Cannot set up open directory, Mavericks server

Similar Messages

• Users cannot connect to Open Directory Leopard server

  Just testing Leopard server and running into all sorts of problems...
  Clean install of Leopard Server running DNS, AFP and Open Directory.
  Set up DNS first and checked both forward and reverse look-up was correct.
  Promoted to Open Directory master from Standalone.
  Created two test user accounts (without Home directories) and gave them access to a specific sharepoint.
  Setup LDAP on the client machine (Leopard client) and could see the user accounts in the Directory app.
  Try to log in.....'username or password incorrect'.
  Check the OD logs and cannot find any reference to the attempted log-in.
  I understand that it appears that user accounts require a Home Directory in Leopard, regardless of whether you actually want one (I don't). I tried creating a home directory using Workgroup Manager but as noted in other threads, the 'create home directory' button doesn't work.
  I then created a home directory via the command line for one of the user accounts but am still unable to log-in.
  Any ideas?
  Thanks.

  This may be a stupid question but have you run sudo chown on the user's home directory after creating it?
  I had the same problem and my solution is posted here: http://discussions.apple.com/thread.jspa?threadID=1290158&tstart=0
  Let me know if that works. If not, we'll work on it together.

• TNS-01251: Cannot set trace/log directory under ADR

  Dear All,
  My Database is Oracle 11gR2 and operating system is Linux.
  I am trying to turn on logging for the listener using the commands:
  Lsnrctl> set log_directory /DB/oracle/product/11.1.0/db_1/network/admin/
  Lsnrctl> set log_file itlistener.log
  Lsnrctl> set log_status on
  Lsnrctl> save_config
  Lsnrctl> set log_directory  /DB/oracle/product/11.1.0/db_1/network/admin/ when i execute this command i get the following error:
  TNS-01251: Cannot set trace/log directory under ADR
  Is there any solution to get out of this error and log listener?
  Thanks,
  Imran

  misterimran wrote:
  Anyone else please?01251, 00000, "Cannot set trace/log directory under ADR"
  // *Cause: ADR trace and log directories cannot be set by the user.
  // *Action: None.                                                                                                                                                                                                                                                                                                                                                                                                                                   

• Setting up Open Directory and iCal server.

  Hello:
  I'm new to open directory - please help or point me in the right direction. I'm trying to set up a OSx server 10.5 running on a PowerMac G4.
  I need iCal/DNS/FS/VPN/WEB/Open Directory as services enabled.
  For testing purposes I've set up a small network with three machines all running 10.5.6.
  I've tired over and over to do this via an advanced server but have not be able to get everything to work so I did a basic server allowing the server set up to input all my settings. Everything built and started up without issue but I could not get iCal to work. I let the set up sit over night and when I returned the next morning the MacMini screen had a window saying that a directory server has been found that offers these following services ...WEB - iCal etc. Do you want to configure your workstation. I did and everything worked as aspected. I thought that I finally got it!
  I wanted to see the all of the settings so I converted the server to an advanced server and everything still worked. ( From the one workstation ).
  I imported a users exported file from the server I'm trying to fix then the groups file. Everything still worked from the Mac Mini but I could not connect from the other workstation.
  I never received the Open Directory message about services being offered etc.
  Both machines have identical network settings ( Fixed I.P. pointing the DNS to the server.) AFP sees the server from both workstations but I can not login from the third workstation using any known good user name and password not even the admin or the Macmini account and password that works from the Mac mini. I don't really know anything about open directory, do you need to register the computer name with the server or something to that effect.
  Why would it take hours for that original service offering to go out to the first workstation?
  Thanks for any help you can offer. All of my OSX server experience has been setting up file servers never any of the other offerings.
  Thanks,
  Rick

  Sorry,
  I posted this to the wrong forum. I re-posted in Open Directory.
  Thanks,
  Rick

• How to set up Open Directory Users with local home folders?

  Hi folks,
  i set up a Mac mini Server with the services DNS, DHCP, AFP and OpenDirectory running. Everything is working fine so far but i want my OpenDirectory Users to have their home folders locally on the clients harddisk. My Leopard clients are already bound to the directory but everytime i try to login the login window is shaking even when i use the Directory Administrator account. What am i doing wrong?
  Thanks.

