Leopard Clients Take 10 Minutes to Connect to Tiger 10.4.11 Server

Similar Messages

• Snow leopard clients can no longer connect after 10.7.3 update.

  Hey,
  We updated to 10.7.3 on the server side and our snow leopard clients can no longer connect. Our lion clients have no trouble connecting.
  They recieve an box saying an error occured, with no other information.
  Any ideas?

  Voelkl:
  How are you trying to connect to your Lion Server? AFP? VNC? SMB?

• Leopard Clients take a Long Time to Login (roughly 1~2 minutes)

  Hello all,
  I've spent the last few weeks scouring these groups and then net and searching and searching for someone with a similar problem to my own, but have come up pretty much empty handed and so now turn to here to see if any else has had this issue or can at least point me where to look to resolve the problem.
  I've got a clean install of a XServe running Leopard server 10.5.2 with OD, AFP services and User home folders configured and fully working.
  The problem:
  Clean install of Tiger client logs into the server (OD binded) perfectly. Takes maybe 15 seconds tops to for the client to log in and show the all the AFP mounts and client settings and user's desktop and files, etc.
  However, a fresh Leopard client install (OD binded) takes roughly 1~2 minutes to do the exact same thing.
  I've gone through any log file I can find on server and client side, checked my DNS running on this xserve, created new users without "home" folders, and searched just about everywhere for an answer to this issue and am still empty handed.
  This is not a show stopper issue, but there is something definitely not normal about what is happening with Leopard client logins.
  I'm trying to explain this as best as I can without making a wall of text, but I'm sure I'll forget something, so please ask questions if you have them.
  Things I'm seeing in the logs during the time of the login happening are:
  Server-side Logs:
  - Kerberos Server Log -
  Apr 14 11:27:39 ns1.mydomain.com krb5kdc[167](info): TGS_REQ (7 etypes {18 17 16 23 1 3 2}) 172.16.9.14: ISSUE: authtime 1208190459, etypes {rep=16 tkt=16 ses=16}, [email protected] for ldap/ns1.mydomain.com@NS1. MYDOMAIN.COM
  Apr 14 11:28:46 ns1.mydomain.com krb5kdc[167](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 172.16.1.205: NEEDED_PREAUTH: CRC0002$@NS1. MYDOMAIN.COM for krbtgt/NS1. MYDOMAIN.COM@NS1. MYDOMAIN.COM, Additional pre-authentication required
  - Password Service Server Log -
  Apr 14 2008 11:43:03 KERBEROS-LOGIN-CHECK: user {0x47f3ab5903c4b01c0000002a0000002a, CRC0005$} is in good standing.
  Apr 14 2008 11:43:03 KERBEROS-LOGIN-CHECK: user {0x47f3ab5903c4b01c0000002a0000002a, CRC0005$} authentication succeeded.
  Apr 14 2008 11:43:04 RSAVALIDATE: success.
  Apr 14 2008 11:43:04 AUTH2: {0x47c721234c9608250000000700000007, myusername} DIGEST-MD5 authentication succeeded.
  Apr 14 2008 11:43:04 RSAVALIDATE: success.
  Apr 14 2008 11:43:04 AUTH2: {0x47c721234c9608250000000700000007, myusername} DHX authentication succeeded.
  Apr 14 2008 11:43:04 KERBEROS-LOGIN-CHECK: user {0x47c721234c9608250000000700000007, myusername} is in good standing.
  Apr 14 2008 11:43:04 KERBEROS-LOGIN-CHECK: user {0x47c721234c9608250000000700000007, myusername} authentication succeeded.
  Apr 14 2008 11:43:05 RSAVALIDATE: success.
  Apr 14 2008 11:43:05 AUTH2: {0x47c721234c9608250000000700000007, myusername} DHX authentication succeeded.
  Apr 14 2008 11:43:06 KERBEROS-LOGIN-CHECK: user {0x47f3ab5903c4b01c0000002a0000002a, CRC0005$} is in good standing.
  Apr 14 2008 11:43:06 KERBEROS-LOGIN-CHECK: user {0x47f3ab5903c4b01c0000002a0000002a, CRC0005$} authentication succeeded.
  Apr 14 2008 11:43:06 KERBEROS-LOGIN-CHECK: user {0x47c721234c9608250000000700000007, myusername} is in good standing.
  Apr 14 2008 11:43:06 KERBEROS-LOGIN-CHECK: user {0x47c721234c9608250000000700000007, myusername} authentication succeeded.
  Apr 14 2008 11:45:26 KERBEROS-LOGIN-CHECK: user {0x47f3ab5903c4b01c0000002a0000002a, CRC0005$} is in good standing.
  Apr 14 2008 11:45:26 KERBEROS-LOGIN-CHECK: user {0x47f3ab5903c4b01c0000002a0000002a, CRC0005$} authentication succeeded.
  Client Side Logs:
  - All Messages -
  4/14/08 10:09:12 AM loginwindow[9868] Login Window Started Security Agent
  4/14/08 10:15:01 AM loginwindow[9868] Login Window - Returned from Security Agent
  - Console Messages -
  4/14/08 10:15:03 AM com.apple.launchd[1] (com.apple.UserEventAgent-LoginWindow[9880]) Exited: Terminated
  - SingleSignOnTools.log -
  kdcmond cannot retreive the computer's local Hostname , retrying ..
  Kerberos configuration is up to date
  Kerberos configuration is up to date
  Kerberos configuration is up to date
  Kerberos configuration is up to date
  .. and so on
  All other logs don't appear to show anything of importance in between the time frame of Login window started and login window exited.
  I'd like to know what exactly the client workstation is doing during this time with the server, but it looks like it just hangs and does nothing since nothing shows up in the logs that I can find during this time period where the client hangs. Maybe I can try an Ethereal trace to see what traffic is being sent back and forth during this timeframe. I don't know if this is a configuration issue on my part or a OD / AFP bug on Apple's part since Tiger clients connect perfectly.
  Logouts happen immediately, so no problems there on that end. And everything else with the system is working flawlessly (besides the OD Crashing issue which I'm sure everyone is well aware of right now with 10.5.2).
  Thank you to anyone that can assist in shedding some light on this issue and I apologize if I didn't provide enough information.
  -Jessee

