LeeElvin
Level 1 (0 points)

Q: Network accounts are unavailable after server update to 3.0.2

I have just setup a Mac Mini Server and my client machines were logging in without any problems then when I updated the server to version 3.0.2 the network accounts can no longer login. The login window just shows a popup next to username box that says "Network accounts are unavailable".

 

I can login as a local user on the client, browse the network share on the server and use "Connect as" and login using a network user to see their shares so the client is connecting to the server for user information, I just can't login to the client at the login screen.

Mac mini, OS X Server

Posted on Jan 22, 2014 4:02 AM

Close
LeeElvin

Q: Network accounts are unavailable after server update to 3.0.2

  • All replies
  • Helpful answers

  • by Linc Davis,

    Linc Davis Linc Davis Jan 22, 2014 5:38 PM in response to LeeElvin
    Level 10 (207,995 points)
    Applications
    Jan 22, 2014 5:38 PM in response to LeeElvin

    Logs?

  • by LeeElvin,

    LeeElvin LeeElvin Jan 23, 2014 12:27 AM in response to Linc Davis
    Level 1 (0 points)
    Jan 23, 2014 12:27 AM in response to Linc Davis

    Can you advise which logs you need, I have put the recent entries from the LDAP log below, the following two lines are added everytime a client tries to login

     

    Jan 23 08:17:49 macserver.local slapd[2168]: => bdb_idl_delete_key: c_del id failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)

    Jan 23 08:17:49 macserver.local slapd[2168]: conn=3995 op=3: attribute "entryCSN" index delete failure

     

    All of todays logs from LDAP are below, please advise any other logs you need.

     

     

    Jan 23 07:40:48 macserver.local slapd[2168]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)

    Jan 23 07:40:48 macserver.local slapd[2168]: conn=3882 op=3: attribute "entryCSN" index delete failure

    Jan 23 08:17:42 macserver.local slapd[2168]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)

    Jan 23 08:17:42 macserver.local slapd[2168]: conn=3969 op=3: attribute "entryCSN" index delete failure

    Jan 23 08:17:47 macserver.local slapd[2168]: => bdb_idl_delete_key: c_del id failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)

    Jan 23 08:17:47 macserver.local slapd[2168]: conn=3977 op=3: attribute "entryCSN" index delete failure

    Jan 23 08:17:47 macserver.local slapd[2168]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)

    Jan 23 08:17:47 macserver.local slapd[2168]: conn=3983 op=3: attribute "entryCSN" index delete failure

    Jan 23 08:17:48 macserver.local slapd[2168]: => bdb_idl_delete_key: c_del id failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)

    Jan 23 08:17:48 macserver.local slapd[2168]: conn=3989 op=3: attribute "entryCSN" index delete failure

    Jan 23 08:17:49 macserver.local slapd[2168]: => bdb_idl_delete_key: c_del id failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)

    Jan 23 08:17:49 macserver.local slapd[2168]: conn=3995 op=3: attribute "entryCSN" index delete failure

    Jan 23 08:24:16 macserver.local slapd[2168]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)

    Jan 23 08:24:16 macserver.local slapd[2168]: conn=4009 op=3: attribute "entryCSN" index delete failure

    Jan 23 08:24:17 macserver.local slapd[2168]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)

    Jan 23 08:24:17 macserver.local slapd[2168]: conn=4017 op=3: attribute "entryCSN" index delete failure

    Jan 23 08:24:19 macserver.local slapd[2168]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)

    Jan 23 08:24:19 macserver.local slapd[2168]: conn=4023 op=3: attribute "entryCSN" index delete failure

    Jan 23 08:24:20 macserver.local slapd[2168]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)

    Jan 23 08:24:20 macserver.local slapd[2168]: conn=4029 op=3: attribute "entryCSN" index delete failure

    Jan 23 08:24:22 macserver.local slapd[2168]: => bdb_idl_insert_key: c_put id failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)

    Jan 23 08:24:22 macserver.local slapd[2168]: conn=4035 op=3: attribute "entryCSN" index add failure

    Jan 23 08:24:26 macserver.local slapd[2168]: => bdb_idl_insert_key: c_put id failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)

    Jan 23 08:24:26 macserver.local slapd[2168]: conn=4041 op=3: attribute "entryCSN" index add failure

    Jan 23 08:24:35 macserver.local slapd[2168]: => bdb_idl_insert_key: c_put id failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)

    Jan 23 08:24:35 macserver.local slapd[2168]: conn=4047 op=2: attribute "entryCSN" index add failure