  (Did you read my other reply? You need to make it a portable account for the caching of login credentials.)
  With network homes and portable account enabled on a machine you always run from the locally stored homefolder on that machine.
  This homefolder syncs with the server network home folder for that account.
  If either of these folders get corrupt or unintentionally altered files (permission problems) somehow, there is risk of losing files, syncing problems and more (can take long time to sync at login/out, during even without corruption - I prefer gigabit cable to WiFi for this for obvious reasons).
  You at least need to monitor storage space in both places. You don't want either to fill up the disk (worse on server because several users can have their folders corrupted at the same time). Working quota settings / account is probably a good thing.
  And you probably need to decide what is synced : all folders or just some (and when / how often).
  You either do this form the server (you decide) or let the user have some say or a mix of these two.
  You might want to leave out the user's personal files (music, movies and such) and also depending on emaIl client used, maybe not sync email if the client saves it like Entourage does it, in big ever changing database files. Might be better to just backup the mailserver if IMAP based.
  If a user puts other large files in their homefolder (often on the Desktop) they can fill up the server fast. DVD-projects anyone?
  Mixing different versions server/client might not work too good either.
  So having said that, when syncing works it can be really good and you can restore a machine/account fast with pretty recent data. You can if in a hurry even log in from another machine using the account network home folder, getting access to the synced folders/files.
  Using Time Machine it's a one way "sync" (more like "duplicate changed and new files" - which I like) and you have to manually set TM settings on the client for what is going to be backed up and when. I do atleast don't know how to do it from/on the server. This "less intervention by the server" can be a good thing but if your users don't "behave" you might want to be in the drivers seat "saving them from themselves".
  TM backups can grow fast and probably demands more user interaction when storage space is used up.
  As with all "backup" configurations you probably want some rotating media backup of both network homes and/or TM backups so you can do a restore. Of these two, network homes are the more important one to backup "further".

• Cannot find bookmarks - open directory user

  We have LDAP v3 at our school. A teacher logged on to a different computer and her bookmarks were missing. Since she is an open directory user, I believe her books should follow her. We were trying to figure out where on a Mac the bookmarks are stored...and we could not figure it out.
  We see the profile where an internet search told us the bookmarks were -- but we could not see them. What specific folder are they in and what is the name of the file/folder that contains the bookmarks?

  The name of the file is '''places.sqlite'''.

• Cannot set Start Mode using SQL Server Configuration Manager

  I have SQL Server 2012 Express installed on Windows 8.1 and am trying to change the Start Mode to Manual using SQL Server Configuration Manager. However, when I open the Properties dialog and use the drop-down for Start Mode on the Service tab the drop-down
  is inoperative. A "vertical bar" appears but no options.
  Is there some other way that I can change the Start Mode?

  I have SQL Server 2012 Express installed on Windows 8.1 and am trying to change the Start Mode to Manual using SQL Server Configuration Manager. However, when I open the Properties dialog and use the drop-down for Start Mode on the Service tab the drop-down
  is inoperative. A "vertical bar" appears but no options.
  Is there some other way that I can change the Start Mode?
  I have seen that on my laptop as well and it was due to display /resolution setting. Please see if that helps you. BTW, as already answered, services.msc is another way of changing it.
  Balmukund Lakhani | Please mark solved if I've answered your question, vote for it as helpful to help other users find a solution quicker
  This posting is provided "AS IS" with no warranties, and confers no rights.
  My Blog |
  Team Blog | @Twitter
  Author: SQL Server 2012 AlwaysOn -
  Paperback, Kindle

• Cannot set up an Incoming Mail Server

  I am trying to set up Aliases but when I get to the Incoming Mail Server field in Mail Preferences it is greyed out with "mail.example.com" and if I alter any other field and then try to save that account I get a message "Incoming Mail Server field cannot be empty".  How can I get the Incoming Mail Server field to highlight so I can insert something and what do I put in?

  Yes that is what I was doing.  I am confused because initially I thought I had completed the process in Safari iCloiud but the the Aliase email address didn't show uo when I composed message and wanted to send it from that address and not the default.  I added the Aliase in Mail>Preferences>Accounts>Add new account and sent an email but looking at the inbox in Mail there is a "lightening" symbol and clicking on that and entering the password comes up with the message "Mail cannot conect to the account (aliase address)".  When I wnt back to Preferences that is when I realised that the form wasn't completed.  Since I started this thread I have received a reply to my earlier email using the Aliase address and sent a reply to that but the lightening symol still remains.  Any ideas?

• I cannot set up mail in mavericks

  I've just taken delivery of new MBPro. I have migrated all data from my previous MBPro, but Mail, though it has all my Smart folders, will not accept my existing accounts: iCloud and Exchange.

