Mail service doesn't authorizes local network accounts

Hi,
i am new to OS X Server, to i am still playing with a test server before i will move it to production:
1. what i have:
Mac Mini with clean Mavericks install and clean Server 3 installed.
It has real IP and FQDN.
services launched via Server App: DNS,DHCP,LDAP,Mail.
I have one local user (admin)
and created one local network user.
The problem i that from mavericks client i can authorize to IMAP server only using local user name and when i try local network user - that doesnt work.
What am i doing wrong?

The fact you are using a 46.xxx.xxx.xxx address means that your server has a public IP address. This is of course not illegal but perhaps unusual. More commonly the server would be on your internal network and you might setup your firewall to forward necessary ports to it.
A possible consequence of having a public IP address is that another DNS server might be in charge of your domain, e.g. your ISP. Your ISP would then have to define both the hostname and equally importantly the reverse DNS record. It is possible to run the master DNS server for an official domain name yourself but this is usually only done by enterprise level businesses, SME size organisations would leave this to the ISP.
If our ISP is running the domain then either you need to get the to add all the necessary records including the correct reverse DNS records, or you will have to duplicate every record i.e. hostname yourself and ensure you don't make any mistakes. The Mac software will automatically setup the reverse DNS records.
Your server then needs to use the correct DNS server and so do your clients.
Try testing either in Terminal.app or using Network Utility doing forward and reverse DNS lookups. This might be easier in Terminal as explained below. Do this on the server itself.
In Terminal type nslookup serverhostname.domain.ru 127.0.0.1 (This will do a forward lookup using the servers own DNS server, it should return the IP address of your server i.e. 46.xxx.xxx.xxx)
In Terminal type nslookup 46.xxx.xxx.xxx 127.0.0.1 (This should do a reverse DNS lookup and return your server FQDN)
In Terminal type nslookup serverhostname.domain.ru 8.8.8.8 (This will ask Google to do a forward lookup and return your server IP address of 46.xxx.xxx.xxx)
In Terminal type nslookup 46.xxx.xxx.xxx 8.8.8.8 (This will ask Google to do a reverse DNS lookup and should return your server FQDN)
The above will help show if the rest of the world is using a different DNS server with different settings for your domain. It will also show what your own DNS server is doing. Usually you will have your server configured to use itself as the DNS server and this is usually done by entering the address of 127.0.0.1 in network settings.

Similar Messages

  • Can't login on iMac to Local Network accounts on server

    I'm a volunteer at the Marjorie P Lee retirement community. We had two iMacs that were available for residents to use. We recently bought two more iMacs and a Mac Mini Server. The goal is to make it possible for residents to use any of the computers and have their files available.
    I have set up the server and did the updates so the machine is running 10.9.4 and the latest update of the server software. I have enabled Open Directory and created a couple of Local Network User accounts for testing. I also enabled file sharing and Time Machine backups.
    One of our older iMacs is running OS X 10.6.8. On this iMac, I went to the Users & Groups pane and under Login Options I connected to the Network Account Server. I got the green dot indicating that the connection was successful. I then enabled network logins. This worked; I am now able to login on this iMac to the local network accounts on the server.
    I did exactly the same thing on one of our brand new iMacs. Again I got the green dot indicating a successful connection to the server. Unfortunately I have been unable to login to the local network accounts from this machine. When I try to login, the password shakes as though I had entered the wrong password.
    What do I need to do to fix this?
    Thanks for any help you can provide.
    ~~Dan

    Most likely your Imac is using g or n to broadcast wirelessly while your router is using b.  Solution update your router.
    Greetings from Northern Ontario, Canada