    Jan 23 08:24:39 macserver.local slapd[2168]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)

    Jan 23 08:24:39 macserver.local slapd[2168]: conn=4053 op=3: attribute "entryCSN" index delete failure

    Jan 23 08:24:42 macserver.local slapd[2168]: => bdb_idl_insert_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)

    Jan 23 08:24:42 macserver.local slapd[2168]: conn=4059 op=2: attribute "entryCSN" index add failure

  • by Linc Davis,

    Linc Davis Linc Davis Jan 23, 2014 9:05 AM in response to LeeElvin
    Level 10 (207,995 points)
    Applications
    Jan 23, 2014 9:05 AM in response to LeeElvin

    I suggest you look at the messages written to the Open Directory Log on the server and also to the system log on both the server and the client when the connection fails.

  • by LeeElvin,

    LeeElvin LeeElvin Jan 27, 2014 12:21 AM in response to Linc Davis
    Level 1 (0 points)
    Jan 27, 2014 12:21 AM in response to Linc Davis

    When trying to authenticate the following is added to system log on the server which shows an error that may mean something to you, from the list MACSERVER is the server name, j.abdy is the test user and bccscmac20 is the client machine.

     

    Jan 27 08:13:10 macserver.local kdc[2142]: AS-REQ j.abdy@MACSERVER.LOCAL from 10.49.23.20:63853 for krbtgt/MACSERVER.LOCAL@MACSERVER.LOCAL

    Jan 27 08:13:10 macserver.local kdc[2142]: AS-REQ j.abdy@MACSERVER.LOCAL from 10.49.23.20:63853 for krbtgt/MACSERVER.LOCAL@MACSERVER.LOCAL

    Jan 27 08:13:10 macserver.local kdc[2142]: Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ

    Jan 27 08:13:10 macserver.local kdc[2142]: AS-REQ j.abdy@MACSERVER.LOCAL from 10.49.23.20:55453 for krbtgt/MACSERVER.LOCAL@MACSERVER.LOCAL

    Jan 27 08:13:10 --- last message repeated 1 time ---

    Jan 27 08:13:10 macserver.local kdc[2142]: Client sent patypes: ENC-TS

    Jan 27 08:13:10 macserver.local kdc[2142]: ENC-TS pre-authentication succeeded -- j.abdy@MACSERVER.LOCAL

    Jan 27 08:13:10 macserver.local kdc[2142]: Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96

    Jan 27 08:13:10 macserver.local kdc[2142]: Requested flags: forwardable

    Jan 27 08:13:11 macserver.local kdc[2142]: TGS-REQ j.abdy@MACSERVER.LOCAL from 10.49.23.20:65349 for host/bccscmac20.local@MACSERVER.LOCAL [canonicalize, forwardable]

    Jan 27 08:13:11 macserver.local kdc[2142]: Searching referral for bccscmac20.local

    Jan 27 08:13:11 macserver.local kdc[2142]: Server not found in database: krbtgt/LOCAL@MACSERVER.LOCAL: no such entry found in hdb

    Jan 27 08:13:11 macserver.local kdc[2142]: Failed building TGS-REP to 10.49.23.20:65349

    Jan 27 08:13:11 macserver.local kdc[2142]: TGS-REQ j.abdy@MACSERVER.LOCAL from 10.49.23.20:63443 for host/bccscmac20.local@MACSERVER.LOCAL [forwardable]

    Jan 27 08:13:11 macserver.local kdc[2142]: Server not found in database: host/bccscmac20.local@MACSERVER.LOCAL: no such entry found in hdb

    Jan 27 08:13:11 macserver.local kdc[2142]: Failed building TGS-REP to 10.49.23.20:63443

  • by LeeElvin,

    LeeElvin LeeElvin Jan 27, 2014 12:50 AM in response to Linc Davis
    Level 1 (0 points)
    Jan 27, 2014 12:50 AM in response to Linc Davis

    On client system log for same time when user tried to log in

     

    2014-01-27 08:16:14 +0000 SecurityAgent[122]: User info context values set for j.abdy

    2014-01-27 08:16:14 +0000 opendirectoryd[22]: GSSAPI Error:  Miscellaneous failure (see text (Server (krbtgt/49.16.11@MACSERVER.LOCAL) unknown (negative cache))

    2014-01-27 08:16:14 +0000 authorizationhost[175]: Failed to authenticate user <j.abdy> (error: 9).

