List of Network Users in Loginwindow Omitted

I have a Mountain Lion 10.8.5 client machine joined to a Mountain Lion 10.8.5 OS X Server on which I have completed DNS, OD, and network account configuration steps.  I have added a network account on the server (and Server.app displays the account as 'Local Network User').  Also, I have placed the client machine into a device group and created/pushed a profile to the group that includes a Login Window payload specifying that network users are included in the list of users. After pushing the profile, I confirm that the client machine indeed shows the desired Login Window settings in the 'Profiles' preference panel and I also confirm that /Library/Managed Preferences/com.apple.loginwindow.plist indeed shows IncludeNetworkUser as 'True'.  The client machine has been rebooted.
From the client machine, the loginwindow, however, displays only local accounts and 'Other...'.  I can select 'Other...' and successfully login to the new network account.  Yet I seem unable to get the the loginwindow to include the network account in the user list even though the profile appears correct and the account itself seems to be in good working order (since an 'Other..' login is accepted).
When I examine the client log in Console, I see nothing that obviously indicates a problem in loginwindow that is relevant to opendirectory.
What might I have done wrong?  Suggestions on how to narrow down the problem?  Is there a debugging aide that might be useful, or some verbose logging of loginwindow behavior that I can enable?

Thanks for replying.
Yes, the client's Ethernet is set to use DHCP and my DHCP server hands out a DNS resolver config that specifies the OS X Server machine as the nameserver.  And in my client's network preferences for the Ethernet link, on the 'DNS' tab of the 'Advanced' settings, I indeed see that my DHCP assigned settings were applied (using my own DNS zone served from the DNS server on the OS X Server machine, and using the IP address of the OS X Server as the nameserver).  So I =think= these all look correct.
I add some more info...
When I run 'id' from the command line, it includes 'workgroup' in the list of groups, which is the OS X Server's group for network accounts.  I treat this as confirmation that OD queries for user/group info from the OS X Server are in working order.
I wish there were some sort of debug trace log I could turn on for loginwindow so that I could have a look at how/when it queries OD.
I have a second client machine setup like the first, also running 10.8.5 and joined to my OS X Server - and this one actually =does= display network accounts in the loginwindow.  This second client machine is in the same Profile Manager device group as the first, and hence has exactly the same profiles.  Same DNS config, too.  I haven't been able to identify a difference between the two machines that would explain why one displays network accounts in the loginwindow while the other does not.  The second client client machine is WiFi while the first is Ethernet, but that shouldn't be relevant (?).
This difference in behavior between the two machines has persisted through reboots of both (and a reboot of the OS X Server).

Similar Messages

  • Network User List Not Updating

    I manage a lab of ~30 iMacs which are bound to an Open Directory on a G5. The client computers set so that their login windows show only network users accounts in a list. However, they don't seem to be getting the actual list of network users from the server. Rather, in /Library/Preferences/com.apple.loginwindow.plist there is a NetworkUsers array which contains the users listed by loginwindow. No matter what this array is never updated, not since it was originally created it seems. Furthermore, if I delete the plist, loginwindow reverts to name/password fields and never gets the list of network users. Clients can still log in, and MCX settings are updating correctly, it's just that loginwindow can/does retrieve the network users to display in the list. I've tried refreshing preferences, rebinding the computers, changing the computerlist settings on the server, deleting the MCX cache...just about everything I can think of short of clean installing the clients and/or the server (which, ya know, I'd really rather avoid . I've seen several other topics in the discussions that sound similar to mine but all seem to have slight variations and none seem to be fully answered so I'm sure many would appreciate any help on this topic. All of the computers are running 10.4.4.
    PowerBook Al 15 1.5GHz   Mac OS X (10.4.4)  

    I had already checked (search based) that as I had that with 10.3 and 10.4 server.
    I did however solve it today, but am not 100% sure on what I did.
    Here is what I tried.
    I was trying to add restart to the applemenu, and did so and the restart appeared, but was then trying to look for ways to remove the logout so as to force the users to restart rather than logout but could not find it. I looked in the forced com.apple.finder.plist which was under the details options in preferences rather than the finder icon, and since there was no key in there I removed it from the computer list prefs and the pupils groups prefs. I then looked at the finder prefs from the icon in system prefs on WGM and noticed that I had blue dashes meaning some set some not. I cleared them be setting them as I wanted and then double checked but noticed they were back to dashes so did them again by doing never then apply and then always and resetting them to as I want (I think that is was I did) and then checked and they were ticked or unticked and no dashes. I then just happened to log on with a client to see if the applemenu was fine and noticed that it no longer showed the restart so had to log off upon which the list appeared.
    I think that one of the com.apple.finder.plist in either the group or computer list details prefs was the problem.
    I hope that it is okay and will stay like this, until I relook at to why the restart is not happening and knowing sods law will solve that but get no list again.

