Unable to login network user from login windom. SSH login ok.

Similar Messages

• Can't login to ML server network user from a client

  Hi,
  The computer name on my customer's ML server was changed post OD installation. Now I can't login with network user credentials from a MacBook.
  I also see the old server/hostname displayed in workgroup manager under "location" (see attached).
  I've tried destroying OD by deleting it in Server app then re-adding it again but it still shows the old name in WGM as shown in the screenshot above.
  I suspect this is related to authentication problems. Should I be running a utility like changeDirData.pl to update the old values? If so, what is the syntaxt?
  Old name was: server1.stmarys.lan
  New name is: server1.local
  I ran the following: sudo /Applications/Server.app/Contents/ServerRoot/usr/libexec/changeDirData.pl -i -s 192.168.2.2 -u diradmin -o server1.stmarys.lan -n server1.local
  But got an error: cant contact ldap server to get config info

  After contacting Apple server support, I was told there were two issues:
  1- ".local" cannot be used in a hostname due to conflict with Bonjour
  2- Hostnames must have three parts like "server.company.lan" & "server.lan" cannot be used
  I wish Apple would inform users with a pop-up about these rules before they waste a lot of time having to re-do everything from scrath. I was lucky enough to have an export of all users.
  If these rules are followed from the begining, DNS would auto-configure itself with the appropriate forward & reverse records.

• Unable To See Network Drive from outside Home Network..even when using DynDNS

  Hi
  I have just got a Freecom Media storage Network Center which I have attached to my WRT150N router.
  I am attemting to permit access to authorised users to files on the drive via the internet (presumably via ftp).
  Here is what I have done:
  Swiitched on DynDNS on the web admin page in the router (used DynDNS.com free service.
  Obtained a user addess which is middle-earth.dyndns-home.com from DynDNS, which is linked to my Virgin Media IP
  Switched on Port Range forwarding with
  Ports 20-21 as ftp
  Port 80 as http
  Port 57 as DNS
  Selected "both protocols"
  Set the IP address to route to 192.168.1.42 - (this is the IP address which the web based software for the Network Drive reports as.
  However the configuration of the TCP/IP protocol in PC attached by LAN cable to the router is "Obtain an IP address automatically" (i.e. dynamic?).  If I change these settings and specify static IP addresses   will I not muck up internet connection to Virgin Media.
  what I was hoping to acheive was typing     ftp:// middle-earth.dyndns-home.com
  in the address bar would let me see the network drive from anywhere!
  I have tried using DNS pinging on Ports 20, and 21 but that tells my ports are closed.  i have also tried switching off my software firewall (Kaspersky) and the router firewall, but this does nothing.
  What have I done wrong or no done!!
  Thanks                                                                                              

  I think the problem is solved.
  The Freecom device needs to use a different part of its interface to be assigned a static IP address, which I have now done.  At my last try it was visible from two independent views outside of my network.
  On another front, I am appalled at Linksys or Cisco, who are not prepared to advice on getting more from their produicts if they are 'out of warranty'.  The online chat tech said I could ring an 0871 premium line number in the UK.  When I rang that, I was told as tthat as my unit is not faulty and was out of warranty I would have to use their pay per incident  service.
  That is not a way to deal with customers.  When it comes to upgrading or replacing network equipment, I will look to a provider who is interested in their customers. 

• Shared Services 11.1.2 Unable to remove assigned user from a security group

  In Shared Services 11.1.2 - trying to remove a user from the assigned users list of a security group. Initially, I am able to remove the user and the assigned users total decreases by one - but when I relaunch the group properties - this user is still in there? The change does not hold. Any suggestions would be appreciated - thanks,
  Paul

  Hello Paul,
  Not sure if this is related to yours, but it might be worth having a look at the following articles on Oracle support --
  External users in EPM Shared Services (e.g. MSAD users) cannot be removed from Native groups if they have multiple IDs in the external user directory. [ID 1526569.1]
  Users from External User Directories Cannot be Removed from Native Groups [ID 1272309.1]
  Thanks,
  hyperionEPM
  Please mark answers as correct or helpful for others to find them easily.

