Want to highlight a helpful answer? Upvote!
Did someone help you, or did an answer or User Tip resolve your issue? Upvote by selecting the upvote arrow. Your feedback helps others! Learn more about when to upvote >
Did someone help you, or did an answer or User Tip resolve your issue? Upvote by selecting the upvote arrow. Your feedback helps others! Learn more about when to upvote >
On my Server Yosemite some of the open directory settings are locked (greyed out).
I can create users but I can not choose to change password, to create or edit a user templates or to edit global password policy.
When I click on the little gear wheel in the bottom, this commands are grey.
I tried this as Administrator of the server and as Directory Administrator.
How can I solve this.
Greetings
Martin
OS X Server, null
Select Local Users from the menu at the top of the user list.
Select Local Users from the menu at the top of the user list.
Thank you.
I have Network Users so I selected this and it works.
I ran into another problem.
I set up DNS, Open Directory and Local Network Users with home directory set to the shared /Users folder.
But my clients cannot log in.
I can connect to the Server in the clients´ System Preferences > Users but the accounts do not show up in the login window.
When I choose "Other" and enter username and password I also cannot log in.
Any ideas?
Many Open Directory problems can be resolved by taking the following steps. Test after each one, and back up all data before making any changes.
1. The OD master must have a static IP address on the local network, not a dynamic address. It must not be connected to the same network with more than one interface; e.g., Ethernet and Wi-Fi.
2. You must have a working DNS service, and the server's hostname must match its fully-qualified domain name. To confirm, select the server by name in the sidebar of the Server application window, then select the Overview tab. Click the Edit button on the Host Name line. On the Accessing your Server sheet, Domain Name should be selected. Change the Host Name, if necessary. The server must have at least a three-level name (e.g. "server.yourdomain.com"), and the name must not be in the ".local" top-level domain, which is reserved for Bonjour.
3. The primary DNS server used by the server must be itself, unless you're using another server for internal DNS. The only DNS server set on the clients should be the internal one, which they should get from DHCP if applicable.
4. If you have accounts with network home directories, make sure the URL's are correct in the user settings. A return status of 45 from the authorizationhost daemon in the log may mean that the URL for mounting the home directory was not updated after a change in the hostname.
5. Only if you're still running Mavericks server, follow these instructions to rebuild the Kerberos configuration on the server.
6. If you use authenticated binding, check the validity of the master's certificate. The common name must match the hostname and domain name. Deselecting and then reselecting the certificate in Server.app has been reported to have an effect in some cases. Otherwise delete all certificates and create new ones.
7. Unbind and then rebind the clients in the Users & Groups preference pane. Use the fully-qualified domain name of the master.
8. Reboot the master and the clients.
9. Don't log in to the server with a network user's account.
10. Disable any internal firewalls in use, including third-party "security" software.
11. If you've created any replica servers, delete them.
12. If OD has only recently stopped working when it was working before, you may be able to restore it from the automatic backup in /var/db/backups, or from a Time Machine snapshot of that backup.
13. As a last resort, export all OD users. In the Open Directory pane of Server, delete the OD server. Then recreate it and import the users. Ensure that the UID's are in the 1001+ range.
If you get this far without solving the problem, then you'll need to examine the logs in the Open Directory section of the log list in the Server app, and also the system log on the clients.
Thank you very much for your help.
I checked everything you said and could bind one of my clients to the server.
Still ist does not show me the network accounts on th login screen and it also doesn´t show "Other ..." any more.
When I changed to "name and password" I was asked to change my password as I set it in the global password policies.
Then I get "You are unable to log into the account "name" at this time.
In the logs I have:
Mar 14 2015 21:30:12 687335us Requested SASL mechanism not loaded: SMB-NT
btw. this is a complete new install of Yosemite Server
Reset the password policy database:
sudo pwpolicy -clearaccountpolicies
Thank you very much for your help.
It finally worked after setting the "Users" Share (back) to SMB.
Now I have my server up and running so far.
Only problem right now ist how to migrate contacts which I post another thread for.
Does the pwpolicy command clear passwords, or rebuild the password database?
Yosemite Server OD settings locked (grey)
