Setting up a plain network-account server

Similar Messages

• Network account server will be no response after restart.

  Hi,
  New Imac with Max OS 10.6.4.
  Our compan's domain with 2 AD servers(windows 2003 server ), the imac can joined the domain successfully, when the imac restarted, the network account server will show "no responese".
  The imac is connected to network successfully, the network account server can be found via ping command.
  Any help will be highly apperciated!

  The same here. Several times chatting with an skype employee but still not action or they just say, sorry your account is suspended, make a new one.
  At this point i'm quite aggitated by this. I even made a new account and within 1 day the account is again f*king suspended. No explination or what so.  They keep reffering to fill in their forms with questions while this solves absolutely nothing.
  First i was happy with skype. Now with the fusion with Microsoft accounts it work like ....
  Hope someone can help me instead of letting me fill on 1000 forms.

• Network Account Server Mail

  Hello,
  i just installed snow leopard server and noticed that when i connect to the
  Network Account Server that the Mail App. is setup with the the name of the user followed by the
  FQDN ([email protected] instead off [email protected]). And the account can't be change in the Mail App. preffernces (it is grayed out). When isent an e-mail it will show my address as user with FQDN. Is this normal ?

  I'm having the exact same issue. It auto fills in the imap account which cannot be deleted and it's using name@FQDN rather than [email protected]
  I have checked address book, and all fields in workgroup manager and they all say [email protected]
  The only thing I can think is that since the machine is named mail.domain.com that is what the open directory search base is so it's using that rather then grabbing the email address field from the workgroup manager.
  No idea how to fix other than stop using directory services and create a fresh account for the user.

• OS X Server and Network Account Server

  May I install OS X Server on Mavericks when it has a network account server configured? Or is the one functionality (here network account server) excluding the other one (OS X Server)?
  Thanks,
  Yves

  Thanks for your reply.
  I believe I got it to work, but,... How do you get the network account users to show up on the login window of the client computer? The login window shows the name of the client computer and the local accounts on the client computer. When I select Other in the login list I can login using a network account user id and it logs in. The network account user names do not show up on the login window

• Error 2100 network account server

  Hello,
  I have a server setup on a mac mini and its been great so far.
  The issue I am getting today is that I cannot connect to my network account server remotely. it shows up as red when I am on external network. Although when I connect to my VPN it shows up green. I'm trying to allow users to login to their network accounts on their own wifi without having to connect to vpn first. (so when they get to the login screen on their computer it shows the other account button) my server is functioning externally, I have it setup as server.xxxxx.com
  Is there ports that have to be open or settings that have to be changed to allow access to the network account server without connecting to vpn?
  thanks in advance for your responses!

  If you mean that you're trying to make an OD server directly accessible from the whole Internet, that is very much not something you should do.

• Network Account Server - Contacts

  This might not be the proper subforum, so bear with me...
  In System Preferences, when setting up the Network Account Servers the computer is bound to, is the Contacts section used for anything besides things like Address Book, etc?
  Here's my situation: I've got a mac network sandboxed inside a larger university network (all PC's, using AD). My network is completely separate for all services and runs its own DNS, DHCP, Open Directory, etc. I recently bound to the main LDAP server to include campus-wide contact information into Address Book so my Mail users would have an up to date listing of emails. However, now I'm getting two entries for every user that has a sign-on to my network (and one doesn't have an email associated since I never added that info when setting up accounts on my network). I took the AD server out of the Authentication tab in Directory Utility, but can I take my LDAP server out of the Contacts tab to remove these "duplicate" non-email-populated entries without any other ill effects?

  Well, taking my LDAP out of the Contacts tab doesn't remove the duplicate entries, so it doesn't really matter what else it affects as it's sort of a moot point. I'll just leave it in there and not worry about it--Mail still auto-completes one way or another anyway.

• Can I connect Windows 7 to a mac network account server

  Hi All,
  I have a Mac Mini Server allong with a pile of Macs and a few PCs. What I want is being able to login to an ACCOUNT from ANY of my macs OR PCs. So when the computer turns on it asks you to put in a username and password. I know this is possible if all computers are running the same opperating system but i am not sure how to do it with different opperating systems.
  Thanks,

