Local network users can't use the caldav server

I should add that the exact same setup worked fine under Mountain Lion server. I should also add that I've used the deprecated Workgroup Manager to tweak Login Screen options, in case that may be relevant.

Definitely not deliberately. I don't remember enabling IPv6 anywhere.

Could that be relevant?

Thanks for that. Definitely good practise.

However, I changed it to 'link-local only' and no change.

I'll post the log from the client machine that the local network user is on when trying to get Calendar.app to open and refresh normally:

27/08/2015 17:53:19.353 Calendar[5000]: [com.apple.calendarui.log.auth] [Authentication operation for account nick failed but not an auth error (Error Domain=NSURLErrorDomain Code=-1003 "A server with the specified hostname could not be found." UserInfo=0x6000002e8500 {NSLocalizedDescription=A server with the specified hostname could not be found., NSErrorFailingURLStringKey=https://nick@macmini-i5.local/principals/__uids__/679D8D7D-2765-4274-AD21-AA7955 F2A26E/, NSErrorFailingURLKey=https://nick@macmini-i5.local/principals/__uids__/679D8D7D-2765-4274-AD21-AA7955 F2A26E/, _kCFStreamErrorDomainKey=12, _kCFStreamErrorCodeKey=8, NSUnderlyingError=0x600000a55180 "A server with the specified hostname could not be found."})]

27/08/2015 17:53:32.147 CalendarAgent[4948]: [com.apple.calendar.store.log.caldav.queue] [Account refresh failed with error: Error Domain=CoreDAVHTTPStatusErrorDomain Code=401 "The operation couldn’t be completed. (CoreDAVHTTPStatusErrorDomain error 401.)" UserInfo=0x7fc759b2a9f0 {AccountName=Macmini-I5, CalDAVErrFromRefresh=YES, CoreDAVHTTPHeaders=<CFBasicHash 0x7fc7587415b0 [0x7fff750efed0]>{type = immutable dict, count = 11,

entries =>

0 : Server = <CFString 0x7fc7585ef050 [0x7fff750efed0]>{contents = "Twisted/13.2.0 TwistedWeb/9.0.0"}

1 : Content-Type = <CFString 0x7fc758550c10 [0x7fff750efed0]>{contents = "text/html;charset=utf-8"}

2 : MS-Author-Via = DAV

3 : Strict-Transport-Security = <CFString 0x7fc7585eba10 [0x7fff750efed0]>{contents = "max-age=604800"}

4 : DAV = <CFString 0x7fc758595b00 [0x7fff750efed0]>{contents = "1, access-control, calendar-access, calendar-schedule, calendar-auto-schedule, calendar-availability, inbox-availability, calendar-proxy, calendarserver-private-events, calendarserver-private-comments, calendarserver-sharing, calendarserver-sharing-no-scheduling, calendar-query-extended, calendar-default-alarms, calendar-managed-attachments, calendarserver-partstat-changes, calendar-no-timezone, calendarserver-recurrence-split, extended-mkcol, calendarserver-principal-property-search, calendarserver-principal-search, calendarserver-home-sync"}

5 : Connection = <CFString 0x7fc758706180 [0x7fff750efed0]>{contents = "Keep-Alive"}

6 : Date = <CFString 0x7fc75876a6f0 [0x7fff750efed0]>{contents = "Thu, 27 Aug 2015 16:53:31 GMT"}

9 : Www-Authenticate = <CFString 0x7fc759c2d570 [0x7fff750efed0]>{contents = "basic realm="macmini-i5.local", digest nonce="fb36954cff937bc0318d17e1", opaque="8cacd2b863ac371729a060178d8de9c7-ZmIzNjk1NGNmZjkzN2JjMDMxOGQxN2UxLDo6MS wxNDQwNjk0NDEx", algorithm="md5", realm="macmini-i5.local""}

10 : Content-Length = 141

11 : Keep-Alive = <CFString 0x7fc759c72e10 [0x7fff750efed0]>{contents = "timeout=15, max=99"}

12 : Vary = <CFString 0x7fc75858fa40 [0x7fff750efed0]>{contents = "User-Agent"}

}

}]

FWIW changeip reports no problems with the hostname:

Last login: Thu Aug 27 16:39:39 on console

macmini-i5:~ admin$ sudo changeip -checkhostname

WARNING: Improper use of the sudo command could lead to data loss

or the deletion of important system files. Please double-check your

typing when using sudo. Type "man sudo" for more information.