• DNS "A" Record Preventing Networked Users from Seeing Own Website

  I just set up a DNS "a" record in Server Admin to point "mail.xyz.com" to my server's internal ip (10.0.1.1).
  I did this so users could stay on the network with sending and receiving mail, as opposing to going out onto the web to do so. (I have MX records on Network Solutions point "mail.xyz.com" to my server's external ip.) All of their mail clients list "mail.xyz.com" as the mail server, instead of the server's internal ip.
  Trouble is, when users on the network try to access our website, "xyz.com," their browsers now return an error, saying they cannot find the server.
  Any idea?
  Lost count   Mac OS X (10.4.9)  

  Steve and David --
  This works. I am using Server Admin. To reiterate, I
  added a zone "mysite.com" and a primary server "mail"
  and pointed it at my server's internal ip so my users
  can stay "inside" while checking mail.
  Then, to follow your suggestion, I added a machine
  named "www" to zone "mysite.com" pointed to my
  server's external ip.
  Some questions: How can I be sure the client's
  machines are going interally to the server for mail?
  (When I dig it in terminal, "mail.mysite.com" returns
  an "a" record for the server's internal ip -- I
  suppose that is sufficient.)
  Yep!
  Should the primary name server for the zone be "mail"
  with "www" as an added machine, or vice versa?
  The primary name server just identifies the machine which is responsible for holding records for that zone (domain). Add www as a 'machine' - think of each 'machine' as a specific IP address which identifies a host, hence IP / Name partnership. Any other hostname on same IP is an 'alias' (which becomes a CNAME record in the dns file).
  You say I have to do this with "any record hosted in
  my public dns as a mirror." I am running three
  websites from my server, all with public dns pointed
  at my server. (I use the same mail
  server--mail.mysite.com--for all three.) Do I need to
  set up a "www" record for each website? I have no
  problem accessing the sites from internal client
  machines.
  the basic issue is that any zone (domain) defined in your own dns becomes 'authoritative' for that domain. So when clients ask your internal dns about any zone (domain) which is defined in it, and your server does not have that record, it will respond with "no such record" and your clients must take that on face value.
  Therefore, you only need to mirror records for domains which you have defined in your own dns. If you have external www.domain1.com and www.domain2.com but only have domain1.com established on your internal dns, then you only need that domain's www record mirrored. Your server will therefore not be authoritative for domain2.com and will pass all requests out to whichever external dns is authoritative for it.
  -david

• Unable to add network printers from Windows Server 2012 R2 to client running Windows 7 Pro x64

  New Windows Server 2012 R2 Standard in the environment.  Added print services to it and added five HP printers to it and shared them.  Also deployed the printers via group policy.
  Clients are running Windows 7 Pro x64.  The group policy fails to install the printers (error 0x00000002).  We get the same error when trying to manually add the printer from the client side.
  From Event Viewer: Group Policy was unable to add per computer connection <<printer share>>. Error code 0x2. This can occur if the name of the printer connection is incorrect, or if the print spooler cannot contact the print server.
  Any ideas on troubleshooting this?
  Thanks.
  -John

  John,
  You might try playing with the HP universal driver, that might help you.  Try installing a new shared printer on the server using the universal print driver, then try and connect to it to see if it is any better.
  Check these GPO settings to ensure local machines can install the drivers.
  1. Configure the following two Group Policy settings:
  Computer Configuration\Policies\Administrative Templates\System\Driver Installation\Allow non-administrators to install drivers for these devices setup classesEnabled
  2. Device class GUID of printers: {4d36e979-e325-11ce-bfc1-08002be10318}
  Computer Configuration/Policies/Administrative Templates/Printers/Point and Print RestrictionsEnabled
  Security Prompts: When Installing Drivers for a new connection = Do not show warning or elevation prompt
  This article might help you out also:
  http://www.eversity.nl/blog/2012/09/windows-cannot-connect-to-the-printer-operation-failed-with-error-0x00000002/
  Cheers,
  Curt Winter
  Certified Microsoft Professional
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied. If you found my post helpful, please mark it as the answer.