  • Practical usage / difference - local vs server (local / network) accounts

    I have purchased a book on Mountain Lion Server, looked on the Apple support community and the Internet but I cannot find a clear answer, or explanation, to my query.
    Instead of looking at the features in Mountain Lion (ML) Server and Open Directory (OD) I'd like to approach this in terms of the functionality I would like to achieve. I am sure that many other people have had, will have, the same sort of questions.
    Some background: I have an all Apple home network — few Mac machines (iMac, MacBook), iPad, iPhone & Airport Extreme. I recently purchased a Mac mini running ML which I have setup as a server. The installation went OK and the DNS setup is fine.
    This is my question / requirement / clarification needed.
    As I understand it there are three types of user accounts in OS X + OS X Server with OD:
    Computer (standalone) Local — basically the account you would have on a Mac if you had only the one machine. Using (as I believe) a local 'Open Directory' (?) database.
    Server 'Local User' — an account on the server using a local OD database on that specific server.
    Server 'Local Network User' — an account on the server using a networked OD database on the server.
    Below is what do I want to do — this is the functionality I want / don't want. I am aware that some of this functionality may, or may not, be available on OS X + Server + OD. Also I am looking at this from the perspective of a systems administrator of Windows + Active Directory sites — not saying that Windows & AD is better, but that that is my experience & frame of reference.
    Access to shared common services — DHCP, DNS, Files, Mail, Calendar, Contacts, Messages, Time Machine backup, VPN. That is all the goodies I expected to get with a dedicated Mac mini OS X server machine.
    To have access to those services within the home LAN and, as relevant (Mail, Contacts, Calendar, Messages) via the Internet. If via the Internet then securely via use of certificates.
    Each user (currently) has their own machine with their (Unix style) home folder & files on that machine (the MacBook may have more than one account on it) and is logging locally onto their specific machines.
    I do NOT want to have the user's (Unix style) home folder (and all folders within) to be on the server.
    Users must be able to log onto their machines (i.e. MacBook) when outside the LAN and be able to access their local machine files.
    Now we come to the question of which type of OS X + OS X Server (OD) account do I use for people — keep the local machine account? Use server account? If so then which — server 'Local User' or 'Local Network User'. Of course this can be framed as which OD a user authenticates against and what are the ramifications of each method.
    Also relevant is the point that I don't believe OS X Server + OD supports the same concept of Windows called 'cached credentials'. Which means that I couldn't have, for example, files on a computer (MacBook) which have an ACL referencing a server user account GUID because they could not be accessed if the user account was not able to authenticate (outside the LAN) with the OD server.
    Anyway to the questions — to achieve all, most of, the five functionality points in the list should I use (and why if someone could explain rationale):
    Combination of computer (standalone) Local + server 'Local User' accounts? Obviously as users will be accessing resources on the server it cannot be just Computer (standalone) Local accounts.
    Combination of computer Local + server 'Local Network User' accounts?
    Just server 'Local Network User' accounts
    I am suspecting that it will be option 1, combination of computer (standalone) Local + server 'Local User' accounts. If this option is used would there be a problem if the two accounts have the same username?
    Thanks for any help, advice, and/or instruction. Also if anyone has links to further information that would be much appreciated.

    Most services (calendar, contacts, vpn) require that your users authenticate via Open Directory.
    Your admin account can be local, but put your users in Local-Network (in 10.8 terms)

  • AD and Local Network accounts take three attempts to log in successfully

    Our lab's Mac Mini server is running a patched-up 10.9 + OS X Server (though this problem has persisted since 10.7)
    Our server is 'local' to our laboratory and serves 4-5 machines, 10-15 people.
    The server (and the connected machines) are bound to the college's Active Directory server.
    We have a 'Local Network' group  (called FlipLab) on the Server that contains laboratory members from the AD server.
    The lab client machines are set to only allow network logins from that group. We also have an occasional 'visiting' scholar who doesn't have a college-wide AD account, so we set them up as a 'Local Network' user and add them to the FlipLab group so they too can log in to the lab's machines.
    About 75% of the time, a user logging into a lab machine take three attempts to get logged in successfully. We've noticed that they don't need to re-type the password or username each time, just once and hit 'enter/return' three times in the password field. It never takes two tries- only either one (very rarely, usually after successfully logging in earlier in the day) and more commonly three tries.
    This doesn't seem to happen with file sharing (though I think one of the guys has noticed an occasional problem logging in to a SMB share from a Boot Camp'd machine). It isn't a problem w/ Time Machine backups either. BUT We recently noticed that even the 'Local Network' users (e.g. belong to the FlipLab group but don't have AD credentials) occasionally have this problem. Hitting 'return' three times in the password field gets you logged in though in any case (well, assuming you have your password correct).
    I've tried moving around the directory search order on the client machines, but not in a systematic-enough way.
    Since we can get logged in this isn't the worst problem ever. But I'd like to be able to figure out what is going on - and maybe learn something about configuring it in the process.