To proceed, enter your password, or type Ctrl-C to abort.

Password:

dirserv:success = "success"

macmini-i5:~ admin$

I redid the whole setup with a fully-qualified domain name - server.xxxxxxxx.private, including new DNS and LDAP. No change.

out of curiosity, has anyone got working caldav access for local network users with Yosemite/Server.app?

Thanks again for the reply. Much appreciated!

I understand that, but this installation is to test the error/issue. The 'production' server is in a client's office, and it has a fully-qualified domain, server.xxxxxx.com, and the issue is identical.

I'll post log entries from a client machine with a local network user logged in, trying to open Calendar.app (where always they are presented with a never-ending password request loop:

30/08/2015 17:06:00.130 CalendarAgent[7528]: [com.apple.calendar.store.log.caldav.queue] [Account refresh failed with error: Error Domain=CoreDAVHTTPStatusErrorDomain Code=401 "The operation couldn’t be completed. (CoreDAVHTTPStatusErrorDomain error 401.)" UserInfo=0x7f9ecb01fc30 {AccountName=OS X Server, CalDAVErrFromRefresh=YES, CoreDAVHTTPHeaders=<CFBasicHash 0x7f9ec8e52770 [0x7fff7b83ded0]>{type = immutable dict, count = 12,

entries =>

0 : Content-Type = <CFString 0x7f9ec8e3f6c0 [0x7fff7b83ded0]>{contents = "text/html;charset=utf-8"}

1 : Keep-Alive = <CFString 0x7f9ec8e06ef0 [0x7fff7b83ded0]>{contents = "timeout=15, max=99"}

2 : Vary = <CFString 0x7f9ec8e49fc0 [0x7fff7b83ded0]>{contents = "User-Agent"}

5 : DAV = <CFString 0x7f9ecb2650f0 [0x7fff7b83ded0]>{contents = "1, access-control, calendar-access, calendar-schedule, calendar-auto-schedule, calendar-availability, inbox-availability, calendar-proxy, calendarserver-private-events, calendarserver-private-comments, calendarserver-sharing, calendarserver-sharing-no-scheduling, calendar-query-extended, calendar-default-alarms, calendar-managed-attachments, calendarserver-partstat-changes, calendar-no-timezone, calendarserver-recurrence-split, addressbook, extended-mkcol, calendarserver-principal-property-search, calendarserver-principal-search, calendarserver-home-sync"}

6 : Server = <CFString 0x7f9ecb25a8f0 [0x7fff7b83ded0]>{contents = "Twisted/13.2.0 TwistedWeb/9.0.0"}

13 : MS-Author-Via = DAV

14 : Date = <CFString 0x7f9ec8e32590 [0x7fff7b83ded0]>{contents = "Sun, 30 Aug 2015 16:05:59 GMT"}

15 : Strict-Transport-Security = <CFString 0x7f9ecb2251a0 [0x7fff7b83ded0]>{contents = "max-age=604800"}

16 : Content-Length = 141

17 : Connection = <CFString 0x7f9ecb237e10 [0x7fff7b83ded0]>{contents = "Keep-Alive"}

21 : X-Frame-Options = <CFString 0x7f9ecb22ac70 [0x7fff7b83ded0]>{contents = "SameOrigin"}

22 : Www-Authenticate = <CFString 0x7f9ec8e46230 [0x7fff7b83ded0]>{contents = "digest nonce="b928fc1ea713d925ad4d21af", algorithm="md5", opaque="857e9f98020ed5828f6d91de405d349e-YjkyOGZjMWVhNzEzZDkyNWFkNGQyMWFmLDEyNy 4wLjAuMSwxNDQwOTUwNzU5", realm="server.xxxxxxx.com", basic realm="server.xxxxxxx.com", negotiate"}

}

}]

30/08/2015 17:06:00.333 CalendarAgent[7528]: [com.apple.calendar.store.log.caldav.queue] [Adding [<CalDAVAccountRefreshQueueableOperation: 0x7f9ecb1b5ba0; Sequence: 0>] to failed operations.]

Update:

I started again after the Server.app 5.0.3 update.