• Unable to create network users in Server App

  Hello.
  When trying to create a new user in Server Application I've come across this message:
  "existing connection is not authenticated: password change denied".
  Tried resolving it using the suggestions in the thread http://support.apple.com/kb/HT20001
     1. Quit Server.app.
     2. On the Open Directory Server, execute these Terminal commands:
        sudo touch /var/db/openldap/migration/.rekerberize
        sudo killall PasswordService
     3. Open Server.app.
  but the message I'm given in the terminal is No such file or directory.
  Does somebody know why I don't have the folder structure needed for this?

  Do this first, then try again:
  sudo mkdir /var/db/openldap/migration

• Unable to connect to ACE30 from 3845/2811 -ssh - Invalid modulus length

     Hi,
  I`ve seen quite a lot of posts regarding SSH issues and the above SSH error. However the fix mainly involves upgrading clients but in this instance the client is are Cisco routers 3845 / 2811 - which we use for out and inband management.
  Connectivity / routing etc is proven. Using SSH v2 the actual 6500 chassis where the ACE is physically located works fine. Configuring SSH v1 on the ACE module allows connections via the 3845/2811`s but we cannot use this.
  Both have the following IOS Version 12.4(24)T4. I have tried various key sizes on the ACE module.
  The SSH debug is :
  Aug  8 09:44:00.755: SSH2 CLIENT 2: SSH2_MSG_KEXINIT sent
  Aug  8 09:44:00.767: SSH2 CLIENT 2: ssh_receive: 536 bytes received
  Aug  8 09:44:00.767: SSH2 CLIENT 2: input: total packet length of 776 bytes
  Aug  8 09:44:00.767: SSH2 CLIENT 2: partial packet length(block size)8 bytes,nee                                                                                                                                                             ded 768 bytes,
                 maclen 0
  Aug  8 09:44:00.767: SSH2 CLIENT 2: ssh_receive: 240 bytes received
  Aug  8 09:44:00.767: SSH2 CLIENT 2: partial packet length(block size)8 bytes,nee                                                                                                                                                             ded 768 bytes,
                 maclen 0
  Aug  8 09:44:00.767: SSH2 CLIENT 2: input: padlength 10 bytes
  Aug  8 09:44:00.767: SSH2 CLIENT 2: SSH2_MSG_KEXINIT received
  Aug  8 09:44:00.767: SSH2:kex: server->client enc:aes128-cbc mac:hmac-sha1
  Aug  8 09:44:00.767: SSH2:kex: client->server enc:aes128-cbc mac:hmac-sha1
  Aug  8 09:44:00.767: SSH2 CLIENT 2: send:packet of  length 24 (length also inclu                                                                                                                                                             des padlen of 6)
  Aug  8 09:44:00.767: SSH2 CLIENT 2: SSH2_MSG_KEX_DH_GEX_REQUEST sent
  Aug  8 09:44:00.767: SSH2 CLIENT 2: Range sent- 1024  < 2048  < 4096
  Aug  8 09:44:00.859: SSH2 CLIENT 2: ssh_receive: 424 bytes received
  Aug  8 09:44:00.863: SSH2 CLIENT 2: input: total packet length of 424 bytes
  Aug  8 09:44:00.863: SSH2 CLIENT 2: partial packet length(block size)8 bytes,nee                                                                                                                                                             ded 416 bytes,
                 maclen 0
  Aug  8 09:44:00.863: SSH2 CLIENT 2: input: padlength 10 bytes
  Aug  8 09:44:00.863: SSH2 CLIENT 2: SSH2_MSG_KEX_DH_GEX_GROUP received
  Aug  8 09:44:00.863: SSH2 CLIENT 2:
  Invalid modulus length
  Is there a fix for this issue ?
  Many thanks for any tips/advise.