    Thanks- good observation.
    Unusual, perhaps, but it is what we need in our setting. And- allegedly this is supported / encouraged based on my understanding of the OS X Server docs. I don't have any control over the AD server (since it's in the university-level IT management's hands) but I -do-, of course, have control over my own server. So I just want to use their authentication (and save my students / lab folk the trouble of having multiple logins, etc).
    You make a good point / observation / point-of-debuggery. Indeed, if I set the client machines to use -only- the main campus AD server (and thus allow logins from everyone on campus) it works first time. So it is some interesting interaction betwixt the Mac OS Server and the client methinks. In fact, across campus, all the 'public' machines are simply bound to the AD server and you can just log in that way.

  • OS X Server 4.0 Calendar Service only available on local network

    I have a mac mini (late 2014) running yosemite 10.10.1 and installed OS X Server 4.  I set the server up to run over the internet using a domain name that points to my external ip address.
    I have the DNS, users, groups, and open directory configured and started setting up the services.  File sharing, Contacts and Calendar all worked great until I tried to set up Messages. I had a problem getting my accounts set up on the client machines. However, the real issue is that the services that worked great had the access status changed from available over the internet at "my.domain" to available on local server.
    I have tried many things and I have all the services except one as showing as reachable or available over the internet.  Calendar shows as available on your local network, which is not what I want. How can some services be available over the internet and one other not?
    In addition the services that are running, randomly change status between only available locally and available over the internet without changing anything in there server app.

    jepping,
    thanks for the reply.  Here is the screen shot you asked for....
    This is exactly the same as when all my services worked fine.  I tried adding calendar from this section but if I select 'all users' and 'all networks' the 'OK' button is greyed out. So I restricted the users to those in a group of mine.  This is the screen shot now.
    I went to the calendar service to turn it off then on and the access service is still 'available on your local network at server.local
    Thanks.

  • Need hosted mail service for managing my 60 email accounts in one place.

    I have 60 mail accounts in my email client on personal computer (such as [email protected], [email protected], [email protected], etc.). I can retrieve mails from this accounts and send mails using their own SMTPs.
    Now I need do the same on server hosted email service. Is it possible with Microsoft Exchange 2013? Someone told me that this feature was removed in Microsoft Exchange 2013. Is it true?
    Also, hosted Office365 Outlook and Microsoft’s Exchanged Hosted service such as “Microsoft Exchange Online“ can add only 5 mail accounts (see here, I mean this feature https://tinyurl.com/lcs9aqg ).
    So, what to do? Is there any resolution?
    Or should I search other mail server hosting than Microsoft Exchange? Which one?

    Hi Smart River,
    Based on my knowledge, it is by design.
    Thanks
    Mavis Huang
    TechNet Community Support

  • Adobe E-mail Service doesn't work

    I'm trying to send ONE photo to a friend.  The HTML Email dialog box appears requesting verification.  Is this really necessary?  Anyway, I'm supposed to receive an email with a "Sender Verification" number.  I never get an email.  I press "Resend e-mail"  I never get a repsonse.  I do not want to use the only other option offered through "Preferences/Sharing" which is Windows Live Mail.  Why has Adobe made this so difficult and how can I send this one photo?

