Erich Wetzel

Q: Mavericks Server Keychain not properly storing information network users.

OS 10.9.1, Server 3.0.2. Clients OS 10.9.1 bound to server Open Directory and managed with Profile Manager. 10.6.8 Mail server bound to 10.9.1 server Open Directory. Messages is running on the 10.9.1 server which hosts the users.

 

Changeip -checkhostname indicates DNS is correct for the server. Server is running on a FQDN, no .local or other DNS issues.

 

For everything below: the Keychain for any of the users does not need to be repaired.

 

Generally things are going well with one exception which is a big problem.

 

Each time a network user logs and tries to use either Mail to connect to our mail server via IMAP or Messages in they are prompted for passwords. Messages takes the password and logs in. Mail acts as though the password was incorrect and asks for it again, it does not pass the connection to the mail server. There is no trace of the attempted login on the mail server logs.

 

Functional workarounds:

 

1 - OS reinstall allows immediate login on the mail server and connections as expected. This is a little too much for day to day use.

 

2 - (From somewhere in the forums forgot who, sorry), User login, go to User's network home/Library/Keychains and move any keychains with long strings of letters and numbers as name to another folder or put in trash, immediately reboot, User login again, enter passwords in Mail, immediate connection to mail server and expected behavior from Mail.app.

 

As a network user machine in a multi user environment, the next user will have to repeat the entire procedure above, including the reboot, to get access to the contents of the mail server. The first user in the example above will have to repeat it, if they come back to the same machine and log in again.

 

This is what we are doing now. It appears that it would work on a personal machine with local users and has solved a lot of issues in the forum. It is helping but does not solve the keychain problem for network users.

 

Does anyone have any advice.

 

Thanks.

 

-Erich

OS X Server

Posted on Jan 10, 2014 6:42 PM

Close

Q: Mavericks Server Keychain not properly storing information network users.

  • All replies
  • Helpful answers

first Previous Page 7 of 19 last Next
  • by Erich Wetzel,

    Erich Wetzel Erich Wetzel Nov 12, 2014 9:48 AM in response to bsandor
    Level 2 (345 points)
    Servers Enterprise
    Nov 12, 2014 9:48 AM in response to bsandor

    I have had a problem like that in the past. I have not had any trouble with that issue since moving to 10.10 Server 4 and 10.10 clients and using SMB for all connections.

  • by JD_Zig,

    JD_Zig JD_Zig Nov 13, 2014 8:26 AM in response to Erich Wetzel
    Level 1 (0 points)
    Nov 13, 2014 8:26 AM in response to Erich Wetzel

    Hi Erich, In server app 4 what settings do you have? Share home folders over SMB? Encrypt connection? Also are you also selecting share over AFP and SMB?  We are using Yosemite clients will just setting share home folders to SMB force it to be SMB3?

     

     

    Also for bsandor, we use to have the freezing issue and found out that it was a cache issue.  The fix is deleting cache folder first then in WGM setting up cache redirection.  Here is a link to setting it up: http://houseofmac.wordpress.com/2010/11/03/os-x-network-home-folder-redirection/

  • by ajm_from_WA,

    ajm_from_WA ajm_from_WA Nov 13, 2014 8:45 AM in response to JD_Zig
    Level 1 (11 points)
    Nov 13, 2014 8:45 AM in response to JD_Zig

    can you still setup cache folder redirection using WGM on a yosemite server?

  • by Erich Wetzel,

    Erich Wetzel Erich Wetzel Nov 13, 2014 10:01 AM in response to JD_Zig
    Level 2 (345 points)
    Servers Enterprise
    Nov 13, 2014 10:01 AM in response to JD_Zig

    My current settings for the home folder we have set up are:

     

    Share via AFP and SMB

    No encryption or allow guest access

    Make available for home directories via SMB

  • by Erich Wetzel,

    Erich Wetzel Erich Wetzel Nov 13, 2014 10:14 AM in response to ajm_from_WA
    Level 2 (345 points)
    Servers Enterprise
    Nov 13, 2014 10:14 AM in response to ajm_from_WA

    I Imagine that you could use WGM for cache redirect via MCX as most of the preference items are still in there.

     

    I am using Profile Manager and do not know how to do the redirect with it.

     

    Apple is getting away from MCX as I understand it though.

  • by Erich Wetzel,

    Erich Wetzel Erich Wetzel Nov 13, 2014 10:34 AM in response to ajm_from_WA
    Level 2 (345 points)
    Servers Enterprise
    Nov 13, 2014 10:34 AM in response to ajm_from_WA

    Just set up the redirection via WGM and MCX on 10.10

     

    I will start a new discussion asking for advice on the same for Profile Manager.

  • by Erich Wetzel,

    Erich Wetzel Erich Wetzel Nov 20, 2014 3:27 PM in response to Erich Wetzel
    Level 2 (345 points)
    Servers Enterprise
    Nov 20, 2014 3:27 PM in response to Erich Wetzel

    Possible new issue related to all of this.

     

    Updated clients to 10.10.1 and Mail.app has begun dropping an established connection to the mail server which in our case is a 10.9.x Server 3 machine. Mail.app then asks for passwords; which of course are never accepted unless a reboot is made. The mail server is fine and can be accessed from other devices with no trouble. More of the same I suppose.