  I`ve now tried a new version of the code incase it was a bug. ( 12.4 (24) T6 ) and various key sizes ( 768, 1024,2048, 4096) but no avail.
  Oct 12 13:16:26.435: SSH CLIENT0: protocol version id is - SSH-2.0-OpenSSH_5.2
  Oct 12 13:16:26.435: SSH CLIENT0: sent protocol version id SSH-2.0-Cisco-1.25
  Oct 12 13:16:26.435: SSH CLIENT0: protocol version exchange successful
  Oct 12 13:16:26.435: SSH2 CLIENT 0: SSH2_MSG_KEXINIT sent
  Oct 12 13:16:26.447: SSH2 CLIENT 0: SSH2_MSG_KEXINIT received
  Oct 12 13:16:26.447: SSH2:kex: server->client enc:aes128-cbc mac:hmac-sha1
  Oct 12 13:16:26.447: SSH2:kex: client->server enc:aes128-cbc mac:hmac-sha1
  Oct 12 13:16:26.447: SSH2 CLIENT 0: SSH2_MSG_KEX_DH_GEX_REQUEST sent
  Oct 12 13:16:26.447: SSH2 CLIENT 0: Range sent- 1024  < 2048  < 4096
  Oct 12 13:16:26.535: SSH2 CLIENT 0: SSH2_MSG_KEX_DH_GEX_GROUP received
  Oct 12 13:16:26.535: SSH2 CLIENT 0:
  Invalid modulus length
  Oct 12 13:16:26.535: SSH CLIENT0: key exchange failure (code = 0)
  Oct 12 13:16:26.535: SSH CLIENT0: Session disconnected - error 0x00

• Get OSX to retrieve users from a specific AD OU.

  Hi All,
  I work in a school with OSX and AD, two campuses (Secondary and Junior). On the Secondary campus we run the 'Golden Triangle' pretty well, but we just present a login box for users. On our Junior campus we run OSX as it's own directory master, with the WGM preference showing a list of names of network users.
  Now while I can quite easily point our Junior school OSX server to our AD and get all the users showing in a list, we don't need to have all the Secondary school users showing in the Junior school list.
  Is there a way to only show network users from a specific AD OU in the list of network users when we bind our OD to AD?
  Thanks,
  Dustin

  There are a number of ways to accomplish this, but AFAIK none of them is straightforward like writing a script to accomplish the task.
  This could be accomplished quite readily with the Essbase API.
  Unfortunately, when Maxl outputs tabular data such as what comes out after DISPLAY SESSION ALL; - it comes out as all one big string with lots of spaces.
  So to parse that output you would need to use a language that can tokenize the text into a collection and parse that for the users.
  Then you need to do the same sort of thing after running DISPLAY USER IN GROUP ALL; (or instead of all, use a specific group name);
  Then run ALTER SYSTEM LOGOUT SESSION BY USER <parsed_username>;
  What would be ideal (hello Oracle... <wink> ) is a MAXL command ALTER SYSTEM LOGOUT SESSION BY GROUP <GroupName>;
  The way I would approach this would be to write a little utility that does exaclty what you seek:
  - Scan the current session periodically (say, once every 5 mins)
  - for each user that belongs to group(s) <group>(<group>...)
  - if user has an open query running longer than n minutes, kill the user request.
  This way you're not kicking people, your just taking back resources. Of course you can be more aggressive and code it to kick the user by forcefully ending (invalidating) his session too.
  I can give you a hand with this offline if you want.
  Robb

• Network users cannot log in to server

  I have set up a new server from scratch on a new Macmini.  In the main, it works absolutely fine.  Users can log into the sever from client device as registered user and can share the screen with no problem.
  The users are set up as local network users and are in a local group and a network group. I set them up using Workgroup manager after setting up Open directory.  All users cn be seen from OD and WM.  However, they cannot log in to the server directly - only the server adminstrator can do that.  Home drives etc are all set up fine.
  Any help will be greatly appreciated.
  F

  Administrators always have access, you may have blocked Network Users from having access using Workgroup Manager 10.8.
  Open Workgroup Manager 10.8
  Authenticate to the local directory as an administrator.
  Go to the machines section and select the server where users cannot log in.
  Click the preferences icon to see the preferences for that computer set through WM 10.8
  From the overview choose Login.
  Choose the Access tab and set Manage: to Never.
  Message was edited by: Mark23