  FOUND IT!!! Well for our install anyway. The culprit was AUTH2.
  In our case computers would (randomly) have the same ..SLOW.. symptoms as your original post described, and the 'Apple Password Server log' on our server showed the same log entries.
  It turned out that Single-Sign-On was being screwed up by two Authentication Authorities as applied in the LDAP (Computer and User) Attributes,
  and showed up in the log as competing authentications from KERBEROS-LOGIN-CHECK and AUTH2. as follows:
  Apr 30 2008 16:22:17 RSAVALIDATE: success.
  Apr 30 2008 16:22:17 AUTH2: {0x4818c423083a8ddd0000000a0000000a, user} DIGEST-MD5 authentication succeeded.
  Apr 30 2008 16:22:17 RSAVALIDATE: success.
  Apr 30 2008 16:22:17 AUTH2: {0x4818c423083a8ddd0000000a0000000a, user} DHX authentication succeeded.
  Apr 30 2008 16:22:17 KERBEROS-LOGIN-CHECK: user {0x4818c423083a8ddd0000000a0000000a, user} is in good standing.
  Apr 30 2008 16:22:17 KERBEROS-LOGIN-CHECK: user {0x4818c423083a8ddd0000000a0000000a, user} authentication succeeded.
  Apr 30 2008 16:22:18 RSAVALIDATE: success.
  Apr 30 2008 16:22:18 AUTH2: {0x4818c423083a8ddd0000000a0000000a, user} DHX authentication succeeded.
  Now, all the entries in our log (for remote logins) show:
  May 2 2008 10:35:39 KERBEROS-LOGIN-CHECK: user {0x4818c423083a8ddd0000000a0000000a, user} is in good standing.
  May 2 2008 10:35:39 KERBEROS-LOGIN-CHECK: user {0x4818c423083a8ddd0000000a0000000a, user} authentication succeeded.
  May 2 2008 10:35:39 KERBEROS-LOGIN-CHECK: user {0x4818c423083a8ddd0000000a0000000a, user} is in good standing.
  May 2 2008 10:35:39 KERBEROS-LOGIN-CHECK: user {0x4818c423083a8ddd0000000a0000000a, user} authentication succeeded.
  May 2 2008 10:35:39 KERBEROS-LOGIN-CHECK: user {0x4818c423083a8ddd0000000a0000000a, user} is in good standing.
  May 2 2008 10:35:39 KERBEROS-LOGIN-CHECK: user {0x4818c423083a8ddd0000000a0000000a, user} authentication succeeded.
  i.e...Single-Sign-On and they're FAST.
  no more AUTH2 entries overlapping with KERBEROS.
  (local Authentications still show AUTH2 when using WGM)
  The solution was pretty straight forward, But only applies if the system is using Single-Sign-On with AFP shared home folders and the Authentication for AFP is set to Kerberos.
  Delete ;ApplePasswordServer entries from all user/computer combinations that are having problems.
  I actually deleted it from all users and Computers. (Except the Server Computer and Directory Administrator that uses WGM. When I tested these, WGM would not authenticate Diradmin)
  It can be done in the GUI from the inspector tab in WGM
  find the attibute
  dsAttrTypeStandard:AuthenticationAuthority
  click to open
  If there are two entries: ApplePasswordServer and Kerberosv5 then:
  Edit the ApplePasswordServer entry (You can copy the text into an editor and save it for future use if needed, all entries are the same for all computers and users, so you only need 1 copy, and you can paste it back into new entry to put it back,...If needed....maybe for older systems, mine are all Leopard.
  Now delete, OK, and Save the changes
  After its done, check the logs again to make sure that all remote logons now show
  KERBEROS-LOGIN-CHECK:
  and they should be FAST.
  Hope this helps
  Steve