  • Network users doesn't show up on snow leopard client

    Hello,
    I am having a weird problem with my snow leopard client that won't show a list of the network users.
    The server is a open directory server and other snow leopard client can show the list of the network users on login screen except one. I've tried different connections via ethernet or via wireless. (I have 2 client set up at the moment, they are exactly the same clone, client #1 show the list of network user but not client #2).
    client #2 will immediately recognize the network accounts are available upon start-up but won't show the list. The computers are added to workgroup manager's computer list and is managed but if the network list doesn't show up on the client that makes the client un-managed.
    Could anyone kindly give me advise please?
    Thanks!
    Sumomo

    Hi
    +". . . they are exactly the same clone . . ."+
    This might be where your problem begins and ends? If you joined client # 1 to OD and then cloned this to create client # 2 then you're probably going to have the problems you're seeing?
    If you want all your workstations to be the same it's best to remove any references to any LDAP Server as well as any TGTs. It's also a good idea to give each client workstation unique names prior to joining an LDAP Directory after they've been imaged. You can create a NetBoot Image with an associated workflow that will define unique names as well as join an LDAP Directory as Post Install actions.
    The above assumes you actually meant to post in the appropriate Snow Leopard Forum rather than the 10.4 one? Perhaps you should have posted here:
    http://discussions.apple.com/forum.jspa?forumID=1349
    HTH?
    Tony

  • Network users file permissions won't allow documents to be moved or deleted

    Sorry for the confusing title.
    It's late, and if I've missed any details, please feel free to ask for them.
    I've migrated a couple of desktop users to a network user based environment.
    Data files were copied off workstations to an external drive, which were then placed on the file server.
    Local computers seem to connect fine.
    All show the network user list.
    Network users can login (Do not want to sync mobile account)
    Logged in user can create files just fine, save files etc. These files can seem to be moved around the users home just fine.
    however if said user needs to move an existing file in their own home/documents folder or desktop or wants to delete a file, they get a prompt for the local admin of the computer their working on. Even if this account is entered, it doesn't seem to allow the requested change to take place.
    If i attempt to open, then save over an existing file, it makes no difference.
    if i do a save as to a new file (ie. different name), then it behaves properly.
    doing a permissions comparison of a new file vs an old file, they have matching permissions but the existing files have an extra set of "everyone" permissions.
    I can't seem to modify this from the user or even from the server, ie. remove the extra everyone to make them similar.
    It would seem to be a permissions issue, but it just doesn't make any sense.
    Does anyone have any suggestions for permissions or a settings to check?
    I've gone to the point of propagating full read/write access to the home directory for all users, inherit to child files and folders, but it just doesn't seem to make a difference
    I'm looking for a global fix, as clearly adjusting all these individual files is unacceptable.
    Thanks in advance,
    James

    Get Info not available.
    Nothing happens

  • Long delay when logging in Network User

    Hello,
    We are running into a weird problem.
    We have an XServe G5 2.0 GHz DP with 5 GB RAM, providing multiple services to a small school.
    The Users have Network-based accounts, and are authenticated via OD on the same server.
    Lately, Users have started experiencing a very long delay when logging in.
    At the login prompt, if they input the wrong password, they get "the shake" right away, which indicates that the authentication speed is rather fast. If they do input the right credentials, nothing happens for 25 - 30 seconds, and then login proceeds as usual, fairly quickly. The machines are normally responsive from there on, i.e. it is not a network performance issue. Also, even if no one is on the server, the first one to log in runs into the same issue, i.e. it is not a server overload issue. Does anyone have an idea what is going on? Any suggestions for a solution will be appreciated.
    Best regards,
    Alain Chammas

    Hi
    This could be down to a time sync issue. Are Server and Clients all using the same Network Time Server? Do you see a similar delay when presenting the login window displaying a list of network users? If you did not know this is a computer list mananged preference. Anything unusual in the system.log?
    Hope this helps, Tony

  • Show Network Users (as List) not working consistently (10.5 server/client)

