Newsroom Update

Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: DoktorMac
DoktorMac Author
User level: Level 1
8 points

Open Directory 10.9.5 can't add new user / Password failure

MacMini Server with OS X 10.9.5 Server - it worked fine since December 2014.

OD Master activated.

Beginning of August, OD didn't work anymore. We made a restore from the last night TimeMachine Backup.

OD didn't work either. Deactivated OD, restored from od_backup. Now, users with their access work fine again.

But by adding a new user there is the failure "The password could not be set. In order to set the password of a a user with an Open Directory Password, your own password type must be Open Directory. Administrators with other password types cannot set the password of a user with an Open Directory password.


No idea, what that should be. We can add the user, but we can't log in with it.


Thanks for your help!

Peter, Switzerland

MacMini-OTHER, Other OS, OS X Server (10.9.5)

Posted on Aug 5, 2015 2:48 AM

Reply
9 replies
User profile for user: Grant Bennet-Alder
Grant Bennet-Alder
User level: Level 10
127,177 points

Aug 5, 2015 7:28 AM in response to DoktorMac

To make changes that modify the Open Directory database in a fundamental way, such as new passwords, you need to be using the User-Id and password of the Open Directory Admin, which is often different from the Server Admin.


The default user-Id if you did not change it is DirAdmin. This user-id may used infrequently, and is subject to being forgotten.

Reply
User profile for user: DoktorMac
DoktorMac Author
User level: Level 1
8 points

Aug 14, 2015 5:17 AM in response to Linc Davis

Thanks both of you.

I reseted the diradmin password, without the expected result. I still can't add a new user…

With other words:

- I am able to add a new user and set its password, but there will be the first described failure - and it is impossible to use the new created user.


Any other suggestions?

Thanks very much

Peter, Berne, Switzerland

Reply
User profile for user: K Shaffer
K Shaffer
User level: Level 7
34,978 points

Aug 16, 2015 11:18 PM in response to DoktorMac

There may be some other related points to consider...


• OS X Server: Advanced Administration (help section)

https://help.apple.com/advancedserveradmin/mac/4.0/


•OS X Server - Apple Support:

http://www.apple.com/support/osxserver/


•OS X Server - Directory Services - Apple Support:

http://www.apple.com/support/osxserver/directoryservices/


Were any of the issues you've recently discovered after the

most current EFI firmware update that was offered last week?


Not sure at what point you may have to re-install the OS X;

since that would probably mean disruption of user services.


Perhaps Linc &/or Grant will see your reply, now the weekend

essentially is over, and offer some additional ideas on this topic.


Good luck! 🙂

Reply
User profile for user: cdhw
cdhw
User level: Level 4
3,588 points

Aug 17, 2015 11:02 AM in response to DoktorMac

IME fixing OD problems is always difficult and often impossible; I generally favour a three step process:


1. Backup then export everything.

2. Nuke-and-pave

3. Re-import


If you aren't ready for this yet then you could try looking up the LDAP entry for the diradmin account, i.e.


ldapsearch -L -x -H ldap://bar.foo.com -b "cn=users,dc=servername,dc=foo,dc=com" "(uid=diradmin)"


and make sure it has sensible looking 'authAuthority:' attributes for ;ApplePasswordServer; and ;Kerberosv5;.Then have a look at the directory administrator group:


ldapsearch -L -x -H ldap://bar.foo.com -b "cn=groups,dc=servername,dc=foo,dc=com" "(cn=admin)"


and make sure that its membership looks okay. If your really luck you may find another account, e.g. used by a replica server, that you can press into service.


C.

Reply
User profile for user: DoktorMac
DoktorMac Author
User level: Level 1
8 points

Aug 18, 2015 2:24 AM in response to cdhw

Hi C.!

Thanks for your reply.

I know that OD problems are almost impossible to solve - that means an apple server is finally useless… especially for small businesses.

We made a backup.

We made a restore

We destroyed the OD

We made a re-import


Nothing worked.

The only solution I know now is to rebegin with the whole server. I do macintosh-server for about ten years. I read a lot about OD-Problems. Personally until now never had such strange problems with OD.


Ok, then, lets redo the serve…

Reply

Open Directory 10.9.5 can't add new user / Password failure

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up