10.5 & 10.11.6 to fix this issue

     

    Installing "mac OS sierra" will give me 200 new features but maybe 500 new bugs! I am so disappointed about the quality of the apple software

  • by Erich Wetzel,

    Erich Wetzel Erich Wetzel Sep 9, 2016 7:14 AM in response to Gerard Dirks
    Level 2 (341 points)
    Sep 9, 2016 7:14 AM in response to Gerard Dirks

    Gerard,

     

    I have been disappointed since all of this started. I was especially saddened that it was not resolved by Apple in a timely fashion. The amount of productivity and financial loss due to this issue, as incurred by everyone in this discussion and others about the same problem, must be enormous.

     

    All of my efforts to work around the issue, with the solutions posted here, resulted in some problems for my users. I assume the additional problems were from me not setting up the solutions properly.

     

    That said, I did the following and have had no keychain issue for some time :

     

    -Update all client and server software

    -Save needed content from user homes

    -Delete all user homes but retain the users in OD.

    -Recreate all user homes

    -Copy needed content back to user homes.

    -Multiple users login and logout as needed.

    -Shutdown client computers at the end of the day.

     

    Certainly this is not convenient for anyone with large numbers of network users. However, it was worth the effort for my own situation.

     

    I am not saying that there are not still open processes from the users who have logged out or that some of the other side issues that came up along the way are not still going on. The last step above may be vital here since all processes end at shutdown. Computers put to sleep still carry the open processes of course. We tend to have only 1 to 3 users logging into any one machine during a day. In the past single users couldn't logout for lunch without having their keychain damaged.

     

    The original issue in this discussion, the problem where the keychain was destroying itself, has stopped being a problem for me after doing what I did.

     

    -Erich

first Previous Page 19 of 19