    I am running an Xserve with 10.5.5 Server as an Open Directory Master. When I go to the Computer Group the clients are listed in and set the preference to show network users as list on the loginwindow, the clients are not constantly displaying the list. Network Accounts are available on the client and typing the username in Other is also logging in.
    What I think is strange is that my custom heading always displays, so I know I'm getting at least some of the mcx settings on the client. This was not a problem with 10.5.4 client/server combo. If only local accounts are listed, you can restart and 50% of the time the network users show up in the list. You can also log in as a local user and log out, this will sometimes refresh the list to display network users. However, whether or not the users are displayed in the list, network accounts are always available and can login via Other.
    Does anybody know what I can do to fix the problem? It is an elementary school environment, so it is not feasible to have kindergarten students to type out their names every single time.
    One possible solution I came up with is to replace the 10.5.5 loginwindow on the client with the 10.5.4 version, but 10.5.5 supposedly fixes a lot of problems with it. Are there any negative consequences that could occur from doing this besides the fact that I lose the security fixes to the 10.5.5 version? I know that my 10.4.11 clients do not experience this problem, so I'm guessing that the 10.5.4 loginwindow might just work, but wanted to see if anyone knew of any issues in doing this.
    I have also written a program that manages our clients for automated naming, image OS version assignment with NetRestore, and generate import files that create computer and computer list records for Workgroup Manager. This information is stored in a MySQL database and the program I wrote generates files that are imported into Workgroup Manager for list assignment. The computer lists are generated by room number, and computers are assigned names with their corresponding room number and placed in the appropriate computer list. In 10.5, I see that there is a push for Computer Groups rather than Computer Lists. However my program assigns computers to lists using the computer record name rather than the generated uid of the computer record like the computer group expects. From what I understand, the only benefit to Computer Groups is that you can include other Computer Groups within Computer Groups. Does this create any issues for mcx management? I have tried both groups and lists and have the same problem with loginwindow network user lists on 10.5.5.
    Another question I have is how do you change the Cache settings now in WGM? In 10.4.11, there was a "Cache" tab where you could force clients to refresh the MCX cache after x amount of time, but the tab has been removed in 10.5. Can I add that mcx flag to Open Directory and have my 10.5 clients respect the policy, or has this been outdated in 10.5?
    Thanks,
    Chris Bethel
    Hamilton County Dept. of Education
    Chattanooga, TN
    [email protected]

    Thanks for your reply, it gave me an idea that seems to be working so far:
    This is not feasible for anything other than an elementary school with network homes. It is extremely insecure but when you need a working product, you pretty much gotta do what you gotta do. Here's what I've done:
    1. I created a local administrator user with the name "@ Refresh List" with short name "refreshlist" with no password.
    2. Launch Script Editor (in /Applications/AppleScript/Script Editor) and paste this code:
    do shell script "rm -Rf '/Library/Managed Preferences'" password "" with administrator privileges
    do shell script "killall loginwindow" password "" with administrator privileges
    3. Save with file format set to Application, check "Run Only" and uncheck all other boxes to somewhere the user home folder.
    4. In the Accounts pane of System Preferences, select the "@ Refresh List" user and go to the Login Items tab.
    5. Drag in the application you just saved.
    6. Quit System Preferences and log out.
    This is EXTREMELY bad for security, but since its elementary school students and network home folders, there's not much for them to mess up. It provides a 1-click process to updating the much needed list.
    Also -- I've tried swapping out loginwindow with 10.5.4 and experienced the exact same result.
    My fix is quick and dirty, but gets the job done.
    Does anyone else have any suggestions?
    Message was edited by: WollarinTJ