    This problem has been fixed with Elements 13 as you can setup your yahoo/gmail or other service providers' id with Elements and then send email using that email id. You can download Elements 13 trial and try that feature once.
    Regards,
    vaishali

  • I don't get the Mail service to work - tried everything!

    Hey there,
    I am frustrated. It's day 4 that I try to get the mail service on my machine running. Maybe someone has sme hints?
    The setup:
    - Mac Mini mid 2010
    - OS X Mavericks and Server 3.0.1
    - static IP (no Firewall or anything else, absolute in the wild)
    - registered domain-name
    - DNS A-Record: server.mydomain.org -> static IP
    - DNS MX-Record: domain, *.domain -> server.mydomain.org; server.mydomain.org -> static IP of server
    Server Configuration:
    - Server.app shows everything is fine.
    - ssh enabled for one user (works as a charme)
    - Service-Data is on another partition than Mavericks
    - Certificate: self-signed intermediate OD-Certificate (might be problematic?)
    - users: one local user and one network-user (services-only)
    - groups: workgroup, local network-group (added by the server.app itself)
    Services:
    - Websites: configured with 12 virtual-hosts some ssl (intermediate certificate) some on port 80, php enabled (All websites work perfect, no problems at all!)
    - OpenDirectory: 1 Master on server.mydomain.org
    - Mail:
    -- Service-Bubble is green, says available under server.mydomain.org
    -- Preferences: Mail available for mydomain.org (no other virtual domains)
    -- authentification: hooked everything...(any method)
    -- no relais
    -- no MB-restriction for users
    -- Filter: Virus and Junk
    I can telnet on port 110 - feedback: dovecot ready!
    I can telnet on port 995 - feedback: works... escape characeter is ' ^'.
    I can telnet on port 143 - feedback: dovecot ready!
    I can telnet on port 993 - feedback: works... escape characeter is ' ^'.
    telnet on port 25 - unable to connect, operation timed out
    telnet on port 465 - unable to connect, operation timed out
    telnet on port 587 - -feedback works: 220 server.pscience.de ESMTP Postfix
    Seems like having problem on the smtp standard ports... but why?
    When I now try to connect a client with the server (adding an OS X server Account in the System Preferences) it recognizes the server and lists its services as expected. But when Iopen Mail, the new account shows the litlle lightning and says it can't connect.
    By the way: Notes, Calendar, Reminders work fine!
    Has anyone an Idea what it could be?
    Do I need some additional DNS-stuff?
    If you need some further informations, please let me know.

    If TCP port 25 isn't open, then SMTP services won't work.  That's the port that all SMTP servers use to communicate amongst themselves.    (Sure, you can change the port your SMTP server is listening on, but you'd also have to change the port processing on all of the other SMTP servers around — and if you did manage to implement that change everywhere, the local network folks would likely just block the new port for the same reasons they blocked the old port.)
    If you have a public static IP address and have correct forward and reverse translations — host domain to IP address, and IP address to host domain name — then you don't need and very likely don't want to run your own DNS server. 
    More to help you learn how these pieces fit together and not something I'd expect you would need given you have a public static IP and public DNS here is a detailed DNS server configuration article for OS X Server; enable Show All Records and it applies to Server.app on 10.7 and later.  If you have questions after reading that, I can certainly answer them and also update the article to try to reduce the confusion or answer the question.
    Your host didn't have valid reverse DNS, so you'll want to get that cleared up, and you'll want to get the port blocks cleared, or work with the local network folks to set up a relay through one of the existing mail servers.

  • AD Bound Network Account Fails AFP Mount

    Here's my situation. When I came in as the Apple Desktop Administrator I found that all the Mac's had local accounts set up for every user even though we use Active Directory. I was able to convert each local account over to a network account after binding the machines. No problems while doing that. I did this so each user could use SSO without having to authenticate when connecting to a network share. That works as well. Every user can connect to network shares they have permissions to.
    Here's where I run into problems. We have a script that we run that will auto map them to a certain network share when they boot up the computer. We also have an application that they can click on that calls that script if they lose connection to that network share that will then map it back to their computer. After converting them to a network account we now get the following error AFPMountURL returned error -5023, errno is -5023. This happens even when you run the mount_afp command in terminal. Does anyone know why this doesn't work with network accounts?
    Thanks!

