Newsroom Update

Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Gerard Dirks
Gerard Dirks Author
User level: Level 1
38 points

No Access for new Users after Update OS X Server

Hello


Last week we finally update our 10.6.8 Server to 10.9.5 Server and have a small mess


All existing User can access their Network Account and mount From Server.


Only the new User have no access. The New Users are created with the Server.app. Automaticly their will be create an User Folder in the correct Directory. (with 10.6.8 we alwys need to run "$ sudo createhomedir -a". This will not work in 10.9.5


I also check the Workgraoupmanager. The Home URL and FullPath is correct defined. The login for the machine is also allowed, but it will not allow me to access the server?


Could it be that the new Users are stored in the OS Master from 10.9.5 which is problably different from 10.6.8


Any Hint?


Gerard

Mac Pro, OS X Mavericks (10.9.5), OS X Server 3.2.2

Posted on Jan 5, 2015 2:08 AM

Reply
3 replies
User profile for user: Linc Davis
Linc Davis
User level: Level 10
209,547 points

Jan 5, 2015 1:09 PM in response to Gerard Dirks

Many Open Directory problems can be resolved by taking the following steps. Test after each one, and back up all data before making any changes.

1. The OD master must have a static IP address on the local network, not a dynamic address. It must not be connected to the same network with more than one interface; e.g., Ethernet and Wi-Fi.

2. You must have a working DNS service, and the server's hostname must match its fully-qualified domain name. To confirm, select the server by name in the sidebar of the Server application window, then select the Overview tab. Click the Edit button on the Host Name line. On the Accessing your Server sheet, Domain Name should be selected. Change the Host Name, if necessary. The server must have at least a three-level name (e.g. "server.yourdomain.com"), and the name must not be in the ".local" top-level domain, which is reserved for Bonjour.

3. The primary DNS server used by the server must be itself, unless you're using another server for internal DNS. The only DNS server set on the clients should be the internal one, which they should get from DHCP if applicable.

4. Follow these instructions to rebuild the Kerberos configuration on the master.

5. If you use authenticated binding, check the validity of the master's certificate. The common name must match the hostname and domain name. Deselecting and then reselecting the certificate in Server.app has been reported to have an effect in some cases. Otherwise delete all certificates and create new ones.

6. Unbind and then rebind the clients in the Users & Groups preference pane. Use the fully-qualified domain name of the master.

7. Reboot the master and the clients.

8. Don't log in to the server with a network user's account.

9. Disable any internal firewalls in use, including third-party "security" software.

10. If you've created any replica servers, delete them.

11. If OD has only recently stopped working when it was working before, you may be able to restore it from the automatic backup in /var/db/backups, or from a Time Machine snapshot of that backup.

12. As a last resort, export all OD users. In the Open Directory pane of Server, delete the OD server. Then recreate it and import the users. Ensure that the UID's are in the 1001+ range.

If you get this far without solving the problem, then you'll need to examine the logs in the Open Directory section of the log list in the Server app, and also the system log on the clients.

Reply
User profile for user: Gerard Dirks
Gerard Dirks Author
User level: Level 1
38 points

Jan 6, 2015 4:27 AM in response to Linc Davis

A list of standard advice which can't help me


At this moment I am not able to create a new home folder anymore (Not in Server.app and not in Workgroup Manager.


We updated an 10.6.8 Server which runs for years without problem. The Migrations hadn't show any problems.


I got the following errors in the console

06.01.15 13:14:40.097 digest-service[39507]: mkey_file: /var/db/krb5kdc/m-key

06.01.15 13:14:40.097 digest-service[39507]: acl_file: /var/db/krb5kdc/kadmind.acl

06.01.15 13:14:40.420 digest-service[39507]: digest-request kdc: ok user=XSERVE\tazzadmin proto=ntlmv1 flags: ENC_128, NEG_VERSION, NEG_TARGET_INFO, NEG_NTLM, NEG_TARGET, NEG_UNICODE

06.01.15 13:14:40.684 digest-service[39507]: digest-request: kdc failed with 22 proto=unknown


any idea


I afraid to kill the acces of all my other 27 users when manipulation with KDC


regards

gerard

Reply

No Access for new Users after Update OS X Server

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up