• Snow Leopard client for NetRestore image not being recognized in Mountain Lion Server

  I target firewired a MacBook Pro running Snow Leopard and ran System Imaging Utility and the machine does not show up as an option. Does Mountain Lion Server support Snow Leopard NetRestore images or am I doing something wrong?

  I'm actually trying to figure that out as well. We have 10.5, 10.6, 10.7, and 10.8 Images we wanted to put together for our netrestore images on our server, but can only do 10.8 images currently.
  We also have the AppleCare Helpdesk diagnostic kit which includes hardware tests, we were only able to get the newer mid-2012 and late-2012 Diagnostic utilities to netboot but none of the older ones.
  So do we need a server running the older OS to get these or is there a better alternative? i mean really shouldnt be a problem considering theyre running inside of an image and dont rely heavily on the server resources other than to say "Yep, goto this file/directory".
  I'd like to know more as well....

• Oracle 9i Client AIX only, tnsnames connection to Oracle 8i HP/UX Server

  I am having problems with the TNSNAMES connection when trying to execute SQLPlus. Are there any known gotchas on setting up the TNSNAMES.ORA, SQLNET.ORA, and LISTENER.ORA files?

  Yes, you have to get it right ;)
  What kind of problems? (steps taken, error codes/messages, etc.)
  Does your tnsnames.ora on the AIX side seem to match what the listener on HP/ux listens for?

• Managing Leopard clients with Tiger Workgroup Manager

  The WGM prefences are not working on the Leopard clients that I set in the Tiger server, but they work on the Tiger clients. You can't manage Leopard clients with a Tiger server? What gives? Help!

  You can look here for starters.
  http://discussions.apple.com/thread.jspa?threadID=1499636&tstart=0

• Client Upgraded from Tiger to Leopard Can No Longer Connect to Tiger Server

  I just finished upgrading a G5 2GHz DP Powermac from Tiger to Leopard. This was an Archive and Install upgrade with importing the old settings. After verifying the account migration, including .Mac connectivity, and fixing all 3rd party software compatibilities/upgrades, I tried to connect to our Tiger 4.11 server by clicking on the server's Icon in the Shared section of the Finder Sidebar. The finder then switches to browse the the server for shares: "Connecting..." is displayed under the tool bar, with a "Share Screen..." and "Connect As..." buttons to the right.
  At this point the "Connecting..." remains displayed with the spinning circle in the bottom right of the Finder window.... spinning. This situation continues for several minutes until is seems the system gives up.
  If I click on the Path button on the Tool Bar, and go up to the Shared level, ALL the Shares on the Network are displayed, including all the Tiger Client machine shares. I can click on the triangle beside the Tiger Client's icon, and all the drives and home directories on the Mac are listed. All the client shares can be accessed without any issues. NOTE: There are no other Leopard clients on the LAN.
  Prior to the Leopard upgrade, this client could connect to the Tiger server as well. All the other clients on the LAN can access the Tiger server also.
  On the Leopard client I have tried clicking and the "Connect As..." button and using the menu "Connect to Server" and specifying the server's IP, and I get the same "Connecting..." message with a "non-connecting" result.
  I can only assume that somehow the Account Name and password are not being passed correctly. But, using "Connect As..." should resolve that. However, "Connect As..." does not give me a user/password window!
  If I check the AFP Access log on the Server, the only messages displayed are "Mounted Volume..." No messages in the error log, and no messages in the "Connections" section.
  Can anyone help me figure out why the Leopard client can not connect to the Tiger Server?
  My apologies if the description of my problem is a bit disjointed. I have been thrown into server admin and am learning "Trial by Fire".
  Any help or suggestions on how to resolve this issue will be greatly appreciated.
  Thanks
  Gary
  Message was edited by: Gary Sumlak