    Are you getting a TGT from AD on login?  Use klist on the client or use Ticket Viewer (although the app is bugged on some 10.8.x deployments)
    Are you able to mount the AFP share through the Connect to Server dialog?  When you do, do you get a service ticket from the AFP server?  Use klist again.
    Is your server properly configured to have Kerberized services linked to the AD domain?  On the server use sudo ktutil list
    Do you see the principles for the AFP service?  You should see the service (afpserver), the fully qualified host name of the Mac server (macserve.yourdomain.com), and the AD Kerberos realm name (YOURDOMAIN.COM).
    1  aes256-cts-hmac-sha1-96  afpserver/[email protected]                                                                 
      1  aes128-cts-hmac-sha1-96  afpserver/[email protected]                                                                  
      1  des3-cbc-sha1            afpserver/[email protected]
    And finally, what is the syntax you are using in the script? 

  • Mail server log says: master[50]: ERROR: Cannot start mail services...

    Recently, after a year or more of relatively smooth service, my OS X Server 10.4.11 Mail services has been locking up daily.
    I was finally able to get some information from the log files (I am a noob to this) and saw the following right after my most recent reboot of the server:
    Oct 5 09:51:11 mm1 master[50]: ERROR: Cannot start mail services, configuration directory does not exist: /Volumes/Data/mail/var/imap
    I checked the server and that directory is indeed there on the partition named "DATA", so I am baffled as why the server does not thing the configuration directory exists?
    drwxr-xr-x 15 cyrusima mail 510 Oct 5 09:51 imap
    drwxr-xr-x 15 root admin 510 Oct 3 20:01 imap.BAK
    drwxr-xr-x 15 cyrusima mail 510 Oct 3 20:05 imapold10032009-200707
    drwxr-xr-x 4 jkoerber admin 136 Dec 3 2007 spool
    mm1:/Volumes/Data/mail/var jkoerber$
    Can anyone help me? My customers are yelling for blood because they cannot send/receive emails.
    -- Jon
    Message was edited by: Jon Koerber

    Thanks Alex for the feedback. You are helpful as always!
    It's good to know that the message I am getting from the mail server about the configuration files is only a temporary thing. Although I find it strange that the mail service doesn't know where its config files are since it is specified in the mail server setup.
    I looked at the log files you mentioned and do not see anything that looks like a specific problem with the mail services themselves.
    Recently, however, I have been having recurring problems where my mail server and my Web/Database server have both become unresponsive at nearly the same time even though they are on different class A networks to where I cannot access them via ARD, Server Admin and even SSH. That is usually when my mail server goes offline. I was afraid it was because of that configuration error I was seeing, but think now that the problem could be something else entirely (maybe some kind of network problem or denial of service hacking attack, no idea).
    Thanks again.
    -- Jon

  • New MacMini with SLS as Mail Service

    Hi to all,
    my company needs to replace the older Mail Server (a DP powerPC / macosx server10.4),
    we're targeting on MacPro 2.66 quadcore but i take a look at MiniMac shipped with SLserver and a double HardDisk and i think it's very interesting.
    Considering that our Mail Service now supports 40-50 email accounts (maybe 60 in near future) , some of them with a huge daily traffic, does anyone of you tried macmini in this network situation?
    What's your opinion about?
    thank you

    I have an original CoreDuo Mac Mini. I had been successfully using it with a 32" Sony Bravia LCD TV for more than two years using the DVI-VGA adapter and a standard VGA cable. After updating to OS 10.5.3 or later, I suddenly lost support for the VGA connection. When I reverted back to 10.5.2 things worked fine with the VGA port. I recently needed to update to 10.5.4 and the same thing happened. So, I purchased the Belkin DVI-HDMI cable and now works again, but I had to buy an HDMI switcher because my TV only has one HDMI connection. I guess the video drivers in 10.5.3 and 10.5.4 for the Mac Mini seemed to be the culprit in whacking out the VGA output.

