Q: Clients Mac logs in after restart with wrong user name
-
Aug 20, 2014 5:38 AMby Strontium90,I am going to guess that you have saved the credentials to Keychain. This, in combination with the Login Item, is connecting to the server with the incorrect user.
To resolve, try the following:
1: Remove the alias from the user's login items
2: Open Keychain Access (found in your Utilities folder)
3: In the Login keychain, look for any keychain items that contain AFP or SMB server credentials. Delete those entries.
4: Try logging in again. Preferably by using the Go menu from the Finder and selecting Connect to Server...
Post back if that helped.
Reid
Apple Consultants Network
Apple Professional Services
Author "Mavericks Server – Foundation Services" :: Exclusively available in Apple's iBooks Store
-
Aug 20, 2014 8:09 AMby almute,Strontium90 wrote:
When you go to connect, are you prompted for credentials
No, it logs in without asking for a password - with the wrong user. Sometimes I have luck logging out and then I can login using "Go to server" and entering the password. But this may take many clicks until it logs out.
If you create another account on the workstation, what behavior do you get?
This is not a problem of a single user. We have some main user accounts with afp access to volumes and all have the same problem.
Are the workstations bound to the server and are you using mobile accounts? I am guessing not.
This is all in-house with iMacs in office, connected using Ethernet to the server.
I can do the login also from my MacBook Pro in-house, also connected using Ethernet, and I have the same problem.
We have 4 workstations here in office - all showing the same problem even they should login with different users.
Almute
-
Aug 20, 2014 8:19 AMby Strontium90,Any chance you have enabled guest access on the shares?
Are you running an Open Directory domain or are you bound to Active Directory?
Not that I want you to use SMB, but out of curiosity, if you go to Go > Connect to Server and enter smb://server_address instead of afp://server_address, do you get prompted for credentials?
-
Aug 20, 2014 8:31 AMby almute,Any chance you have enabled guest access on the shares?
No, this volumes are only accessible for users from a special group. And all users for our Macs in office are in this group.
Are you running an Open Directory domain or are you bound to Active Directory?
Open Directory
Not that I want you to use SMB, but out of curiosity, if you go to Go > Connect to Server and enter smb://server_address instead of afp://server_address, do you get prompted for credentials?
SMB is not activated for our server volumes. We only have activated AFP. With SMB we had much problems.
-
Aug 20, 2014 9:04 AMby Strontium90,With SMB we had much problems.
Oh, I feel your pain.
Let's try this.
1: Create a new user.
2: Create a new group.
3: Add only the new user to the new group.
4: Create a new shared folder.
5: Once you add the folder, edit it.
6: Press + to add a new ACE to the permissions list.
7: Add the new group to the ACL table.
8: Make any other customizations you would like to the share point and save the changes.
Next, go to a client machine and do the following
1: Log in as the local admin
2: Create a test user account
3: Log into the test account
4: Run this command from Terminal on the test account
id account_name
-- Replace account_name with the short name of the test account
5: Go to Go > Connect To Server... and enter afp://host.domain.tld/
-- Replace with the FQHN of your server.
What happens at this point?
-
Aug 20, 2014 11:57 AMby Grant Bennet-Alder,automatically logs in to server
I think your approach is "too cute".
I recommend you get rid of that failed attempt at auto-login and give them the standard login screen, and have them type a userName and password. We know that userName and Password is working if your server is set up correctly.
-
Aug 20, 2014 12:40 PMby almute,Do you want to say that auto-login to server volume isn't working well in server 10.9?
We have used this since the very first version of Mac Server! It worked fine for much more then 10 years - and now it shouldn't be possible any more?
But the problem is that even if I remove any auto mount of a server volume the login window for entering the password doesn't appear.
The Mac logs in using the wrong user "server".
I then need to click on "disconnect" many times until it disconnects. First the computer logs in again with the iCloud account setup on the clients Mac (this account is no user account on the server!) then after some more click the correct window for login appears.
This is very annoying!
-
Aug 21, 2014 5:19 AMby almute,Strontium90 wrote:
Dare I ask if you are using the same iCloud account on all machines?
Yes, this iCloud account is used on all machines, but on some only as "second" iCloud account for sharing address and calends, but nothing else.
The mail function of iCloud isn't used on any of the machines and not on server, too.