  OK. A quick update.
  After waiting for about 10 minutes for the rotating circle in the bottom right corner to stop, I was able to click on the "Connect As..." button. It took another 10 minutes, but the Connect As window eventual popped up. I entered the Userid and Password (saving to Keychain) and was able to see all the sharepoints on the the server. I browsed all the connected drives and folders without issue.
  I then disconnected from the server. Reviewing the AFP logs on the server shows messages for the connection Login and Logout.
  I then tried to reconnect to the server, and again another 10 minutes wait, although this time the Leopard client eventually connected automatically with the proper User, as per the AFP logs confirms.
  Although, the client can now connect to the server, for it to take 10 minutes will be unacceptable to management, not to mention the end user. Tiger clients can connect in a couple seconds!
  Is there a way to reduce the Leopard login time to, say, a couple seconds, like it does with the Tiger clients?
  Again, any help or suggestions would be greatly appreciated.
  Thanks
  Gary

• How to maintain default folder view (broken when leopard clients connect)?

  hi there,
  we run 10.4 tiger server and have the problem that if 10.5 leopard clients connect to the share their changes to the folder view become the new default for everyone connecting after them. with 10.4 clients the default folder view is looked to the settings of the admin.
  is there a way to bring back this feature with 10.5 clients connecting? lock the default folder view of shares?
  this question was asked before by andy lowe (http://discussions.apple.com/thread.jspa?threadID=1571877&tstart=45) but never answered.

  It's "show view options" in English. Also obtained by typing CMD+J
  Those only apply to the top-level folder. Each folder you open uses whatever you've elected to use as the defaults. Select a folder, CMD+J, set the view as you desire, click on Use as Default button. That setting will be used for all windows that you open in the future that have never been opened previously. All other windows that you opened will retain whatever view you previously selected for them.
  If you want to reset everything to one view, close all open Finder windows, launch the Terminal app (/Applications/Utilities/), copy & paste this command into the window that pops up,
  find ./ -name ".DS_Store" -depth -exec rm {} \;
  hit the return key, quit the Terminal app, restart, open a Finder window, CMD+J, set up the view options as desired, click the Use as Defaults button, and close the view options window. Now, every Finder window you open will have this view.
  Once you sort this out, see:
  Switching from Windows to Mac OS X,
  Basic Tutorials on using a Mac,
  Mac 101: Mac Essentials,
  Mac OS X keyboard shortcuts,
  Anatomy of a Mac,
  MacTips, and
  Switching to the Mac: The Missing Manual, Snow Leopard Edition.
  Additionally, *Texas Mac Man* recommends:
  Quick Assist,
  Welcome to the Switch To A Mac Guides,
  Take Control E-books, and
  A guide for switching to a Mac.

• Leopard client controls view of tiger server share point

  Hi, recently purchased a Mac Mini running Leopard all patched. Connected via afp to a Xserve RAID, Xserve running a sharepoint using ACL's. In list view the leopard client controls the list view on the Xserve, meaning that all the other Tiger clients see the leopard clients folder structure when they connect to the sharepoint. I have not changed any settings on the Xserve, just re-propogated the permissions and ACL's.
  Any ideas would be great,
  Andy

  ipb1962 wrote:
  BUT When I use the DHCP service to specify my DNS to a Leopard Client from (Tiger Server on a G5)
  it does not resolve to any internet address.
  Can you clarify what you mean here?

• Leopard client login problem (Tiger server)... why can't I authenticate?