  • Custom APNS to use in local network for push notifications

    We have successfully published a B2B app in Appstore. Now we are in need to add push notifications option. But we use only intranet without having access to internet inside our working environment.
    Is there a way to have/customise APNS and utilise push notification service completely in a local network? Please advice.

    Ok - no comment so far
    Is it possible to hook up a NAS to Airport Extreme and perform backups to it using Time machine on an Imac ? I think this will most likely address all my issues as I can backup my Imac + stream my data provided the NAS has a media server.

  • OSX MAIL SERVICE NOT SETTING MAIL AS READ

    I have osx server with mail service enabled. I have numerous accounts setup and working correctly. I have two accounts which are not functioning correctly
    when the user reads his email, the email registers as read on the computer, in his email client...however when the user reopens his email client, all the emails that he previously read reappears as being unread. I have setup these IMAP accounts on different computers and using different email clients.. and each computer and each client responds exactly the same way. How do I reset the accounts to accept email normally and recognize that mail is indeed read and tells the server the correct commands for this to happen....my email is [email protected], if anyone has a solution please help

    Assuming you are using the default paths (if not adjust):
    cd into /var/imap/user/firstletterofusername/
    You should see a list of files that look something like:
    username.seen
    Make a copy and delete the one belonging to the user you have problems with.
    Use terminal, not Finder.
    HTH,
    Alex

  • Requirement is to run CMD.EXE under the Local System Account. So that we can map a network drive to be used by a windows service, which will be created by command: - net use z: \\servername\sharedfolder /persistent:yes

    Environment:
    OS:  Windows 7 32/64 bit, Windows 2008 Server 64
    bit/ Windows 2012 Server 64 bit
    Priority:
    - Critical
    Requirement: - Since
    the Windows Service is running under the Local System Account, we would like to emulate this same behaviour.
    Basically, we would like to run CMD.EXE under the Local System Account. So that we can map a network drive to be used by a service using following
    command
    net use z: \\servername\sharedfolder /persistent:yes.
    Already Attempt:
    We tried to launch the CMD.exe using the DOS Task Scheduler AT command.  Here’s a sample command:
    AT 10:36 /interactive cmd.exe
    But I received a warning that “due
    to security enhancements, this task will run at the time excepted but not interactively.”
    It turns out that this approach will work for XP, 2000 and Server 2003 but due to session isolation
    Interactive services no longer work on Windows 7, Windows Server 2008 and above.
      2.  We
    tried to create a secondary Windows Service via the Service Control (sc.exe) which merely launches CMD.exe.
    <Drive>:\sc create RunCMDAsLSA binpath= "cmd" type=own type=interact <Drive>:\sc
    start RunCMDAsLSA
    In this case the service fails to start and results it the following error message:
    FAILED 1053: The service did not respond to the start or control request in a timely fashion.
      3. One
    suggestion, we found to launch CMD.exe via a Scheduled Task, but
    it is not giving any option to launch CMD.exe in interactive mode; so that I can map network drive using net command.
      4. I read an article, which
    demonstrates the use of PSTools from SysInternals. I launched the command line and executed following command
    psexec -i -s cmd.exe
    PSTools worked fine, but It seems that in scope of Sysinternals Software License
    Terms. You may not "use the software for commercial software hosting services."
    Application will deploy on client, which will be like commercial,
    so we are not able to use PSTools.         
    Kindly assist us for achieving the requirement. We have tried all the ways, but nothing is working for us. Kindly suggest.
    I will be really thankful.

