Solved

Unable to sign into network users

Posted on 2010-08-18
21
1,783 Views
Last Modified: 2013-12-21
Basically, when I try to log into a network user account the login window shakes as if the password is wrong... which is not the case. I know it also shakes when there is an authorization error...but let me list what I know thus far:

- on the login screen from a client computer, it says "Network Accounts" available
- you can sign in on the server itself using a network user account
- users have been made in the /LDAPv3/127.0.0.1 directory and have had their home folders created in an automount share point using AFP on /Users (I clicked the "Create Home Now" button to make sure)
- AFP is enabled and the service is set to be used by anyone
- I checked ACL/POSIX permission on the share points, and network users have access to them... double checked with the effective permissions viewer.
- From a client Mac computer, I can log into a local account and access the server through the network with a network account (no problems here, can access the network user's home folder normally after mounting)
-Users are set to log in using Open Directory in the advance tab of workgroup manager

For awhile I was having a DNS issue (checked with doing the whole "changeip -checkhostname") but I resolved that. While I was having the DNS issue though, I still couldnt sign on to the network user account, and I was getting a different error, it was very generic... it just said an error had occurred (no code, no clues).

SO, I'm a little bit at a loss of what to do. This isn't for anyone just yet; I'm just practicing on a personal mac mini running OS X Server 10.6, it's set as an OD Master.

Any help would be greatly appreciated

0
Comment
Question by:djadambomb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 12
  • 9
21 Comments
 
LVL 32

Expert Comment

by:nappy_d
ID: 33467586
The problem is that you mostlikely have the home directory set as "/" for the user.

This is why you can logon to the server as a user and not from a workstation.

What you need to do is to specify the full unc path to where their network home folder is to be created.
0
 
LVL 1

Author Comment

by:djadambomb
ID: 33468119
You check for that in Workgroup manage under the Home tab for each user? I don't currently have access to the server, but I know that the full path name for the home folders are listed as something like /Network/Volumes/Server HD/Users.. or something like that
0
 
LVL 1

Author Comment

by:djadambomb
ID: 33468562
yea just checked, it's full network path is listed as /Network/Servers/server.fqdn.com/Users/
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 32

Expert Comment

by:nappy_d
ID: 33470408
does it look like this?
Look at the settings.

homefoldersettings.png
0
 
LVL 1

Author Comment

by:djadambomb
ID: 33470629
this is what i have. i tried several different automounts, different posix permissions on each, none worked.

this is the error i get in console in system.log:

"home directory mount failed in creating directory path: status = Operation not supported"

Screen-shot-2010-08-18-at-6.52.3.png
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 33470765
Let's review some basics for a moment:
- OD isrunning and your domainName is displayed in uppercase letters?
- is this server your DNS server?
- is DNS properly configured for this host? From the terminal, if you type "changeip -checkhostname", no errors?
- are your clients also using the same DNS server for name resolution?
- can you manually mount the home directory share from a client computer?
0
 
LVL 1

Author Comment

by:djadambomb
ID: 33478345
Sorry for the delayed response!

As per your points:
1 - OD is running, (kerberos?)domain name is not displayed in uppercase. I actually swtiched to stand alone and then back to OD master to wipe out my users/workgroups to try to re-do them in an attempt to fix my problem. When I was switching it back to OD master, it said that Kerberos couldnt be configured due to an issue with the DNS. And I checked changeip -checkhostnames at the server and indeed i was getting an error. But since then I *think* i solved the issue since -checkhostname says my current hostname and dns hostname match.

2- I have it listed in the DNS server list and the domain name in the search domains field (in addition to the ones provided by my isp) in the network preferences of the client Mac. I also have the same values on the server's network preferences (it's set to Using DHCP with Manual IP); it was the only way I could fix the -checkhostname issue (DHCP and NAT services aren't running on the server).

3 - I think really this is where the issue is, but I have no idea where I've gone wrong. -checkhostname works, but I've read that you could still have issues. In the DNS services pane, it looks like everything is set properly in terms of primary and reverse zones (see picture). I can ping, traceroute and lookup (forward and reverse) from the client Mac no problem.

4- Yes, 2 provided by the ISP and 1 is the server

5- Yes, using either the bonjour, IP or dns; they all work.

