You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

OS X Server clients can't login after IP renumber and domain Name change

I can not seem to get the logins working again on my OS X server (10.9.4 w/ server 3.1.2 on a 1 yr old. MacMini) after I needed to renumber the IP and change the domain name. I destroyed the Open Directory server, recreated it and created one test account. If I log in to the client with a local account I can connect to the server (Go>Connect To Server) from the client using my newly created account, but when I try to login to the server using the same network account login I get the "shaking head" response immediately. I have rebound the server to this client and it says that network accounts are available, but seem to be at a loss to understand why it won't let me login...


The only error message I see in any of the logs is the following:

(AFP Error Log:) Sep 15 20:21:47 isis.mydomain.com AppleFileServer[3032] <Info>: major error <1>: No credentials were supplied, or the credentials were unavailable or inaccessible.

I'm not sure what credentials it is referring to. I created a self signed certificate that I am using with OD, could that be the one?

Posted on Sep 17, 2014 6:42 PM

Reply
4 replies

Sep 17, 2014 8:21 PM in response to DragonFired

Many Open Directory problems can be resolved by taking the following steps. Test after each one, and back up all data before making any changes.

1. The OD master must have a static IP address on the local network, not a dynamic address.

2. You must have a working DNS service, and the server's hostname must match its fully-qualified domain name. To confirm, select the server by name in the sidebar of the Server application window, then select the Overview tab. Click the Edit button on the Host Name line. On the Accessing your Server sheet, Domain Name should be selected. Change the Host Name, if necessary. The server must have at least a three-level name (e.g. "server.yourdomain.com"), and the name must not be in the ".local" top-level domain, which is reserved for Bonjour.

3. The primary DNS server used by the server must be 127.0.0.1 (that is, itself) unless you're using another server for internal DNS. The only DNS server set on the clients should be the internal one, which they should get from DHCP if applicable.

4. Follow these instructions to rebuild the Kerberos configuration on the master.

5. If you use authenticated binding, check the validity of the master's certificate. The common name must match the hostname and domain name. Deselecting and then reselecting the certificate in Server.app has been reported to have an effect in some cases. Otherwise delete all certificates and create new ones.

6. Unbind and then rebind the clients in the Users & Groups preference pane. Use the fully-qualified domain name of the master.

7. Reboot the master and the clients.

8. Don't log in to the server with a network user's account.

9. Disable any internal firewalls in use, including third-party "security" software.

10. If you've created any replica servers, delete them.

11. As a last resort, export all OD users. In the Open Directory pane of Server, delete the OD server. Then recreate it and import the users. Ensure that the UID's are in the 1001+ range.

Sep 18, 2014 11:24 AM in response to Linc Davis

Linc,


Thanks for the fast and though response. The only one on the list that I haven't done already is the DNS reverse, I am STILL waiting for my IT department to contact their ISP and request that change that I requested a week ago! I will have to wait until then before I can say anything definitive about whether or not this is working or not...


Arana

Sep 29, 2014 4:13 PM in response to DragonFired

Well, I finally got the DNS straightened out. Then I noticed that OD wouldn't let me delete the master. So I wiped the hard drive and rebuild the server from the ground up. The problem is STILL the same, I have gone through all of the steps listed about (btw, nice list!) to no avail!


I can mount the user's home folder using connect to server, but can't login as that user. I am assuming that there is some problem with mounting the user home folder share, but I find no errors in tang of the log files that are enlightening. One strange thing I DO find is that when editing the user record in Server, no matter how many times I change the location of the user's home folder, it ALWAYS gets changed back to CUSTOM. I haven't ever seen this behavior before.

OS X Server clients can't login after IP renumber and domain Name change

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.