On the server:

Wipe and install 10.10.5.

Download Server.app 5.0.3.

Set up the server for the Internet.

Set hostname and computer name to server.xxxx.com (an existing and valid FQDN with DynDNS).

Set up Open Directory Master and DNS.

Restart.

Ran 'sudo changeip -checkhostname' - success.

Created share point 'NetUsers' for network home folders in /Users/Shared/.

Created two Local Network Users with the location of their home folders in NetUsers.

Turned on Calendar service.

Checked DNS and search domain for server - DNS server is 127.0.0.1, search domain is server.xxxx.com

On the client machine:

Wipe and install 10.10.5.

Create admin user.

Set DNS server in Network Preferences to the local IP of server.xxxx.com, and search domain to server.xxxx.com.

Restart.

In Users and Groups preferences, 'Joined' the server - at this point a new dialogue appeared that I hadn't ever seen before giving the option to provide a Machine ID (self-propagated) and a username and password. The diradmin name and password of the server was accepted.

Resatrt.

Presented with 'Other' in login screen.

Loged in with first local network user successfully.

Logged out.

Logged in with second local network user successfully.

Logged out.

Logged in as first local network user and set up caldav account and created test events. Refreshed successfully. Logged out.

Ditto for second local network user.

Logged in again as first network user and started up Calendar.app. Still working.

Log in as second local network user, started up Calendar.app. Error. Password missing. Repetitive loop of requesting password that never accepts the correct password.

Log out.

Ditto with first local network user.

I have now tested this in different environments, and out of frustration I repeated this with clean installations all round to rule stuff out as causes.

The only notable log entries that I can find is this from the client machine:

24/09/2015 14:21:24.605 CalendarAgent[889]: [com.apple.calendar.store.log.caldav.queue] [Account refresh failed with error: Error Domain=CoreDAVHTTPStatusErrorDomain Code=401 "The operation couldn’t be completed. (CoreDAVHTTPStatusErrorDomain error 401.)" UserInfo=0x7fcd1c0b4030 {AccountName=server.xxxx.com, CalDAVErrFromRefresh=YES, CoreDAVHTTPHeaders=<CFBasicHash 0x7fcd1ae72d00 [0x7fff74cc2ed0]>{type = immutable dict, count = 8,

entries =>

0 : Server = <CFString 0x7fcd1ac31a90 [0x7fff74cc2ed0]>{contents = "Twisted/15.2.1 TwistedWeb/9.0.0"}

1 : Content-Type = <CFString 0x7fcd1acd1eb0 [0x7fff74cc2ed0]>{contents = "text/html;charset=utf-8"}

3 : Strict-Transport-Security = <CFString 0x7fcd1aec93b0 [0x7fff74cc2ed0]>{contents = "max-age=604800"}

6 : Date = <CFString 0x7fcd1ae99fe0 [0x7fff74cc2ed0]>{contents = "Thu, 24 Sep 2015 13:21:22 GMT"}

9 : Www-Authenticate = <CFString 0x7fcd1aed2460 [0x7fff74cc2ed0]>{contents = "digest algorithm="md5", opaque="ae4f9e81e127b8b370faa3faf0864263-ZmI0ZDU0OTc2ZTkwMDAxYmQxZTBlOTc4LDAuMC 4wLjAsMTQ0MzEwMDg4Mg==", realm="mildmay.dyndns.org", nonce="fb4d54976e90001bd1e0e978", basic realm="mildmay.dyndns.org", negotiate"}

10 : Content-Length = 141

11 : Keep-Alive = <CFString 0x7fcd1aecde00 [0x7fff74cc2ed0]>{contents = "timeout=5, max=95"}

12 : Connection = <CFString 0x7fcd1ae4bb40 [0x7fff74cc2ed0]>{contents = "Keep-Alive"}

}

}]

What am I doing wrong?

Seems as if there are some bugs in Apple's forum software (BTW I'm using the LATEST RELEASE OF SAFARI!)

First my reply appears. I log out. Log back in a couple of hours later and my reply has disappeared. I try to repost and see that there is an 'auto-recovery' post that I recover and then post. Refresh and the previous post AND the new repost now BOTH appear.

TBH this is the least of my worries, but am I the only person getting a bit worried about some of the more recent Apple software?