• Network User List Not Updating

  I manage a lab of ~30 iMacs which are bound to an Open Directory on a G5. The client computers set so that their login windows show only network users accounts in a list. However, they don't seem to be getting the actual list of network users from the server. Rather, in /Library/Preferences/com.apple.loginwindow.plist there is a NetworkUsers array which contains the users listed by loginwindow. No matter what this array is never updated, not since it was originally created it seems. Furthermore, if I delete the plist, loginwindow reverts to name/password fields and never gets the list of network users. Clients can still log in, and MCX settings are updating correctly, it's just that loginwindow can/does retrieve the network users to display in the list. I've tried refreshing preferences, rebinding the computers, changing the computerlist settings on the server, deleting the MCX cache...just about everything I can think of short of clean installing the clients and/or the server (which, ya know, I'd really rather avoid . I've seen several other topics in the discussions that sound similar to mine but all seem to have slight variations and none seem to be fully answered so I'm sure many would appreciate any help on this topic. All of the computers are running 10.4.4.
  PowerBook Al 15 1.5GHz   Mac OS X (10.4.4)  

  I had already checked (search based) that as I had that with 10.3 and 10.4 server.
  I did however solve it today, but am not 100% sure on what I did.
  Here is what I tried.
  I was trying to add restart to the applemenu, and did so and the restart appeared, but was then trying to look for ways to remove the logout so as to force the users to restart rather than logout but could not find it. I looked in the forced com.apple.finder.plist which was under the details options in preferences rather than the finder icon, and since there was no key in there I removed it from the computer list prefs and the pupils groups prefs. I then looked at the finder prefs from the icon in system prefs on WGM and noticed that I had blue dashes meaning some set some not. I cleared them be setting them as I wanted and then double checked but noticed they were back to dashes so did them again by doing never then apply and then always and resetting them to as I want (I think that is was I did) and then checked and they were ticked or unticked and no dashes. I then just happened to log on with a client to see if the applemenu was fine and noticed that it no longer showed the restart so had to log off upon which the list appeared.
  I think that one of the com.apple.finder.plist in either the group or computer list details prefs was the problem.
  I hope that it is okay and will stay like this, until I relook at to why the restart is not happening and knowing sods law will solve that but get no list again.

• How can I allow network users to use File Sharing on 10.8 Server?