This is all the messages I get starting from the time the login window appears:

Aug 19 13:58:50 Macbook /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow[3828]: Login Window Application Started
Aug 19 13:58:51 Macbook loginwindow[3828]: Login Window Started Security Agent
Aug 19 13:59:01 Macbook SecurityAgent[3838]: NSSecureTextFieldCell detected a field editor ((null)) that is not a NSTextView subclass designed to work with the cell. Ignoring...
Aug 19 13:59:04 Macbook authorizationhost[3837]: afp home directory mount failed in creating directory path: status = Operation not supported
Aug 19 13:59:12 Macbook loginwindow[3828]: Login Window - Returned from Security Agent
Aug 19 13:59:12 Macbook SystemUIServer[529]: Apple80211GetInfoCopy returned error: -3900
Aug 19 13:59:12 Macbook SecurityAgent[3838]: HIToolbox: received notification of WindowServer event port death.
Aug 19 13:59:12 Macbook SecurityAgent[3838]: port matched the WindowServer port created in BindCGSToRunLoop

Phew. I know it's a lot to read, but I very much appreciate your help.

-Louis
0
 
LVL 1

Author Comment

by:djadambomb
ID: 33478355
forgot a pick of the dns settings
Screen-shot-2010-08-19-at-1.56.4.png
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 33478434
When things get this messed up, the Mac server is a pain to get going again.

Here is my suggestion to you. It this is a lab or you don't mind we have to start from scratch as in delete and reinstall.


Can you do this and if so, I will take you thru the steps.

0
 
LVL 1

Author Comment

by:djadambomb
ID: 33478493
A clean installation is fine
0
 
LVL 1

Author Comment

by:djadambomb
ID: 33479306
finished the installation, and ready to be configured. let me know what I should do from here

thanks!
-Louis
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 33480908
Ok so now we need to determine some things

-is this server to become your sole dns box on your network?
0
 
LVL 1

Author Comment

by:djadambomb
ID: 33481331
No, its more of a testing tool. I'm practicing for the mac server exam.

My test client mac will still be getting its dns info from the two servers provided by the isp.. in addition to the mac server I guess.
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 33481434
NEVER EVER in real life let your client machines point to any other DNS but your internal DNS servers.  Also, it is not recommended that you make your Private internal DNS publicly accessible.
0
 
LVL 32

Accepted Solution

by:
nappy_d earned 500 total points
ID: 33481464
Now I suggest you give your server a static IP and when you create your DNS record, you create it as domain.com.private as it is an internal private usage.

Do not configre any other services when you start up JUST DNS.

After that and the desktop appears, open the command line and do:
- changeip -checkhostname
- next do ping of the computer's FQDN

Let me know how that goes
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 33489035
Hi, how's it going? Anything more you needing info?
0
 
LVL 1

Author Comment

by:djadambomb
ID: 33489639
K thanks. I will try this on Monday when I have access to the server again. Ill let you know how it goes. Have a great weekend!
0
 
LVL 1

Author Comment

by:djadambomb
ID: 33513694
Ok did the setup, only started DNS and ended the address with .private.

tried changeip -checkhost name and was getting errors until I added the Server's IP to the list of DNS servers (it only has itself listed now), and added the server's IP to the client Mac's list of DNS servers (only the server is listed). then i tried changeip again and it was working fine.

i actually went ahead and continued setting up... enabled share point, set up automount, create a network user, enable afp service.. and lo and behold, NETWORK ACCOUNTS WORKS.

no idea what i did differently on the previous setup, but i'm glad it's working now.

now my question is, in a real-life setting, i know you said that the client mac should never point to anything other than the server for dns service. but i guess the server itself should point to the dns servers assigned to it by the ISP?
0
 
LVL 1

Author Closing Comment

by:djadambomb
ID: 33513708
Extremely helpful user, nappy_d, walked me through what I needed to know.
0
 
LVL 1

Author Comment

by:djadambomb
ID: 33513711
oh and thanks again for all your help! i went ahead and assigned you the points

-Louis
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 33513811
If the OS X server is the internal DNS server, it should use itself for resolution.

The bottom line, when you have an infrastructure such as OD, no other DNS is to be used but your internal. Just diregard what you ISP has provided to you.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Smartwatches: just a fashion accessory or a useful device for all? The Apple Watch (http://www.apple.com/watch/) was launched in April of 2015 and has become a new way for iPhone users to stay connected. Ranging from $349 to $17,000, the Apple Watch…
In this article we have discussed about the OS X EI Capitan and how to fix Wi-Fi issue in OS X El Capitan. We have explained how to delete system level preferences and create a new Wi-Fi location to resolve Wi-Fi issue.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question