Apple Event: May 7th at 7 am PT
The main reason to set up a Mac server for me was the use of network users with server hosted directories. My experiences with Mavericks server were very bad as reported in various threads within these forums. Never got it running, Keychain trouble, password trouble, no iCloud, etc...
My question is: Does anybody have network users with server homes successfully up and running?
I am running 10.10.1 build 14A379b, Server 4.0 build 14S333
about 100 users
47 network users
21 network home folders
It is working well so far, but we did not have any software problems with 10.8 or 10.9 either.
Are your clients hardwired? The one thing we did do is make certain network home folder users are hardwired ethernet. Any wifi and/or laptop users were made into mobile accounts. Ensuring DNS is set up correctly is probably the first item to check.
Many Open Directory problems can be resolved by taking the following steps. Test after each one, and back up all data before making any changes.
1. The OD master must have a static IP address on the local network, not a dynamic address.
2. You must have a working DNS service, and the server's hostname must match its fully-qualified domain name. To confirm, select the server by name in the sidebar of the Server application window, then select the Overview tab. Click the Edit button on the Host Name line. On the Accessing your Server sheet, Domain Name should be selected. Change the Host Name, if necessary. The server must have at least a three-level name (e.g. "server.yourdomain.com"), and the name must not be in the ".local" top-level domain, which is reserved for Bonjour.
3. The primary DNS server used by the server must be itself, unless you're using another server for internal DNS. The only DNS server set on the clients should be the internal one, which they should get from DHCP if applicable.
4. Follow these instructions to rebuild the Kerberos configuration on the master.
5. If you use authenticated binding, check the validity of the master's certificate. The common name must match the hostname and domain name. Deselecting and then reselecting the certificate in Server.app has been reported to have an effect in some cases. Otherwise delete all certificates and create new ones.
6. Unbind and then rebind the clients in the Users & Groups preference pane. Use the fully-qualified domain name of the master.
7. Reboot the master and the clients.
8. Don't log in to the server with a network user's account.
9. Disable any internal firewalls in use, including third-party "security" software.
10. If you've created any replica servers, delete them.
11. As a last resort, export all OD users. In the Open Directory pane of Server, delete the OD server. Then recreate it and import the users. Ensure that the UID's are in the 1001+ range.
If you get this far without solving the problem, then you'll need to examine the logs in the Open Directory section of the log list in the Server app, and also the system log on the clients.
Thanks sandorferency and Linc.
I went through all steps Linc described successfully. In step 11 the server crashed. After a reboot OpenDirectory was turned off and could neither be turned on nore deleted. After destroying the OD-Master using "slapconfig" in the terminal and recreating it, things went back to the same state as before.
I decided to clean install Yosemite an Server 4.0.
Running services are: Caching, File Sharing, DHCP, DNS and Open directory.
Still struggling with network users. Apple Mail is not running (hosted Internet Mail, not OS X Server Mail), Keychain trouble, iCloud (Notes and iCloud Mail not running), the rest is fine.
The problems are as described here:
Keychain issue with network users on 10.10 clients
Mavericks Server Keychain not properly storing information network users.
Hi,
Thanks for the insight. I'm wondering how the DNS affects the open directory replica and the binding. How should the clients be bound? If the main OD server goes down, how is the replica getting the failover?
Thanks
D.
markuna wrote:
Still struggling with network users. Apple Mail is not running (hosted Internet Mail, not OS X Server Mail), Keychain trouble, iCloud (Notes and iCloud Mail not running), the rest is fine.
The problems are as described here:
Keychain issue with network users on 10.10 clients
Mavericks Server Keychain not properly storing information network users.
As you have seen there are widespread issues with Yosemite and Mavericks and network home directories. This apparently derives from changes Apple made to add keychain syncing via iCloud and will affect you even if you do not use or login to an iCloud account. 😟
You have probably found references to using a logout hook to kill off the secd process and this helps a bit but does not completely cure the problem. (I have this in place and I have also added another fix to the same logout hook to force the disconnection of network home mounts after a user logs out.)
The only completely reliable options would be to continue using Snow Leopard Server, or switch to an alternative platform like a Windows Server. I have not seen any comments on this issue so far regarding El Capitan but certainly Yosemite 10.10.5 is still FUBAR.
As Apple Mail and Apple Contacts are by far the worst issues regarding the keychain problem maybe using Outlook for Mac might be worth experimenting with if you already have Office licenses. Of course using Outlook for Mac means you need ideally an EWS compatible server which means either 'real' MS Exchange, or an Office365 account, or Kerio Connect.
Yosemite Server 4.0 and network users