  I am in the process of setting up a new OS X 10.8 Server. I have exported/imported the network users from my previous OS X 10.6.8 Server using Workspace Manager. I have re-entered the passwords of the users. I have existing clients running (stil logged in).
  I have set up the File Sharing service in Server.app. I have several mount points. I have made the Users mount point available for home directories over AFP.
  Now, the system administrator can connect to the server and get access to the file shares. So the basic file sharing system works.
  Also: the users on a client can get there password verified (e.g. when unlocking screen protection) by the server. It is just AFP they can't get access to, while the system administrator account (OD /Local on the server) can be used. So, the password in the server is OK too. It seems to be a matter of privileges.
  But no network user (OD user in directory /LDAPv3/127.0.0.1 on the server) can get access. Where can I give network users privileges for File Sharing on the server?
  I did try to add either the "Open Directory Users" group or a specific user that was imported into com.apple.access_afp. If I do that, there is partial success. I can connect to the server from the client with a user account other than system administrator from the server (but connecting is slow). But Mobile Home Sync does not work:
  1:: [13/04/05 16:11:10.379] Scheduling next sync of "HomeSync_Mirror" at 2013-04-05 14:11:20 +0000
  1:: [13/04/05 16:11:20.782] ==========================================================
  0:: [13/04/05 16:11:20.782] Starting automatic sync of "HomeSync_Mirror".
  1:: [13/04/05 16:11:20.786] Peer "network" reports changes since last sync.
  1:: [13/04/05 16:11:20.786] [0x7fd5a9224760/<SStore_FS:0x105db3420>] +[SStore_FS newStore_FSForPeer:alias:]: isRemote = NO
  1:: [13/04/05 16:11:20.786] [0x7fd5a9224760/<SStore_FS:0x105db3420>] +[SStore_FS newStore_FSForPeer:rootPath:rootAlias:rootRef:storePath:optionalStoreID:]: peer = <SPeer_FS:0x7fd5a5009520> = local, optionalStoreID = (null), peer.storeIDString = *
  1:: [13/04/05 16:11:20.786] [0x7fd5a9224760/<SStore_FS:0x105db3420>] +[SStore_FS newStore_FSForPeer:rootPath:rootAlias:rootRef:storePath:optionalStoreID:]: rootPath        = /Users/gerben
  1:: [13/04/05 16:11:20.786] [0x7fd5a9224760/<SStore_FS:0x105db3420>] +[SStore_FS newStore_FSForPeer:rootPath:rootAlias:rootRef:storePath:optionalStoreID:]: storePath       = /Users/gerben/.FileSync/store.filesyncstatetree
  1:: [13/04/05 16:11:20.787] [0x7fd5a9224760/<SStore_FS:0x105db3420>] +[SStore_FS newStore_FSForPeer:rootPath:rootAlias:rootRef:storePath:optionalStoreID:]: rootAlias       = {path='/Users/gerben', targetName='gerben', volumeName='Macintosh HD', type=DIR, volumeCreateDate=2010-08-10-12:58:16, targetCreateDate=2011-08-28-18:39:13, parentDirID=37638, nodeID=3003598, filesystemID=0000 ('0000'), signature=0x482b ('H+'), isBootVolume=YES, isAutomounted=NO, isEjectable=NO, hasPersistentFileIDs=YES, mounted=YES, url='file://localhost/'}
  0:: [13/04/05 16:11:20.789] -[SPeer_FS _mountServerCallbackShares:status:]: received error 64
  0:: [13/04/05 16:11:20.790] EXCEPTION: _mountServerCallbackShares:status: (Host is down) <-[SPeer_FS mountPeerVolumeWithURLString:] (Peer-FS.m:446): "'(-1)' error 64">
  0:: [13/04/05 16:11:20.790] USERINFO: {
  0:: [13/04/05 16:11:20.790]     NSLocalizedDescription = "Host is down";
  0:: [13/04/05 16:11:20.790] }
  0:: [13/04/05 16:11:20.790] BACKTRACE: {
  0:: [13/04/05 16:11:20.790] ? | 0x105cb79b7  
  0:: [13/04/05 16:11:20.790] ? | 0x105cbf0e5  
  0:: [13/04/05 16:11:20.790] ? | 0x105c2c866  
  0:: [13/04/05 16:11:20.790] ? | 0x105c2babd  
  0:: [13/04/05 16:11:20.790] ? | 0x105c2acb4  
  0:: [13/04/05 16:11:20.790] ? | 0x7fff858bb72a
  0:: [13/04/05 16:11:20.790] ? | 0x7fff858bb6a2
  0:: [13/04/05 16:11:20.790] ? | 0x7fff874cf8bf
  0:: [13/04/05 16:11:20.790] ? | 0x7fff874d2b75
  0:: [13/04/05 16:11:20.790] }
  1:: [13/04/05 16:11:20.790] Peer "network" is unable to sync. (-[SPeer_FS mountPeerVolumeWithURLString:] (Peer-FS.m:446): "'(-1)' error 64")
  0:: [13/04/05 16:11:20.790] Peer "network" is unable to sync. Not enough peers will be available to continue syncing.
  0:: [13/04/05 16:11:20.790] Aborting sync of "HomeSync_Mirror".
  1:: [13/04/05 16:11:20.790] -[SPeer abortSync] "local"
  1:: [13/04/05 16:11:20.797] -[SStore_FS setupWithAlias:andRef:] (Store-FS.m:447): unlink('/Users/gerben/.FileSync/.fstemp.QW1Gh-bhvgEhVwmG3.noindex')
  0:: [13/04/05 16:11:20.798] EXCEPTION: !IF <-[SPeer(protected) doPrepareForSyncWithResolvedConflicts:] (Peer.m:1149): "'(([self checkAbort]))'">
  0:: [13/04/05 16:11:20.798] BACKTRACE: {
  0:: [13/04/05 16:11:20.798] ? | 0x105c2bb66  
  0:: [13/04/05 16:11:20.798] ? | 0x105c2acb4  
  0:: [13/04/05 16:11:20.798] ? | 0x7fff858bb72a
  0:: [13/04/05 16:11:20.798] ? | 0x7fff858bb6a2
  0:: [13/04/05 16:11:20.798] ? | 0x7fff874cf8bf
  0:: [13/04/05 16:11:20.798] ? | 0x7fff874d2b75
  0:: [13/04/05 16:11:20.798] }
  1:: [13/04/05 16:11:20.798] -[SStore_FS deleteStateTreeTurdFile] (Store-FS.m:476): unlink('/Users/gerben/.FileSync/store.filesyncstatetree.statetree_dirty')
  1:: [13/04/05 16:11:20.798] Peer "local" is unable to sync. (-[SPeer(protected) doPrepareForSyncWithResolvedConflicts:] (Peer.m:1149): "'(([self checkAbort]))'")
  0:: [13/04/05 16:11:20.798] Peer "local" is unable to sync. Not enough peers will be available to continue syncing.
  1:: [13/04/05 16:11:20.798] EXCEPTION: SFAbortedException <-[SSyncEngine _waitForPeers:] (SyncEngine.m:1922): "'(_abort)'">
  1:: [13/04/05 16:11:20.798] -[SSyncEngine threadMain_SyncEngine_sync:]: sync failed with exception "-[SSyncEngine _waitForPeers:] (SyncEngine.m:1922): "'(_abort)'"".
  0:: [13/04/05 16:11:21.066] Sync of "HomeSync_Mirror" encountered errors. (_mountServerCallbackShares:status: (Host is down))
  0:: [13/04/05 16:11:21.067] Last successful sync completed at 2013-04-04 20:17:15 +0000.
  0:: [13/04/05 16:11:21.067] Finished sync of "HomeSync_Mirror".
  1:: [13/04/05 16:11:21.067] Scheduling next sync of "HomeSync_Mirror" at 2013-04-05 14:31:21 +0000
  1:: [13/04/05 16:11:21.284] 1-pass sync of "HomeSync_Mirror" took 0.02 seconds

