ebrind

Q: Local Network Users Cannot Login

Hello,

 

I upgraded our server to 10.11.5 and Server App to 5.1.5 and have everything working accept Local Network Users cannot login when the Home Folder setting is set to "Users" where everyones home directory is located. If I change the user to "Local Only" the user can login using the "other" at the login screen on the client computer. It was working before the upgrade and I have checked the following:

 

1. Created New OD from Backup.

 

2. DNS - Everything Good Here.

 

3. Rekerberize the server - Everything Good Here.

 

4. Created New Home Directory Location and Tested With New User Account.

 

Any Ideas?

 

Thanks,

 

ebrind

OS X El Capitan (10.11.5), Server App 5.1.5

Posted on Jun 6, 2016 12:54 PM

Close

Q: Local Network Users Cannot Login

  • All replies
  • Helpful answers

  • by cdhw,

    cdhw cdhw Jun 6, 2016 5:30 PM in response to ebrind
    Level 4 (2,623 points)
    Servers Enterprise
    Jun 6, 2016 5:30 PM in response to ebrind

    Unbind and rebind the client to the server directory. Check the settings for the Users share in the File Sharing panel. Have a look in the logs around the time a login attempt happens.

  • by ebrind,

    ebrind ebrind Jul 13, 2016 3:24 PM in response to ebrind
    Level 1 (23 points)
    Servers Enterprise
    Jul 13, 2016 3:24 PM in response to ebrind

    Just set up a brand new server and getting the same login error.

     

    Screen Shot.jpg

  • by ebrind,

    ebrind ebrind Jul 13, 2016 3:29 PM in response to ebrind
    Level 1 (23 points)
    Servers Enterprise
    Jul 13, 2016 3:29 PM in response to ebrind

    I can login with the user account home folder set to Local Only but not when the Users folder is selected.

     

    Screen Shot 2.png

  • by cdhw,

    cdhw cdhw Jul 13, 2016 3:39 PM in response to ebrind
    Level 4 (2,623 points)
    Servers Enterprise
    Jul 13, 2016 3:39 PM in response to ebrind

    Confirm that /Users is in the list of shared volumes in the 'File Sharing' panel of Server.app

     

    Click its editing button and confirm that 'Home Directories' is checked. I've found AFP works better for network homes than SMB but YMMV.

     

    C.

  • by ebrind,

    ebrind ebrind Jul 13, 2016 3:48 PM in response to cdhw
    Level 1 (23 points)
    Servers Enterprise
    Jul 13, 2016 3:48 PM in response to cdhw

    Thank you for your response! Yes it is and it is set to AFP.

     

    Screen Shot 3.png

    Screen Shot 4.png

     

    Thanks Again!

  • by cdhw,

    cdhw cdhw Jul 13, 2016 4:00 PM in response to ebrind
    Level 4 (2,623 points)
    Servers Enterprise
    Jul 13, 2016 4:00 PM in response to ebrind

    Confirm that you are trying to login to the network account on a client that is bound to the server? AFAIK, network users can't login to the server console because the server won't mount its own local volumes as a network share.

     

    C.

  • by ebrind,

    ebrind ebrind Jul 13, 2016 4:47 PM in response to cdhw
    Level 1 (23 points)
    Servers Enterprise
    Jul 13, 2016 4:47 PM in response to cdhw

    Thanks Again for responding!

     

    Yes, I am using a client bound to the server.

     

    Screen Shot 6.png

  • by cdhw,

    cdhw cdhw Jul 13, 2016 5:01 PM in response to ebrind
    Level 4 (2,623 points)
    Servers Enterprise
    Jul 13, 2016 5:01 PM in response to ebrind

    If you login to the client as a local user (e.g. admin), can you successfully mount a network user's home directory using the the

     

         Finder > Go > Connect to Server...

     

    Are the permissions for '/Volumes' on the client correct? i.e.

     

         Mac-67:~ xxxx$ ls -lae@d /Volumes

         drwxrwxrwt@ 5 root  admin  170 14 Jul 00:19 /Volumes

              com.apple.FinderInfo 32

              0: group:everyone deny add_file,add_subdirectory,directory_inherit,only_inherit

         Mac-67:~ xxxx$

     

    Did you recycle an old OD when you set up your brand new server or can we eliminate that as the source of the problem?

  • by ebrind,

    ebrind ebrind Jul 13, 2016 5:08 PM in response to cdhw
    Level 1 (23 points)
    Servers Enterprise
    Jul 13, 2016 5:08 PM in response to cdhw

    Yes, this is a brand new server with a new OD.

     

    I will check the other.

     

    Thank you!

  • by ebrind,

    ebrind ebrind Jul 13, 2016 5:16 PM in response to cdhw
    Level 1 (23 points)
    Servers Enterprise
    Jul 13, 2016 5:16 PM in response to cdhw

    I can login to the server from a clint machine using finder and "connect as" the network user and access the users home directory. The user that is logged in can not access any other users home directories. I can do this with all network users on the server with finder from a client machine.

  • by cdhw,

    cdhw cdhw Jul 13, 2016 5:29 PM in response to ebrind
    Level 4 (2,623 points)
    Servers Enterprise
    Jul 13, 2016 5:29 PM in response to ebrind

    Anything relevant in the system logs for the server and client?

     

    C.

  • by ebrind,

    ebrind ebrind Jul 13, 2016 5:38 PM in response to cdhw
    Level 1 (23 points)
    Servers Enterprise
    Jul 13, 2016 5:38 PM in response to cdhw

    I wish there was... I think I might be on to something though. I am questioning the advanced user options default settings.

     

    Home Directory Path:

    Share Point URL:

    Path to Home Folder:

     

    Back in the day (Server 10.6) there was an issue with Work Group Manager and Share Points . I am going to check it out.

  • by cdhw,

    cdhw cdhw Jul 13, 2016 5:47 PM in response to ebrind
    Level 4 (2,623 points)
    Servers Enterprise
    Jul 13, 2016 5:47 PM in response to ebrind

    You can use dscl on the client to inspect the 'as-delivered' values for these parameters.

     

    C.