I Have wiped and reset my mac mini sever a few time. I Have watch videos from Todd Oltoff, and look through these forums With no luck.
my comouter are all running the latest 10.9, and all and bind to the server with no problem. But none of the network users work.
aany help would be graetfull.
Mac mini, OS X Mavericks (10.9)
Just answered this here: od user cannot log in
The issue is that the bind is not enough. You must set the Mobility policy on the accounts, groups, or device/computer groups. Binding exposes the workstation to the centralized domain, granting LDAP query rights. This is why the id command will return results. The workstation is trusted so queries to the domain return an answer. But, binding does not establish use policy. Policy establishes use policy.
As stated, you have two options. MCX (which is deprecated) and Profile Manager. Once you have the Mobility policy set, then your users will be able to login to the workstation using domain credentials.
Reid
Apple Consultants Network
Author "Mavericks Server – Foundation Services" :: Exclusively available in Apple's iBooks Store
Author "Mavericks Server – Control and Collaboration" :: Exclusively available in Apple's iBooks Store
Many Open Directory problems can be resolved by taking the following steps. Test after each one, and back up all data before making any changes.
1. The OD master must have a static IP address on the local network, not a dynamic address.
2. You must have a working DNS service, and the server's hostname must match its fully-qualified domain name. To confirm, select the server by name in the sidebar of the Server application window, then select the Overview tab. Click the Edit button on the Host Name line. On the Accessing your Server sheet, Domain Name should be selected. Change the Host Name, if necessary. The server must have at least a three-level name (e.g. "server.yourdomain.com"), and the name must not be in the ".local" top-level domain, which is reserved for Bonjour.
3. The primary DNS server used by the server must be 127.0.0.1 (that is, itself) unless you're using another server for internal DNS. The only DNS server set on the clients should be the internal one, which they should get from DHCP if applicable.
4. Follow these instructions to rebuild the Kerberos configuration on the master.
5. If you use authenticated binding, check the validity of the master's certificate. The common name must match the hostname and domain name. Deselecting and then reselecting the certificate in Server.app has been reported to have an effect in some cases. Otherwise delete all certificates and create new ones.
6. Unbind and then rebind the clients in the Users & Groups preference pane. Use the fully-qualified domain name of the master.
7. Reboot the master and the clients.
8. Don't log in to the server with a network user's account.
9. Disable any internal firewalls in use, including third-party "security" software.
10. If you've created any replica servers, delete them.
11. As a last resort, export all OD users. In the Open Directory pane of Server, delete the OD server. Then recreate it and import the users. Ensure that the UID's are in the 1001+ range.
I can bind, but user can not login with open directory.