  I was struggling with this for a few days as well!  Finally got it working though ! YAY !
  Here are the steps:
  1. Add this to your registry:
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PolicyAgent]
  "AssumeUDPEncapsulationContextOnSendRule"=dword:00000002
  2. Open secpol.msc (click start > search for secpol.msc)
  - Local Policies > Security Options
  - Network Security : LAN Manager Auth Level…
  - Set to: Send LM & NTLMv2 - UseNTLMv2…
  And
  - Network Security : Minimum session security… clients
  - uncheck "Require 128-bit encryption"
  3. Restart PC
  4. Create VPN Connection on Windows 7
  - Host Name: (server IP or yourhost.name.com)
  - PPP Settings : Enable LCP (only)
  - Type: L2TP/IPSec
  - Pre-shared key : yoursharedsecret
  - Data encryption : Optional encryption
  - Allow CHAO and CHAPv2
  5. Router on server-side must allow VPN Passthrough and forward ports: 50, 51, 500, 548, 1701, 1723, 4500 to the server box. Also, do not filter anonymous internet requests, multicast or NAT Redirection but enable SPI Firewall.
  ...now you should be good to go

• Can't login on iMac to Local Network accounts on server

  I'm a volunteer at the Marjorie P Lee retirement community. We had two iMacs that were available for residents to use. We recently bought two more iMacs and a Mac Mini Server. The goal is to make it possible for residents to use any of the computers and have their files available.
  I have set up the server and did the updates so the machine is running 10.9.4 and the latest update of the server software. I have enabled Open Directory and created a couple of Local Network User accounts for testing. I also enabled file sharing and Time Machine backups.
  One of our older iMacs is running OS X 10.6.8. On this iMac, I went to the Users & Groups pane and under Login Options I connected to the Network Account Server. I got the green dot indicating that the connection was successful. I then enabled network logins. This worked; I am now able to login on this iMac to the local network accounts on the server.
  I did exactly the same thing on one of our brand new iMacs. Again I got the green dot indicating a successful connection to the server. Unfortunately I have been unable to login to the local network accounts from this machine. When I try to login, the password shakes as though I had entered the wrong password.
  What do I need to do to fix this?
  Thanks for any help you can provide.
  ~~Dan

  Most likely your Imac is using g or n to broadcast wirelessly while your router is using b.  Solution update your router.
  Greetings from Northern Ontario, Canada

• One iMac cannot login to network accounts

  We have a small network with Lion (10.7.5) Server running on a Mac Pro and a variety of 8 iMacs and Mac minis that use the server for file sharing and network accounts. The client Macs are running a mix of Mountain Lion (10.8) and Mavericks (10.9). They have all 'joined' the 'Network Account Server' using the 'Login Options' section of the Users & Groups preference pane. And, except for one iMac, all the clients can log into network (or mobile) accounts from the server -- both ones that have previously been logged into on that machine and ones that haven't. However, one of the iMacs will not log into a network account. There are a few local accounts and logging into them is no problem. But every time we try to log into a network account on this iMac, the login dialogue just does the 'invalid login' shake. It seems not to check the login credentials with the server.
  As far as I can tell, this iMac is set up the same as all the others. It is certainly joined the Network Account Server and there is a green dot by the server name in the Users & Groups preference pane. I have removed and re-added the server from there a few times, and I've even reinstalled Mavericks on this iMac (it is running 10.9.2). I haven't been able to find anything that has helped to solve this problem. Does anyone know why one iMac would refuse to use the network logins from the server when the others work? Or what I can do to gain further information?
  Many thanks.

  On your client machine login screen, type in ">console" (without quotes) in the username field and hit enter. Try and login with your network account username and password. What error messages do you get in console?
  Taylor

• Automatic service setup with network accounts

  Hi all,
  I'm having terrible trouble getting automatic service (e.g. iCal, iChat, etc.) setup to work with network accounts, either with network home directories or local home directories, and I can't work out what I'm doing wrong.
  When I log in as a local user and join the Network Account Server, all services get set up as expected, without problems. When I log in with a network account however, whether the account has a server-hosted home directory or a local home directory, services aren't automatically set up, I don't get the auto configuration wizard/dialogue, and attempting to join the network account server again fails. Surely there's a way for network accounts to have services automatically set up on initial login? Any ideas?

  Hi all,
  I'm having terrible trouble getting automatic service (e.g. iCal, iChat, etc.) setup to work with network accounts, either with network home directories or local home directories, and I can't work out what I'm doing wrong.
  When I log in as a local user and join the Network Account Server, all services get set up as expected, without problems. When I log in with a network account however, whether the account has a server-hosted home directory or a local home directory, services aren't automatically set up, I don't get the auto configuration wizard/dialogue, and attempting to join the network account server again fails. Surely there's a way for network accounts to have services automatically set up on initial login? Any ideas?

