Unable to login with a new account on networked MBP

Question

KenP1980M Author

Level 1

5 points

Unable to login with a new account on networked MBP

Hi all. I'm a relatively new mac user and have recently purchased Server. I set it up on my Mac Pro at home. I have enabled DNS server and set my router up properly. I have Open Directory and VPN setup as well. I have also created a new Network User account. My hostname is a .private. VPN works and i'm able to view my shared drives as I'd hoped. Everything seems to be working except i'm not able to login to the new network account I created after setting up Open Directory. On my MBP I type the username and password WHILE i'm on the same home network as my Server, and the password field just vibrates at me (As if i'm not putting in the correct password. I've changed the password several times to include uppercase, lowercase and a number. I also didn't check the "force to change password at first login". The strange thing is I can login with my diradmin account on my MBP. I am able to login with my new network account on the computer that's running server. I enabled Profile Manager and was able to access the web interface on my MBP. My router is the dhcp server. I've manually changed my MBP to user the Server dns server. My macbook pro is currently connected to the network account server. Sorry for the life story, I just wanted to try to get all relevant information in this question. Thanks in advance.

Mac Pro, OS X Mavericks (10.9.5)

Posted on Oct 9, 2014 7:05 AM

Reply

Answer 1

Linc Davis

Level 10

209,535 points

Oct 9, 2014 10:32 AM in response to KenP1980M

Many Open Directory problems can be resolved by taking the following steps. Test after each one, and back up all data before making any changes.

1. The OD master must have a static IP address on the local network, not a dynamic address.

2. You must have a working DNS service, and the server's hostname must match its fully-qualified domain name. To confirm, select the server by name in the sidebar of the Server application window, then select the Overview tab. Click the Edit button on the Host Name line. On the Accessing your Server sheet, Domain Name should be selected. Change the Host Name, if necessary. The server must have at least a three-level name (e.g. "server.yourdomain.com"), and the name must not be in the ".local" top-level domain, which is reserved for Bonjour.

3. The primary DNS server used by the server must be 127.0.0.1 (that is, itself) unless you're using another server for internal DNS. The only DNS server set on the clients should be the internal one, which they should get from DHCP if applicable.

4. Follow these instructions to rebuild the Kerberos configuration on the master.

5. If you use authenticated binding, check the validity of the master's certificate. The common name must match the hostname and domain name. Deselecting and then reselecting the certificate in Server.app has been reported to have an effect in some cases. Otherwise delete all certificates and create new ones.

6. Unbind and then rebind the clients in the Users & Groups preference pane. Use the fully-qualified domain name of the master.

7. Reboot the master and the clients.

8. Don't log in to the server with a network user's account.

9. Disable any internal firewalls in use, including third-party "security" software.

10. If you've created any replica servers, delete them.

11. As a last resort, export all OD users. In the Open Directory pane of Server, delete the OD server. Then recreate it and import the users. Ensure that the UID's are in the 1001+ range.

Reply