  • by LeeElvin,

    LeeElvin LeeElvin Jan 27, 2014 12:52 AM in response to Linc Davis
    Level 1 (0 points)
    Jan 27, 2014 12:52 AM in response to Linc Davis

    In case this also helps you, latest entries from Open Directory Log

     

    2014-01-22 11:43:08.009688 GMT - 1651.9482.9484.9486, Node: /LDAPv3/127.0.0.1, Module: search - failed to retrieve password for credential

    2014-01-22 11:43:08.009954 GMT - 1651.9482.9484.9486 - Client: automount, UID: 0, EUID: 0, GID: 0, EGID: 0

    2014-01-22 11:43:08.009954 GMT - 1651.9482.9484.9486, Node: /LDAPv3/127.0.0.1, Module: ldap - failed to retrieve password for credential

    2014-01-22 11:43:08.197450 GMT - 1627.9496 - Client: Directory Utili, UID: 501, EUID: 501, GID: 20, EGID: 20

    2014-01-22 11:43:08.197450 GMT - 1627.9496, Node: /LDAPv3/127.0.0.1 - failed to retrieve password for credential

    2014-01-22 11:43:08.197762 GMT - 1627.9496 - Client: Directory Utili, UID: 501, EUID: 501, GID: 20, EGID: 20

    2014-01-22 11:43:08.197762 GMT - 1627.9496, Node: /LDAPv3/127.0.0.1, Module: ldap - failed to retrieve password for credential

    2014-01-22 11:43:08.200395 GMT - Unregistered node with name '/LDAPv3/127.0.0.1'

    2014-01-22 11:44:38.741495 GMT - Registered subnode with name '/LDAPv3/127.0.0.1'

    2014-01-22 11:44:39.978030 GMT - 1345.10075.10076 - Client: servermgrd, UID: 0, EUID: 0, GID: 0, EGID: 0

    2014-01-22 11:44:39.978030 GMT - 1345.10075.10076, Module: ldap - failed to retrieve password for credential

    2014-01-22 11:44:45.029489 GMT - 43.10101 - Client: opendirectoryd, UID: 0, EUID: 0, GID: 0, EGID: 0

    2014-01-22 11:44:45.029489 GMT - 43.10101, Module: ldap - failed to retrieve password for credential

    2014-01-22 11:44:55.030459 GMT - 43.10202 - Client: opendirectoryd, UID: 0, EUID: 0, GID: 0, EGID: 0

    2014-01-22 11:44:55.030459 GMT - 43.10202, Module: ldap - failed to retrieve password for credential

    2014-01-22 11:45:10.040924 GMT - 43.10229 - Client: opendirectoryd, UID: 0, EUID: 0, GID: 0, EGID: 0

    2014-01-22 11:45:10.040924 GMT - 43.10229, Module: ldap - failed to retrieve password for credential

    2014-01-22 11:45:30.041772 GMT - 43.10249 - Client: opendirectoryd, UID: 0, EUID: 0, GID: 0, EGID: 0

    2014-01-22 11:45:30.041772 GMT - 43.10249, Module: ldap - failed to retrieve password for credential

    2014-01-22 11:45:53.046906 GMT - 43.10331 - Client: opendirectoryd, UID: 0, EUID: 0, GID: 0, EGID: 0

    2014-01-22 11:45:53.046906 GMT - 43.10331, Module: ldap - failed to retrieve password for credential

    2014-01-22 11:45:58.055452 GMT - 43.10375 - Client: opendirectoryd, UID: 0, EUID: 0, GID: 0, EGID: 0

    2014-01-22 11:45:58.055452 GMT - 43.10375, Module: ldap - failed to retrieve password for credential

    2014-01-22 11:46:08.062984 GMT - 43.10387 - Client: opendirectoryd, UID: 0, EUID: 0, GID: 0, EGID: 0

    2014-01-22 11:46:08.062984 GMT - 43.10387, Module: ldap - failed to retrieve password for credential

    2014-01-22 11:46:23.092382 GMT - 43.10421 - Client: opendirectoryd, UID: 0, EUID: 0, GID: 0, EGID: 0

    2014-01-22 11:46:23.092382 GMT - 43.10421, Module: ldap - failed to retrieve password for credential

    2014-01-22 11:46:29.283736 GMT - 43.10432 - Client: opendirectoryd, UID: 0, EUID: 0, GID: 0, EGID: 0

    2014-01-22 11:46:29.283736 GMT - 43.10432, Module: ldap - failed to retrieve password for credential

    2014-01-22 11:46:31.446733 GMT - Module: AppleODClientLDAP - AppleODClientLDAP: notification fired: slapd shutdown for /LDAPv3/ldapi://%2Fvar%2Frun%2Fldapi