• ApacheDS (LDAP) Network Accounts Never Can Login

  I have been fighting with LDAP via ApacheDS for days attempting to get Mavericks to actually authenticate against the LDAP server.
  Here is the path that I have taken:
  ApacheDS is setup with simple authentication (disabled everything else for the moment after attempting to login every which way).
  Here is an example of the LDAP setup:
  dc=example,dc=com
  ou=usersuid=username
  cn=Full Name
  sn=Name
  displayName=FullName
  userPassword=hash
  uid=username
  ou=groups
  cn=Users
  cn=Administrators
  Then I went to Users and Groups, Allow network users to login is checked
  Joined a Network Account Server
  (When looking at edit, it shows a green indicator)
  I setup a custom mapping under LDAPv3 which contains:
  Seach Base: ou=users,dc=example,dc=com
  Users: inetOrgPerson
  AuthenticationAuthority: uid
  NFSHomeDirectory: #/Users/$uid$
  PrimaryGroupID: #20
  RealName: cn
  RecordName: uid
  UniqueID: uid
  UserShell: #/bin/bash
  I can see the information in the Directory Editor from the LDAP server, Search Policy has the network accounts right after the local accounts.
  When attempting to login, it just shakes... Here is the only items that I can see in the opendirectoryd.log:
  2014-01-04 10:26:50.785452 CST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/ldap.bundle'
  2014-01-04 10:27:06.734300 CST - 22.805 - Client: opendirectoryd, UID: 0, EUID: 0, GID: 0, EGID: 0
  2014-01-04 10:27:06.734300 CST - 22.805, Module: ldap - failed to retrieve LDAP server schema - LDAP error - 50
  2014-01-04 10:27:07.031977 CST - 22.823.826 - Client: opendirectoryd, UID: 0, EUID: 0, GID: 0, EGID: 0
  2014-01-04 10:27:07.031977 CST - 22.823.826, Node: /LDAPv3/example.com, Module: ldap - __odnode_copy_record_block_invoke: 4101 No predicates provided
  Anyone have any ideas?

  I was able to activate the debug log in the Leopard client machine, but I don't know how to look from another machine via SSH... Could you explain a bit the procedure? Is it possible to try to log in as a network user and then, after failure, log in as an admin account and check the log with Console?
  Today I found out that Snow Leopard clients are also not able to log in... Similar problem in Directory Utility:
  This is what I found in the log for this machine (tried to log in with two different accounts):
  25/04/12 20:09:17          SecurityAgent[321]          User info context values set for XXX
  25/04/12 20:09:18          authorizationhost[320]          Failed to authenticate user <XXX> (tDirStatus: -14103).
  25/04/12 20:09:25          SecurityAgent[321]          User info context values set for YYY
  25/04/12 20:09:25          authorizationhost[320]          Failed to authenticate user <YYY> (tDirStatus: -14103).
  Couldn't find much about this in Google.
  I'm starting to feel really disappointed about this!
  (sorry for the delay in answering, been abroad...)

• How to authenticate with OD on Network Accounts outside of a LAN

  Does anybody have a solution for allowing a mac computer client to connect and authenticate against my mac mini OD server outside of its LAN. This is so they can access their network accounts. On the laptop at a friends house using snow leopard, I added successfully the network account server which is running at home to their system. When I log out the user accounts appear however upon passwod authentication, the screen just shakes its head.
  What can be done so that my friend can be able to log in.
  I could sure use some help from all you lovely people out there. Thank You for your time and God Bless.
  Joe

  Have you considered enabling the account to be Mobile Accounts? that way even when the network is down, say on an airplane or where ever, they could sitll log into their computers?
  Have you tried turning off the firewall? or DMZ the Mac Server? (incase of a port issue) if it works, then you know where to look.
  I assume you have: 389, 636, 625, 2336, 4120, 749, 88, 4511
  Along the same lines, do you know if they're directly online; or behind a firewall from where ever they're trying to conenct?
  Is the OD set to accept all kind of authetication? or only specific porticals? KDC vs Hash, extra. if some login methods are disabled, have you tried enabling them?
  Also you could try looking at the secure.log to see if it's spitting out an error message.
  you could also try turning on debugging, and seeing what shows up in the log. Mac OS X Server v10.5, 10.6: Enabling Directory Service debug logging

• Cant login multiple network accounts on the same client?

  Setup:
  I have created a simple Lion Server on a new i7 Mac Mini. I have configured Open Directory in Master mode and have setup 4 user accounts. I have enabled the File Sharing service and checked the "Make available for home directories" option on the "Users" file share. I have configured each of the 4 user accounts to use this location as the home folder. I have connected my client machines (all OSX Lion) to the Network Account Server.
  Problem:
  I can log one user into the client machine, but when using "Fast User Switching" and logging on as the second user I get the following error:
  "You are unable to log in to the user account "guestaccount" at this time. Loggin to the account failed because an error occured"
  In the console if I search for that user account the related error message is:
  11-07-31 12:30:54.993 PM authorizationhost: ERROR | -[HomeDirMounter mountNetworkHomeWithURL:attributes:dirPath:username:] | PremountHomeDirectoryWithAuthentication( url=afp://inntaserver01.local/Users, homedir=/Network/Servers/inntaserver01.local/Users/guestaccount, name=guestaccount ) returned 16
  Any thoughts as to why the Home Folder "mounter" failed in this scenario?