  Hi Gerben,
  Try creating a brand new user, that's not imported and see if that works. Every user/group has a little gear in the Server.app/Users or Groups which allows specific access to specific services, perhaps filesharing is off in that section?
  Is your DNS setup properly? Can you verify that clients can see the FQDN of your server?
  After setting up the Users folder for mobilehomes, did you check whether the group and the separate users have access to filesharing? I am able to select the correct homefolder /Users and restrict the homefolder size.
  Goodluck!
  Jeffrey

• Is there a way to prevent users from changing the Advanced, Connection, Settings Tab?

  I need to stop network users from changing the proxy settings to avoid the firewall. Is there any way to disable or prevent them from getting to the advanced, connections tab, and changing the settings for the proxy?

  You can lock the corresponding prefs, then users won't be able to change the settings.
  See http://kb.mozillazine.org/Locking_preferences
  See also http://kb.mozillazine.org/about%3Aconfig_entries

• How to restrict users from saving a transaction in PCUI

  Hi Experts,
  I am working on a requirement where in I have to restrict the user from saving a followup up transaction if an order already exists for the same,in PCUI.I am able to display the error message in the PCUI screen but unable to restrict the user from saving the transaction.
  I have implemented the CRM_COPY_BADI ,copy method to check the item copy and populating the message from there...The requirement is fulfilled in GUI by giving a abandon message which restricts the user from saving the transaction.but in PCUI the abandon message is not working..So is there any way to deactivate the save button for a particular transaction in PCUI and this is to be done from within the CRM_COPY_BADI..
  I would sincerely appreciate any help provided on the issue..

  We can do this by populating an error message in the Application log

• Moving Users from one server to another

  Is it possible to move my network users from one Xserve to another? I know this used to be possible to do with NetInfo, but I haven't heard of anything like this using Ldap.

  I used Open Directory Archive/Restore in Server Admin to carry over my ldap users through a reinstall. Their UIDs, groups, passwords, etc. all came across. The home directories were on a different volume and everything basically worked after the reinstall.