Can't log in using network accounts

Question

Can't log in using network accounts

I've recently had a drama with a server upgrade, which resulted in the directory server getting hosed and having to be rebuilt from scratch. Likewise Profile Manager all rebuilt.

Since this happened, one particular computer on the network won't log in to any network account. It's connected to the directory server and all the user accounts appear available. But whichever one I select, it gets as far as showing the desktop and hangs. No dock, no menu bar, no icons on desktop.

It works fine for the local admin account.

Does anyone have any pointers as to how I could troubleshoot this?

Also - how can I back up the directory server and profile manager databases? Server GUI doesn't offer any backup options.

Mac OS 10.13.3, server 5.5.

Thanks!

Mac mini, OS X Server

Posted on Feb 15, 2018 1:10 AM

Reply

Answer 1

Top-ranking reply

James Knight3 Author

Level 1

20 points

Feb 15, 2018 10:17 AM in response to James Knight3

OK I have fixed it so here's the solution, for posterity.

This was a permissions issue on the client Mac, specifically the permissions for the following folders:

/Network

/Network/<servername>

/Network/<servername>/Network users

These folders have to have the following permissions:

Owner = system (WRX)

Group = wheel (RX)

Everyone (RX)

In my case, the group permissions for wheel had become hosed, so it wasn't possible for network users to access their network home and finish logging in.

Once I had chown :wheel for each folder and set permissions as above, it worked again.

Hope this helps someone.

Reply

Answer 2

keg55

Level 6

11,755 points

Feb 15, 2018 5:54 AM in response to James Knight3

For what it's worth, I had issues with network Home Folders too when I ran High Sierra and macOS Server 5.4. I think the only location for home folders that seemed to work was on the Startup Disk under /Users. If I created them on another volume, I had issues.

What I did was downgrade my Server's OS to Sierra and macOS Server 5.2. I also decided not to have network Home Folders on the Server. My client Mac's users are setup as network accounts on the Server, but they only use Services from Server. I use the Time Machine service to back up the client Macs to an external drive attached to the Server.

Reply

Answer 3

keg55

Level 6

11,755 points

Feb 15, 2018 5:38 AM in response to James Knight3

Also - how can I back up the directory server and profile manager databases?

When you open the Open Directory service and select your OD DB. Click the down arrow on the cog and select Archive Open Directory Master. This should back up the OD DB. I don't use Profile Manager so can't answer that one.

Reply

Answer 4

Feb 15, 2018 5:14 AM in response to James Knight3

Update. I can log in with a network account if the home folder is local. If I try to log in with a network account which has a network home folder, it crashes hard and I can't even control the computer using Remote Desktop to restart it.

So, something about network home folders (and I have tried multiple different users) is causing this one computer to crash at login.

I can log in using any network account on any other client.

Hope someone can help…

Cheers

Reply

Answer 5

Feb 15, 2018 6:08 AM in response to keg55

Thanks - network user homes are all stored under /NetworkUsers on the startup volume. All users work fine on every other client, so it's clearly something specific to that computer.

My current hypotheses is that the client is struggling to mount the network home folder - it authenticates ok, but gets stuck trying to login.

However, if I log into the computer as a local account (or a network account with local home), I can log into the NetworkUsers volume as any user, and get to the contents of their home folder without any problems.

Something in Directory Utility perhaps? I'm a bit out of my depth tbh

Cheers

James

Reply