  I spent a couple of hours with phone tech support yesterday, resetting, repairing permissions, going into library and removing mail related folders, going into terminal (sorry I can't remember the commands I typed) but nothing worked.
  This evening, I got an email notification of your comment above and linked to the thread and noticed the "re: Mail in Mavericks" thread in the "More Like This" panel to the right of this window and followed rootch's steps and it worked! my iCloud and exchange accounts appeared in mail automatically. Other POP accounts, I had to configure manually, referring to settings in Mail on my previous MBP. Try it, I hope it works for you!

• 10.6.8 to Mavericks Server Upgrade loses Open Directory Users

  Hi,
  I have an OpenDirectory Master running OSX Server 10.6.8. An upgrade to Mavericks 10.9 has just failed.
  The server has about 50 OD users and passwords need to be retained across the upgrade. Apart from OD, the only other active service is AFP file sharing.
  DNS is good forward and back as per this article: OS X Server: Steps to take before upgrading or migrating the Open Directory database
  I followed these Apple guidelines for server migration: OS X Server: Upgrade and migration from Lion Server or Snow Leopard Server.
  I cloned the boot drive, booted from the clone, upgraded to Mavericks, then installed the Mavericks Server app.
  On opening the Mavericks Server app "Configuring services' showed for 5 minutes, but then an error message appeared. I did not record it exactly, but it was something like, "There was an error configuring the server. Certificate not valid!".
  I was able to continue through the error but on opening Server app there were no OD (local/network) users showing. Authentication was not happening.
  I had underestimated the time to get the installation done and I had used up the window of downtime I had booked - I did not have much time to troubleshoot. So, I cut back to the original hard drive and the server is back to 10.6.8 again.
  Can anyone point me in the right direction to find out what may have gone wrong? How can I get my users into 10.9 Server?
  Many thanks,
  b.

  Linc Davis advice is spot-on, as usual.
  There seem to be dozens of sub-databases in the LDAP database. A problem in any of them seems to derail the entire conversion process. I tried a straight conversion and was also disappointed that there were unresolved issues, and it meant that the conversion failed.
  So I did the export route using WorkGroup Manager, and exported four sets:
  Users
  Groups
  Computers
  Computer groups
  go to the appropriate pane (e.g., Users) and Select All, then choose Export, and give it a name (probably with an embedded date in case you need to do it again later)
  Then use 10.9 WorkGroup Manager (available as a separate download) to Import.
  When re-imported, everything worked just fine (except the passwords, which cannot be carried forward using this method). I did have to manually enable at least one service, such as File Sharing service in Server [admin], or users showed up as "not allowed" [to log in].
  This entire process of getting Server 3 to work is fraught with peril, and everything converges on ONE diagnostic, "Network users can't log in". Which means you blew it, but provides no additional information about WHERE you blew it.
  There do not appear to be any magic bullets. It is just a tough slog. Users who reported success after failing the first time reported they returned to fundamental principles and did all the steps over, in order, to attain success.

• Disabling Kerberos After Setting Up an Open Directory Master - Mavericks

  I am attempting to setup the "magic triangle" and one of the steps is to follow  KB: Mac OS X 10.6 Server Admin: Disabling Kerberos After Setting Up an Open Directory Master
  However, the command mentioned to disable Kerberos does not work on Mavericks as I get remove parameter not found.   What is proper way to disable kerberos on a mavericks open directory master server so that Active Directory takes over for kerberos properly?
  The article for the magic triangle configuration that I am following is: https://it.uoregon.edu/Magic-Triangle-setup
  Also, is Apple's best practice in a "magic triangle" situation to join the client computers to OD and AD?

  Mavericks server seems to be smart enough to disable its Kerberos for you if you bind the server to AD before you create your OD Master.
  if you want to use Workgroup Manager in Mavericks to manage preferences then yes you need to bind clients to AD and OD. We are doing this with Mavericks. it works.
  however, Apple has now deprecated Workgroup Manager in favor of Profile Manager. If you switch to Profile Manager then you enroll clients to the server instead of binding them to OD.
  pick yer poison. :-)

• Server 3 / SSL Certificate / Open Directory - Problem!

  We've updated from Server 2 to Server 3 / OS X 10.9.
  We have an SSL certificate for server from Comodo.
  Under Server 2, all worked just fine, with the SSL certificate being used to secure all services (configure via Server app).
  Under Server 3, all works just fine, but Open Directory will not accept certificate - so Certificates / Settings in Server 3 app shows "Custom Configuration" for Settings - and on inspecting this it is because Open Directory set to be not secured but everything else is using SSL.
  I've tried setting the Open Directory to use the SSL, but when ever I do it simply bounces back to being unsecured.
  Does this matter?  Presumably it should be possible (as the standard setting appears to try and set Open Directory to use the SSL certificate), but not sure whether trying to fix is simply a fools errand.
  Anyone got any clues as to whether to fix or not, and if to fix, how?
  Thanks in advance.