  Historically you have never been allowed to use Fast User Switching to log in multiple network logins on the same client machine. This certainly applied with Tiger, Leopard, and Snow Leopard. I have not yet personally tried this with Lion.
  I believe that the underlying reason for this not being allowed is down to how AFP volumes are mounted. The AFP mount becomes 'owned' by the user that triggers the login. With a network login the first user becomes the owner and this means subsequent attempted network logins are denied access to that share and hence cannot access their home directories.
  With Tiger, Leopard, and Snow Leopard servers, one could configure network home directories to be shared via NFS instead of AFP. NFS gets treated a lot different in terms of mounting, and is done more at a system level than a user level. While again I have not personally tried Fast User Switching with NFS shared home directories, this approach is specifically recommended by the authors of AquaConnect (a Macintosh Terminal Server solution) in order to allow multiple logins on the same Terminal Server. This seems to be for the same underlying reason. Using NFS does certainly work for use with AquaConnect and also works for the competing iRAPP Terminal Server product as well.
  Unfortunately, Lion Server while it can be made to run an NFS server, will not let you configure using NFS for sharing home directories. I have actually reported this as a 'bug' in Lion server.
  Neither the authors of AquaConnect or iRAPP have actually tested this scenario with Lion server yet, but AquaConnect do plan to investigate it. It could make it considerably more difficult to use their products.
  So in summary, using NFS to share network home directories in theory would avoid the problem and can be done with a Tiger/Leopard/Snow Leopard server, but cannot be done with a Lion server. It is possible however to mix Lion with older server versions. This might for some people be a possible workaround.
  PS. A bonus side-effect of using NFS shared home directories was that this allowed badly written software like Adobe's applications which are otherwise notorious for having major issues with network logins and home directories to work without errors. As an example Adobe Acrobat Pro introduced a bug in version 7.0 which prevented it being able to print-to-PDF (one of the major reasons to buy Acrobat Pro). It tooks two years for them to eventually fix this in Acrobat Pro 8.1 (I know because I spent that two years nagging them to fix it and was a beta tester). Unfortunately they then reintroduced the bug in Acrobat Pro 9.0. Fortunately I discovered this side-effect got round the issue although a clunkier workaround was also possible for Snow Leopard clients by redirecting certain folder paths.

• "network accounts are unavailable"

  Hi,
  I just upgraded to Lion and now I cannot log in to my mac using my network account.  I checked and the computer is still joined to our windows domain.
  Any ideas?  Nothing has changed on our network so I am assuming it's a Lion issue. Thank you for any help you can provide.

  Okay, some more information from my side - I am running a W2008 R2 PDC where:
  I am able to bind any 10.6 based machine and use the network login
  It was the same for a 10.7 machine which was upgraded from 10.6 (AD was already configured on 10.6)
  Having my first machine installed from scratch with 10.7.1, I am not anymore able to get the network login working. I read several articles describing this issue offering different solutions - without luck!
  Here is what I tried:
  Configure AD with standard Mac OS X tools:
  - Joining the domain works without any issue
  - Network Account Server in System Preferences shows green
  - Login after restart displays 'network accounts are unavailable'
  Did try to add custom Search path, static IP address, verified DNS settings and search domains, reboot after each step, un-/rebind to domain several times w/o 'create home directory' and 'allow administration'
  Also downloaded CentrifyDC Express for Mac: it also did join well to the domain but as well as the standard Mac OS X procedure it does not let me login (ADCheck verifying the global parameters if the conditions are fine to be able to find the DC in the DNS etc. reports no issues)
  From what I learned so far, it must be the configuration which is being written. Most probably I would guess it works fine if you once have created the setup under SL?
  Personally I was not able to find such issues as "sometimes it's working, sometimes not...".
  This is really annoying !
  Any more ideas on that???

• 10.7.3 Network accounts are unavailable.

  I installed Lion on my work computer yesterday from a USB drive and I got the message that "Network accounts are unavailable".  Today I updated to 10.7.3 hoping that might do the trick and still get the same message.  Any ideas of how I should deal with this?

  Well then you will need to Log back into the networked resources. How you go about that I'm not sure.
  Look in Users & Groups, Login Options, Network Account server. you will have to unlock that section and type in your local password.