  • by bsandor,

    bsandor bsandor Dec 1, 2014 11:47 AM in response to Erich Wetzel
    Level 1 (0 points)
    Dec 1, 2014 11:47 AM in response to Erich Wetzel

    So, I upgraded all the clients and the server to Yosemite this weekend - which of course loaded 10.10.1.  Also changed the home folder share to SMB.  I won't know for a while about the frozen accounts issue for a while (thank you JD_Zig - I also implemented your suggestion for the cache redirection).

     

    BUT - now I have frequent email disconnect issues, much more than I had before with 10.9.5 and AFP. 

    Rebooting seems to temporarily fix it, but that is complicated by a MacPractice bug we now have with 10.10 that flairs up every time we reboot a workstation.

     

    This is beyond frustrating.  I would go back to 10.6 if I could.

  • by Benjamin Losch,

    Benjamin Losch Benjamin Losch Dec 10, 2014 7:43 AM in response to Erich Wetzel
    Level 1 (29 points)
    Mac OS X
    Dec 10, 2014 7:43 AM in response to Erich Wetzel

    I found this now unusable, too. Since the 10.10.1 update the passwords are stored if you enter them in

    mail, if you logout of the user account and log back in, they are gone and are not accepted  at login. Only

    a reboot helps momentary... With or without kill script. Sad.

  • by Erich Wetzel,

    Erich Wetzel Erich Wetzel Dec 10, 2014 7:56 AM in response to Benjamin Losch
    Level 2 (345 points)
    Servers Enterprise
    Dec 10, 2014 7:56 AM in response to Benjamin Losch

    I have found the same result as Benjamin Losch. We have gone back to reboot on every logout. That does not stop the periodic failure of Messages to keep the messages and problems with Mail requesting passwords seemingly at random. When those two events happen, we immediately reboot and login seems to get back to normal.

     

    For anyone who has not, please contact Apple enterprise and let them know of our concerns. They told me that there is a team working on this exact issue. Interesting how iPhone updates for lost ringtones are addressed quickly and this issue has lingered since my first post nearly a year and a full OS ago.

  • by Benjamin Losch,

    Benjamin Losch Benjamin Losch Dec 10, 2014 8:15 AM in response to Erich Wetzel
    Level 1 (29 points)
    Mac OS X
    Dec 10, 2014 8:15 AM in response to Erich Wetzel

    You are so right. I do not understand why this mayor bug could be around such a long time. I fear it has to do with fast declining importance of pro solutions.

  • by bsandor,

    bsandor bsandor Dec 10, 2014 12:18 PM in response to bsandor
    Level 1 (0 points)
    Dec 10, 2014 12:18 PM in response to bsandor

    This setup has basically become unusable.  I had to throw in the towel and get rid of our network accounts.  All locally stored home folders now.  Luckily, we only have 16 machines here, and now most of them have the same user logged into them 95% of the time (the office staff was much more mobile when this was initially setup with 10.6).

     

    It is much more stable now, but this is so very sad.  If Apple gets this fixed, I may move back to the network home folders, but otherwise we cannot function with all of these issues.  The staff that has been around since before the office made the move the Macs had been grumbling that this was no better than when the office ran on PCs, and in some ways worse.

     

    My gut is telling me that Apple with simply drop network home folders in 10.11, since they seem to have no interest in keeping this feature working as it used to, so I figured I'd cut my losses before I was forced to later. 

  • by Erich Wetzel,

    Erich Wetzel Erich Wetzel Dec 11, 2014 7:29 AM in response to Erich Wetzel
    Level 2 (345 points)
    Servers Enterprise
    Dec 11, 2014 7:29 AM in response to Erich Wetzel

    Just had a problem with Remote Access not keeping computers in the list and prompting me for information as though I just installed it. Went to preferences for my user and found hundreds of duplicate plist files for all of the services that are having trouble with this. Is anyone else seeing this?

  • by Erich Wetzel,

    Erich Wetzel Erich Wetzel Dec 11, 2014 11:57 AM in response to Erich Wetzel
    Level 2 (345 points)
    Servers Enterprise
    Dec 11, 2014 11:57 AM in response to Erich Wetzel

    That was supposed to be Remote Desktop

  • by Gerard Dirks,

    Gerard Dirks Gerard Dirks Jan 13, 2015 6:02 AM in response to Benjamin Losch
    Level 1 (38 points)
    Desktops
    Jan 13, 2015 6:02 AM in response to Benjamin Losch

    Hello Benjamin

     

    We had the same Problem in our Clinic (Arztpraxis) since the switch from 10.6.8 to 10.9.5. We have 28 iMac and about 35 Users. All users getting mad. Apple has no professional helpfix for it.

     

    In the Forum it is clear a switch to yosemite does't fix the problem and as I read 10.11 will be a baby-server without any professionel services.

    The reason we switch to 10.9.5 and not Yosemite was the lack off support for the Workgroupmanager in 10.10. We had to need to update from 10.6.8 because Apple will not give any security fixes for 10.6.

     

    Can your script be installed on the clients with Apple Remote Desktop?

     

    Do you have any hints to solve it

     

    Regards

    Gérard

    p.s. Du kannst auch ein E-Mail schicken an input(att)iscience.ch

first Previous Page 7 of 19 last Next