  Have you check to see that the certificate is indeed "Trusted" by your server?
  Above, you stated that they're in the etc/certificates folder, but that doesn't mean that the server likes them.  You can create a "Self Signed" Certificate and still have certificates in there.  That doesn't mean that anyone else on the planet has to trust them.
  Open Keychain Access in your utilities folder.  Depending on how you have it configured, you may have to look around to find the certificate in question.  It may be under login, or System. 
  When you select your Certificate, if it's there, does it show as trusted?
  Another thing you can check...  Often times Certificate authories, use Intermdeiate certificates.  Since anyone can sell a certificate, in order to have it trusted, you need to have it signed by someone else.  A good example is Godaddy.  They sell both SSL and Code signing certificates of all flavours.  In order to get them to be trusted, the "Intermediate Certificate" needs to also be installed in the keychain.  My Godaddy cert looks to be trusted by Verisign via an intermediate.
  Have a look here...  https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid =1182
  Not sure if it's directly relevant, but there it is.
  The point is, I think you need to verify that your certificate is trusted by your server.  OD won't use an untrusted certificate. 
  --an afterthought--  Anything in the logs?
  Open up your server window where you try to select the certificate for OD.  Also, in another window open up the terminal.  In terminal, type:
  tail -f /var/log/system.log
  In the server window try to select the certificate and click done.  See what the output in terminal says.

• Open directory Server admin APP, crashes

  HI all.
  ON my 10.7.2 lion server for some reason my server admin app keeps crashing under the Open
  directory Section...
  Here are the screen shots..

  Also I cant make any changes under the Open Directory in server Admin...
  Everything is greyed OUT...

• Binding Snow Leopard server OD to Mavericks server OD

  Does anyone know if it's possible to setup a Snow Leopard server to bind Open Directory to a new server running Macvericks server?
  I have 2 new mac minis running 10.9.4 with server 3.1.2 on them, one as an OD master and the other as a replica. We have a couple of older Xserves still running Snow Leopard server and must keep them that way because of some other software that can't be upgraded.
  What we need is those 2 servers to be able to bind (not as a replica as it's not possible) to the master OD mac mini for authentication?  I've been able to get the OD process on them to be set to "connect to another directory" then use Directory Utility to try and bind LDAPv3 to the master mini but it says invalid credentials supplied when I type in the proper OD username and password.
  Any thoughts?

  To work as Master and Replicas, all must be the same version of Server.
  You cannot bind as Open Directory Servers (as in combining Open Directories), but you can run Mac OS X 10.6.8 workstations [running 10.6.8 or 10.6.8 Server] off a Mavericks plus Server 3 Open Directory Server. You can have Home Directories on an older Server. You may be able to provide some services off the older Servers. But you cannot keep them as Open Directory Servers on the same Network.
  I think you just shut off Open Directory on the 10.6.8 Servers, then use Directory Utility to Bind to the Mac Mini or Replica Server as if they were Workstations.

• Mavericks server and network login

  I try to set up a new Mavericks server with Open Directory so my clients can login through the network.
  On Lion it worked very good and was easy to implement.
  My computers are all on a large network and get their Ip-number fron a central DNS server. Because of that I do not want the Mavericks server to work as a DNS server, so this function is not turned on. (the same as on my working Lion server).
  I set up my client computer and joined the open directory server, light is green, so it seems to be ok.
  The problem is that I cannot login with a nework account.
  Clients are all 10.8.5
  Is there a solution for this problem?
  Regards,
  Martin Bartels

  markuna wrote:
  So far, so good. What puzzles me is the dot behind the hostname in the second query. Is this the root of all evil?
  If so, how to get rid of it?
  The trailing dot is actually a standard part of the DNS domain name.
  It's been omitted or suppressed by web browsers for many years, so most folks don't realize it's even around.  The dot represents the root DNS servers. 
  These DNS root servers are the root of the DNS hierarchy.  
  DNS parses and traverses from right to left, from root to com to example to www, for instance, for the www.example.com or www.example.com. domain. 
  You'll sometimes see this syntax — with the trailing dot — referred to as a fully-qualified domain name (FQDN).
  (There are some common parsing behaviors that can arise when a domain specification is not an FQDN too, but that discussion is probably best left for another time.)
  If you'd like, you can enter the trailing dot in most any web browser — it'll be accepted.