Y10.10.2 S4.0 freeze, then random users created

Question

Noc Noc Author

Level 1

0 points

Y10.10.2 S4.0 freeze, then random users created

Fresh install Yosemite 10.10.2 2 Users Adminx2 User x1

Server 4 - Setup and running FileSharing, ProfileManager, TimeMachine, NetInstall, OpenDirectory, SoftwareUpdates.

DeployStudio - Repository mapped to NAS

OpenDirectory - Newly Created 2 Users.

GlobalSAN iSCSI link with redirected home directories.

Tested OpenDirectory Login on client Machine with home drive mapped - working logged out. Shutdown Client Machine.

Went back to Xserve Machine. Tried to log into Server App/ Manage enter credentials and then waiting no page displays.

Shutdown to restart -

Serveradmin stop timemachine ....

Disconnect iSCSI map

Then Restart (Mac Mini i5 8gb ram 1tb HDD brand new)

Upon Restart:

Logged into server and 349 Local Users in the user list.

ie Netboot100 - Netboot149 Sharedfile groups as users Sharedfilenames as user. configuration filenames as users.

Now unable to use OpenDirectory, and phantom users are still present undeletable and "!" users

Destroyed the OD Db re added no joy.

This is the 2nd time this has happened on a 2nd server. (first time happened when we had 5/10 HDD's fail on our NAS which was OD Master.

(ALL other OD/AD Masters are turned off and disabled on the network.))

I am Building a new network for a school.

Xserve to handle the the 540 student logins and homedrives mapped on a iSCSI LUN to a Synology RS3412 30Tb raid 10. Functioning 100% fine.

Any advise on how to clear all local users on the server app or how to flush the server app of all data to start fresh would be great.

Kind Regards

Paul Trevathan.

ICT Remarkables Primary School.

Mac mini, OS X Yosemite (10.10.2), Server, Deploy Studio, Configuator

Posted on Feb 4, 2015 6:50 PM

Reply

Answer 1

Linc Davis

Level 10

209,547 points

Feb 5, 2015 6:41 PM in response to Noc Noc

Many Open Directory problems can be resolved by taking the following steps. Test after each one, and back up all data before making any changes.

1. The OD master must have a static IP address on the local network, not a dynamic address. It must not be connected to the same network with more than one interface; e.g., Ethernet and Wi-Fi.

2. You must have a working DNS service, and the server's hostname must match its fully-qualified domain name. To confirm, select the server by name in the sidebar of the Server application window, then select the Overview tab. Click the Edit button on the Host Name line. On the Accessing your Server sheet, Domain Name should be selected. Change the Host Name, if necessary. The server must have at least a three-level name (e.g. "server.yourdomain.com"), and the name must not be in the ".local" top-level domain, which is reserved for Bonjour.

3. The primary DNS server used by the server must be itself, unless you're using another server for internal DNS. The only DNS server set on the clients should be the internal one, which they should get from DHCP if applicable.

4. Only if you're still running Mavericks server, follow these instructions to rebuild the Kerberos configuration on the server.

5. If you use authenticated binding, check the validity of the master's certificate. The common name must match the hostname and domain name. Deselecting and then reselecting the certificate in Server.app has been reported to have an effect in some cases. Otherwise delete all certificates and create new ones.

6. Unbind and then rebind the clients in the Users & Groups preference pane. Use the fully-qualified domain name of the master.

7. Reboot the master and the clients.

8. Don't log in to the server with a network user's account.

9. Disable any internal firewalls in use, including third-party "security" software.

10. If you've created any replica servers, delete them.

11. If OD has only recently stopped working when it was working before, you may be able to restore it from the automatic backup in /var/db/backups, or from a Time Machine snapshot of that backup.

12. As a last resort, export all OD users. In the Open Directory pane of Server, delete the OD server. Then recreate it and import the users. Ensure that the UID's are in the 1001+ range.

If you get this far without solving the problem, then you'll need to examine the logs in the Open Directory section of the log list in the Server app, and also the system log on the clients.

Reply

Answer 2

Noc Noc Author

Level 1

0 points

Feb 8, 2015 1:18 PM in response to Linc Davis

Hello Linc,

Thank you for your clear instructions.

Been through this check list when I was building.

(except 4 as am on Yosemite)

And after the mishap.

The Problem was caused when unable to log in to the server.app. after logging in and out of Network user.

How do I clear out all the newly created Local users and groups when the crash occurred. Network Users are fine just the local users and groups have become corrupt.

Kind Regards

Paul.

Reply

Answer 3

Noc Noc Author

Level 1

0 points

Feb 8, 2015 1:37 PM in response to Noc Noc

Hello Linc,

Thank you for your clear instructions.

Been through this check list when I was building.

(except 4 as am on Yosemite)

And after the mishap.

The Problem was caused when unable to log in to the server.app. after logging in and out of Network user.

How do I clear out all the newly created Local users and groups when the crash occurred. Network Users are fine just the local users and groups have become corrupt.

usernames of the like: "com.apple.access_default-disabled"

think I might have to roll back....

Kind Regards

Paul.

Reply

Answer 4

Noc Noc Author

Level 1

0 points

Feb 26, 2015 12:19 AM in response to Noc Noc

I ended up completing a clean install all the same settings and configuration as before and working.

I have since needed to Delete the OD Master Server and re-add if the Server.app becomes unstable. Troubleshooting at the moment for hanging server.app Will keep you posted. Experiencing the same issue with ARD.

Reply