10.9.2 machines having issues connecting to open directory

Many, if not most, Open Directory problems can be resolved by taking the following steps. Test after each one, and back up all data before making any changes.

1. The OD master must have a static IP address on the local network, not a dynamic address.

2. You must have a working DNS service, and the master's hostname must match its fully-qualified domain name. To confirm, select the server by name in the sidebar of the Server application window, then select the Overview tab. Click the Edit button on the Host Name line. On the Accessing your Server sheet, Domain Name should be selected. On the Accessing your Server sheet, change the Host Name, if necessary. The server must have at least a three-level name (e.g. "server.yourdomain.com"), and the name must not be in the ".local" top-level domain, which is reserved for Bonjour.

3. The primary DNS server used by the master must be 127.0.0.1 (that is, itself) unless you're using another server for internal DNS. The only DNS server set on the clients should be the internal one, which they should get from DHCP if applicable.

4. Follow these instructions to rebuild the Kerberos configuration on the master.

5. If you use authenticated binding, check the validity of the master's certificate. The common name must match the hostname and domain name. Deselecting and then reselecting the certificate in Server.app has been reported to have an effect in some cases.

6. Unbind and then rebind the clients in the Users & Groups preference pane. Use the fully-qualified domain name of the master.

7. Reboot the master and the clients.

8. Don't log in to the server with a network user's account.

9. Export all OD users, delete them, turn off OD, turn it back on, and import. Ensure that the UID's are in the 1001+ range.

Go to the TERMINAL of the MAC that can´t connect and type:

sudo nano /etc/hosts

Add the next line to the end of the file

IP address servername.local

In your case it would be

192.16.3.133 server.local

save the file and exit terminal

That should solve the problema

Hi rodvela,

thank you for the fix.

However, rather than having to type that into every computer, do you know what isn't working that forces us to have to enter the info manually?

We have a number of sites. All connected with tunnels.

We handed out new computers and started getting calls from people whose computers are bound to one particular site (site 'S').

They are unable to login when they are at some sites but are able to at other sites.

The settings at all the sites are the same.

They are able to get to site 'S' using Command-K and using site 'S' domain name.

They can even ping site S using it's domain name.

If we could figure out the reason why the computers are able to resolve the DNS and are bound to the server but still can't login to their mobile accounts that would be preferable over having to edit the host file on 90 computers.

Thank you for any tips you have.