  I look after a number of Macs and PCs at my company. Most Macs are running the latest version of Tiger but the newest machine came with Leopard. All users log into network accounts on our Xserve, running OSX Server (Tiger). However, the Leopard client machine refuses to log in to any network account, including the one I set up specifically for the machine's user, shaking its login window at me.
  Users connect using Open Directory Master on the server and none of the Tiger clients have ever had problems logging in.
  On the troublesome client machine, I have bound to the server correctly in Directory Utility which declares that the server is responding normally. At the login screen I get a green light and "Network Accounts Available" when I click through the options above the user name field so I know the machine can see the server.
  I can successfully log in to a local account and subsequently mount the server volumes using the new name and password I've set up for the user.
  What have I missed?
  So far, in my attempts to resolve this I have done the following:
  Removed the password from the new account;
  Unbound from the server, changed the short name of the computer, re-bound to the server;
  Tried logging in to other accounts known to be working;
  In WGM checked that the NFSHomeDirectory entry shows the complete path for the user's home directory;
  Trawled through endless forums for clues.
  Kerberos is not running. Does it need to be for authenticating Leopard users?
  Is there an issue with clear text passwords in Leopard? Seemingly eliminated through a no-password test account.
  I'm sure that I logged in successfully once after setting up the machine but, after installing Leopard updates, logging in has consistently failed.
  Anyone else having similar problems? Better yet, anyone have any answers?

  No need to apologize. I learned the same way you are...
  I think you may end up re-binding the 10.4 clients if you kerberize the server.
  You may want to go to the server forum for folks with more definitive annswers.
  http://discussions.apple.com/category.jspa?categoryID=96
  In any case, make sure you have a reliable backup before you do anything.
  Jeff
  Message was edited by: Jeff Kelleher

• Local KDC (LKDC) relating to Leopard clients logging into Tiger Server

  This is a follow-up to my posting on this thread:
  http://discussions.apple.com/message.jspa?messageID=5982070#5982070
  Pursuing the problem I had when I upgraded to Leopard, I found it odd that trusted binding to Tiger OD from a Leopard client created a funny computer entry in the Workgroup Manger (WGM). Previously when using trusted binding from a Tiger machine to a Tiger server, one entry would be created. And Logging in as an OD user worked every time for me. However, it appears that under 10.5.1 Kerberos has changed significantly in that it is now being used extensively through the Leopard OS for Peer-to-Peer applications. This may account for the screwed up Computer account entries in WGM when a 10.5.1 client binds to 10.4.11 Server using trusted binding. The giveaway clue to this is the LKDC:SHA1 entry created in the WGM computer record (usually 3 seperate records for 10.5.1 instead of the normal single record with a Tiger client). My question is this:
  Are there any changes that can be performed via command line on the 10.5.1 client to mimic the old 10.4 client Kerberos configuration without pervasive Peer-to-Peer use of Kerberos? Is is a config setting for the mit.kerberos file? Could it be as simple as flipping a switch to get the older more compatible Kerberos config of a 10.4 Tiger client? Can I dump the Local KDC present in Leopard, and get back to the good old days of non-local KDC under Tiger?
  http://www.afp548.com/article.php?story=LeopardServerReview-LocalDirectory
  "The Local KDC
  Yes, you read that right, the local KDC. All Leopard client systems will now create a Local KDC for use with peer to peer file sharing.
  While this isn't even as close to as scary as it seems, it is a topic worthy of at least a separate article, if not a whole series. I put on my thinking toque and sat in my thinking corner for a while on this, and I've not yet been able to come up with a reason for why having a KDC on every machine is less secure than how 10.4 did things. Having said that, though, I fully understand how this can seriously freak out your network security team as they don't quite grasp all the ins and the outs of this. Combine this with Back to My Mac, another article that's forthcoming, and you have a very interesting collection of some "sleeper" features in Leopard.
  So, in a nutshell, a Local KDC, the LKDC, is created when 10.5 is installed. Local users will get LKDC authentication authorities allowing them to get Kerberos tickets and use that for single sign on to all the services hosted on that client system. Kerberos is supposed to be only used when you use Bonjour to discover the other machine. So primarily in peer to peer on the same LAN cases.
  It works, you can see this for yourself. Screen share to another machine as a local user by picking the machine out of the sidebar in the Finder. You'll have to enter in your password the first time, but after that you can close out of that screen sharing session and restart it without having to re-enter your password. You can also see the ticket in the Kerberos.app, still buried in /System/Library/CoreServices."