    Hi Sir,
    Nothing worked from above for us. You can see our remarks on posted query.
    That’s why, we posted on forum.
    And there will not be any vulnerability, because, if we will use "net
    use ..."
    in network domain; definitely,
    we will provide username and password of mapped drive system.
    And, that system, itself is given by client; so that, there must not be any vulnerability; they are ready to provide user name and password.
    We need a way; by which we can complete the requirement. Kindly assist.
    Regards,
    S. P. Singh

  • Is there a way to merge/migrate my local home folder to a network account

    My family has a number of Macbooks and a couple of iMacs and we've been thinking we'd like centralized storage for our media collection and other files and I'd like an easier way to deal with these machines to keep them updated, etc.  Also we swap laptops and desktops depending on who needs to do what at a particular moment.  Is there a way to migrate an existing home folder on a macbook to an account on the server.  What I would like to be able to do is to be able to log into any computer in my home and have it look like "my" computer, with files, settings etc...  Since I am new to the server world I am confused by the terminology re: network accounts and mobile accounts.  Is there a good guide someone could recommend to get me started.  Thanks.

    Hi Yodalogger,
    I hope you have yourself sorted.  I've been through alot of pain with lion server, it's very buggy at best.
    Your best bet is SolidWood's suggestion of network accounts if you are constantly on the same network.  I use this at home and it works very well.  For simplicity, you can use WorkGroup Manager for this as it's more intuitive!
    If, you need a mobile account, this is what I did.
    I migrated local macbook accounts to server machine (migration assistant).
    I renamed the /User home folders on macbook to _backup.  For safety.
    I deleted local accounts from macbook.  Keep your _backup home folders!  Also, you will need to have a local Admin account in place.  Make sure you do not delete it.
    On Server.  You will have local accounts created for all your migrated macbook accounts.  Just remove the accounts in system preferences but ensure you leave the /User home folders in place when prompted.
    On server. I created the new users (old mackbook accounts) and groups in the server app.  This doesn't create or overwrite your existing home folders.  So go ahead and name them exactly the same as before and make sure the accounts match your home folder's names.
    On server, using profile manager, I set up mobility etc., for the device.  That is, you need to enroll your macbook with the server and configure services for it in profile manager.  You can add a placeholder for this in profile manager to configure stuff.
    A handy tip to alleviate all the automatic push settings pain and heartache is to set the general payload to manual.  You can then wip up the profile manager from your macbook to install the profiles manually.  (easily done).
    On Macbook, login with local admin account.
    On Macbook, go to system prefs and accounts, set up your open directory stuff in the login options.
    On Macbook, log out of admin.  Back at the login screen, you should see your admin account and 'Other.'  Give it a few minutes or so to figure this out.  It needs to contact the server etc. for info.
    Once you have 'Other' click on it and login with one of your new network accounts.  This will log you in as a network account - you should see all your usual settings that previously existed on your macbook when it was a local account.
    At this point, you whip up profile manager.  http://yourserver.local/profilemanager  Change yourserver to the name of your server.
    Login to profile manager with your admin account.  I do this as I will be downloading a few profiles that only admin has access to.
    So, you need to download a trust profile, your device profile, and a profile for remote management if you have set this up.  You may have seen various download buttons knocking around the the interface.  In downloads double click these to install (if it doesn't do this automatically).
    Log out of everything.
    Log back in with one of your network accounts.  This time you should be prompted to create a mobile account.  Say yes and let it sync your home folders from server to macbook.
    Once each mobile account is created, you can then further define user/group settings in profile manager.  You download these by logging into http://yourserver.local/mydevices as the user and download the appropriate settings.
    I think thats it.  Sorry, if its not detailed enough - I'm presuming you know yourself around a mac!  I have to say the process is straightforward but Lion Server is not.  I do not get consistent results with it and I'm still trying to tame it... 
    By far the easiest option is network accounts.  Mobile accounts need more attention.
    I hope this helps (and anybody else!)
    Paul.

Maybe you are looking for