    2014-01-22 11:46:31.446760 GMT - Module: AppleODClientLDAP - AppleODClientLDAP: notification fired: slapd shutdown for /LDAPv3/127.0.0.1

    2014-01-22 11:46:33.461470 GMT - Unregistered node with name '/LDAPv3/127.0.0.1'

    2014-01-22 11:49:01.190515 GMT - Module: AppleODClientLDAP - AppleODClientLDAP: notification fired: slapd shutdown for /LDAPv3/ldapi://%2Fvar%2Frun%2Fldapi

    2014-01-22 11:49:12.900644 GMT - Module: AppleODClientLDAP - AppleODClientLDAP: notification fired: slapd shutdown for /LDAPv3/ldapi://%2Fvar%2Frun%2Fldapi

    2014-01-22 11:49:12.900680 GMT - Module: AppleODClientLDAP - AppleODClientLDAP: notification fired: slapd shutdown for /LDAPv3/ldapi://%2Fvar%2Frun%2Fldapi

    2014-01-22 11:49:20.037611 GMT - Registered subnode with name '/LDAPv3/127.0.0.1'

    2014-01-22 11:54:07.129427 GMT - 2545.16493 - Client: smbd, UID: 0, EUID: 0, GID: 0, EGID: 0

    2014-01-22 11:54:07.129427 GMT - 2545.16493, Module: SystemCache - Negative entry was not found after adding to cache

  • by Linc Davis,

    Linc Davis Linc Davis Jan 28, 2014 2:22 PM in response to LeeElvin
    Level 10 (207,995 points)
    Applications
    Jan 28, 2014 2:22 PM in response to LeeElvin

    After upgrading or migrating, network user cannot be created

    Cannot create users in Server 3.0.1

  • by LeeElvin,

    LeeElvin LeeElvin Jan 29, 2014 1:27 AM in response to Linc Davis
    Level 1 (0 points)
    Jan 29, 2014 1:27 AM in response to Linc Davis

    I have discovered this is a DNS related issue. If I change the DNS on Mac Server and Mac Client to the Windows DNS server it all works but if I use the Mac DNS server I am unable to log in.

     

    The Mac DNS server is setup to forward requests to the Windows DNS server if it cannot resolve an address so surely it shouldn't make a difference.

     

    I have resolved the login issue by using a different DNS server but it doesn't explain why the Mac DNS server isn't functioning correctly.

  • by Linc Davis,

    Linc Davis Linc Davis Jan 29, 2014 6:45 AM in response to LeeElvin
    Level 10 (207,995 points)
    Applications
    Jan 29, 2014 6:45 AM in response to LeeElvin 
    sudo changeip -checkhostname

  • by LeeElvin,

    LeeElvin LeeElvin Jan 29, 2014 8:06 AM in response to Linc Davis
    Level 1 (0 points)
    Jan 29, 2014 8:06 AM in response to Linc Davis

    I have tried that and get a message showing the names match and nothing needs to change.

     

    I have discovered that the Mac Server can use it's own DNS server the problem seems to be with the client.

     

    When the client uses the Mac Server DNS it won't log in but when it uses the Windows Server DNS it does log in. The Mac client I am testing was a fresh install yesterday.

  • by Linc Davis,

    Linc Davis Linc Davis Jan 29, 2014 1:33 PM in response to LeeElvin
    Level 10 (207,995 points)
    Applications
    Jan 29, 2014 1:33 PM in response to LeeElvin

    You seem to be using a domain name in the "local" TLD. That won't work. Redo the setup and use the "private" TLD.

  • by Cerf-Volant,

    Cerf-Volant Cerf-Volant Feb 16, 2014 3:51 AM in response to LeeElvin
    Level 1 (0 points)
    Feb 16, 2014 3:51 AM in response to LeeElvin

    My issue is identical to yours .

    What do you mean by the Windows DNS Server ?

  • by LeeElvin,

    LeeElvin LeeElvin Feb 17, 2014 12:15 AM in response to Cerf-Volant
    Level 1 (0 points)
    Feb 17, 2014 12:15 AM in response to Cerf-Volant

    The main network where I work is a Microsoft Windows client / server network run by Windows Server which runs it's own DNS.

     

    When I was setting up the MacServer I wanted to setup the server to be self contained and not rely on the Windows network but for some reason the DNS on the Mac server doesn't work correctly with the mac, may be a configuration issue I don't know as I haven't had time to look into it further, I just know that changing the DNS settings on the network card resolved the issue.

     

    If you are only running the Mac Server then this will not be an option, it is allowing me to get things working while I find the cause of the problem.