  Eric,
  Thanks so much for your thoroughness and assistance. I think we have decided, for now, to forgo the 10.5 clients attaching to the 10.4 server because of too many intermittant issues. Similar machines on 10.5 gave different results. And at this point, our client is very skittish about the process working at all. I think we need more testing and that is the directon we'll take for now.
  Here are some of our results:
  I did find information on afp548 regarding the 10.5 preference. It was specificall referenced in this article:
  http://www.afp548.com/forum/viewtopic.php?forum=18&showtopic=16064
  Clearing the check box on the 10.4 server under OD > Settings > Security "Require password change on new user login" did solve the memory issue that kerberos was having. After clearing the setting, I:
  * deleted all binding references at the server (WGM > Accounts > Lists > All Computers
  * Deleted the bindings at the client and the the LDAP server references in Directory Access
  * Restarted the machine
  * Reconnected the LDAP server, Rebind the machine
  * Check the LDAP search in issuing id <username> in Terminal
  * OPen System PReferences > Accounts > Login Items, the preference is there!
  * Yeehah
  Oh, but the user still can't login in that machine. Uhm, why? I have no idea. I take a new machine, 10.5.1, no login accounts except a local admin, and no that user still cannot login. Other users, no problem, but not that user.
  Take a new system, 10.4.11, set up the binding, the LDAP server, try to log in that same user: works every time. Ugh.
  So of course, I think there is something up with that user, but nothing in logs gives an indication of what is going on. That I can find. THis is after 10 hours of testing and trying. Needless to state, the client is frustrated, and so am I.
  You know, we do have one 10.5.1 client laptop that did work. After lots of binding and rebinding, it just somehow starting working as expected. But, the reason that we're sticking with 10.4 clients for now is that machine will not respond to password change mandates. I select that user in the WGM, check the "require password change on next login" and nothing happens on their end. They are not an admin, I have reset their account more times than I can count, and so I expect there are more non-working items with 10.5.1 clients and 10.4 server that will get me. It needs more testing for now.
  So, back to your message, I haven't tried the SSL certificate, but I will give that a try.
  In general, for your network, how are your laptop users configured? As mobile users? Network homes? Or Local homes?
  Thanks again for your help. I really appreciate it.

• Tiger server, Snow Leopard Client and Illustrator CS4

  We have a strange problem happening with the one Snow Leopard client we have accessing our Tiger server. In certain directories (not in all) if the user opens an Illustrator CS4 file, makes changes and goes to save the file they get the message that the file is either locked or in use by another user (it is not). This does not happen with any other kind of file in that same directory. The server is connect to AD so the user accounts come from the AD but on this machine we have the same problem regardless of the user account used to mount the server volume. It also doesn't matter if I use a local account on the server to mount instead of AD. I have the same problem if I connect via SMB instead of AFP. Other machines (Leopard) can work on these files with no problems.
  A couple of other bits of information which might be useful. If the user opens the file, does a save as to the same name and same folder and replaces the original they can work on the file and save it with no problems. As soon as they close the file and reopen it they have the problem again. Also, if they run into the problem, close all programs on the computer and try to unmount the server volume they get the message that the volume is in use and cannot be ejected. I have checked and there are no invisible files being created in the directory where this file resides.
  What is strange is that the problem does not happen in all directories although when it happens it is repeatable in that directory. Happens every time. I have tried changing the name of the folder to something simple and it still happens.
  Any suggestions on where to go with this problem??

  No progress yet. Have tried a lot of things with preferences on the server. I have confirmed with another snow leopard machine that this is not related to the machine in any way. I have not yet had a chance to test it on another Tiger server but given the fact that you are seeing it as well I would say there is a problem with the two operating systems cooperating.
  As I said, I do have a temporary workaround. If you do a save as with the document, choose to overrite the original it works and then lets you continue to work on that file and save for that session. After you close the file and reopen the problem returns but at least for that session you are fine.

• Leopard Client Tiger server mobile home directory not working... hmmm

  Mobile home directory is not working for my leopard clients with my tiger server.
  I can log in via the Apple server account that is set for mobile.
  On my tiger clients it prompts me to confirm my mobile account on log in and everything works fine if i unplug the network cable.
  on my leopard clients no prompt at log in. so i go to account under system prefs and see that the account says mobile..and i click on make mobile account in the account pane in system prefs says will reboot and make account.. prompts for password for mobile account i put it in and then it says there was an error in making mobile account and then it takes me back to the main log in window.
  every client i have on leopard does this...
  am i missing something?
  thanks in advance,
  Jesse

  Tiger server can control mobile account syncing and other features present on Tiger clients.
  See this post for some more info on setting Leopard mobile account preferences on Tiger servers:
  http://discussions.apple.com/thread.jspa?messageID=6829482&#6829482

• Leopard Client to Tiger Server

  I currently have roughly 80 eMacs that all connect to a 10.4.10 server. I have upgraded one of the computers to leopard and now the workgroup management piece seems to not be working properly.
  I can login into the computer since it talks to AD for authentication but it doesn't not read the preferences from workgroup manager. (Blocked applications are able to be opened and shares do not mount)
  This all works on 10.4.11 with no issues.
  Please help.

  I finally got around to upgrading the Tiger server to 10.4.11. I have the same issue on the Leopard client of shares not mounting and applications (ie iTunes) being able to be opened. The other computers in the school all run 10.4.11 and the workgroup manager preferences work fine on those machines.
  This laptop was upgraded to 10.5 so I'm not sure if that's where the problem lies. Perhaps I should try a clean install?

• Panther and leopard clients on a tiger server...expected problems...

  I wanted to share a scenario that is happening in the school district I work for and see if anyone has had any experiences similar and can offer some advise before I blindly proceed.
  One of the schools I work in uses a single 10.4x server, and all the users in the school have a network account where they can log into managed work groups.
  The computers are all running 10.3x and I have had no problems at all. Users are able to log in, see their network home folders, launch all the allowed applications.
  The school is purchasing 76 new Imac computers with the new 10.5 OS on them and I was wondering what kind of problems users might experience when logging into these new workstations if they are bound to the existing server.
  I was able to bind a 10.5 mac to the 10.4 server and was able to log in using a network account, see the items that were in my network home folder, launch applications I was permitted to launch and was denied applications denied in the applications preference in workgroup manager for the workgroup I was logged in to.
  This is very preliminary testing and was wonder what some of you who are in similar situations have experienced.
  Another concern is best described by painting a scenario.
  A user logs onto a 10.3 computer and launches an application like imovie, an older version of imovie, and does some work on a project. He then saves it and moves to one of the new imacs with 10.5 on it and a newer version of imovie.
  Will the newer version of the application run with the older preference files for it.
  Will the preference files be rewritten and if so will the old version of imovie be able to read those or will it try and rewrite them.
  Will the project created with the old version of imovie be readable by the new version.
  Will the new version of imovie update the project file and if so with the old version of imovie still be able to open it?
  I seem to remember reading something about how panther wrote preference files for applications completely differently than tiger did, and if so then can I expect the same for leopard client written pref files.
  As you can see I have lots of questions and if I can learn from other peoples experiences then I can go into this knowing a little bit on what I can expect and hopefully this wont be a big disaster.
  Mark
  SD34

  Will the newer version of the application run with the older preference files for it.
  While I dont know this for certain, I do know that when I did an archive and install (which copies the old preferences for applications as well as the apps themselves to the new system folder) things have worked fine. I think the preference-writing scheme depends on the individual program version, and minor updates to the program (ie: Safari 3.0.3b vs 3.0.4) shouldnt change this.
  Will the preference files be rewritten and if so will the old version of imovie be able to read those or will it try and rewrite them.
  When you modify any preferences the files will be rewritten. If the programs have similar versions then they should be fine. All preferences are written to the same directory (~/Library/Preferences/) so if the program versions are the same then the preferences will be written similarly.
  Will the project created with the old version of imovie be readable by the new version.
  I'm assuming you mean going from iMovie HD to iMovie '08. I've not done this personally, but as far as I know the files will import, but the transistions and other special effects that are only available in the older version of iMovie will be removed. The media files and sequences should be preserved.
  Will the new version of imovie update the project file and if so with the old version of imovie still be able to open it?
  I dont know about the old version of iMovie being able to import the new version's projects, but the new version will update the projects when you save it.
  I seem to remember reading something about how panther wrote preference files for applications completely differently than tiger did, and if so then can I expect the same for leopard client written pref files.
  I believe the writing of preference files usually depends on the individual application, not the system.