  • Network User Login Hangs at 'loginwindow' Occasionally

    The client is a macbook pro (2012) with 10.8.5, the server is a mac mini also running 10.8.5 (w/ OSX Server).
    Network user logins usually work fine.  About 10% of the time, however, the loginwindow displays a spinning beachball endlessly after the name/password are supplied.  The workaround is to login to the client via ssh and 'kill -HUP' the user's loginwindow process; then the next login attempt will work.
    Examining logs, I find that the 2nd through 4th lines of the following sequence of messages appear on the client in the case of the above failure (in the case of a successful login, only the first line appears)...
        Apr 26 08:20:06 whbbook.local WindowServer[153]: Display 0x04248a6a: MappedDisplay Unit 2; ColorProfile { 2, "Thunderbolt Display"}; TransferFormula (1.000000, 1.000000, 1.000000)
        Apr 26 08:20:07 whbbook.local SystemUIServer[36439]: CGSCopyWindowShape: pid (36439) passed NULL window
        Apr 26 08:20:07 whbbook.local SystemUIServer[36439]: could not update menu bar region, 1000
        Apr 26 08:20:07 whbbook.local SystemUIServer[36439]: CGSSetWindowTransformAtPlacement: Singular matrix [0.000 0.000 0.000 0.000]
    Google reveals nothing helpful for the search phrase 'SystemUIServer CGSCopyWindowShape'.  I suspect the underlying cause of the symptom has to do with the fact that SystemUIServer ended up with a NULL window.
    I've already done the usual 'couurtesy' steps of a disk permission repair and a safe boot on both machines.
    Any interpretation of this, or recommendations?

    Check if this works :
    http://social.technet.microsoft.com/Forums/windows/en-US/452798be-30fb-4357-bd6f-827976e3637a/please-wait-for-the-user-profile-service-slow-logon?forum=winservergen
    Arnav Sharma | Facebook |
    Twitter Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members
    reading the thread.

  • File Sharing (Read & Write) with a Network User - "Network User" Not Listed

    My boyfriend and I both have Macs, running 10.6.3. Both Macs are connected to the internet via Apple Wireless Express. I have a MacBook Pro, and my boyfriend has an iMac with a big fancy screen, so I like to use for my own work when I'm at home and he isn't - it's just easier and more comfortable to use than a laptop.
    I would like to find a way to use his computer to access a shared folder on my laptop with read & write access (so that I can modify the files on my laptop while using his computer). I have gotten to the point where I have a folder on my laptop with the files I want shared with his computer, and can access this folder from his computer. However, doing it this way (accessing my files on my laptop from his computer) only allows read-only access. I would like to be able to edit the files that are on my laptop using his computer, so I think I would need read and write access.
    It seems the easiest way to do this would be to add a user (the boyfriend) on my laptop and give him read/write access to this specific folder that is located on my laptop. I found instructions on how to do this, and it says that I need to add a "network user". These instructions seem to indicate that when I add a user, there should be options for accounts on my laptop, my personal address book, a new account on my laptop, and network users. I see the first 3 options...but no option to add a network user.
    Why is that? How would I make it so that from my laptop, I can add a network user...specifically my boyfriend's computer, who also uses the same internet network that I use?
    Thank you so much for any help!

    Also found this behavior:
    While logged into the Mac Pro as MPUser1, I connect to the MacBook Pro file sharing as MBPUser1.
    Then I "disconnect".
    Then I log out of the Mac Pro MPUser1, and login as MPUser2.
    The connection to MBP as MBPUser1 is still active!
    This means that MPUser2 can access whatever MBPUser1 can access WITHOUT knowing MBPUser1's login password !
    This seems WRONG! Anybody else seen this?

  • How can I restrict Lion to only allow certain network users to login when bound to an Active Directory?

    Hi,
    I'm trying to find a way to configure which network users can login to a lab of iMacs running 10.7.4. They're being deployed using DeployStudio, and the Macs are bound to an MS Active Directory by a script that runs as part of the workflow. I'd like to have another script run after the AD binding to permit only users in certain AD groups to be able login to them.
    I'm halfway there, in that using dseditgroup I can easily add AD groups or individual users to the relevant group (deseditgroup -o edit -a <domain\\group name> -t group com.apple.loginwindow.netaccounts. After running this I can see the desired groups added to the list in Sys Prefs -> Users & Groups -> Login Options -> Options. However, membership of this group is deemed irrelevant by the fact the radio button above this list for 'Allow these users to log in at login window' is still set to 'All network users' and not 'Only these network users'.
    Does anyone know of a way to enable the 'Only these network users' option via the Terminal/a shell script?
    Thanks,
    Chris

    I tried that, thinking it was exactly what I wanted, but it still sends stuff as SMS (green bubble).

  • Customized User Profiles not loading for Network Users

    I manage Macs in public computer labs and classrooms at a university. My general set up is as follows:
    Clients are running 10.8.5, OD Masters are running 10.7.5. Open Directory Master to manage client preferences for Login window and screen saver. Clients bind to Active Directory for authentication purposes only. Networked users home directories are stored locally then deleted at log out. Using Deploy Studio to image and restore clients.
    My customized user profiles are stored in /User Templates/Non_Localized.lproj.(I also update English.lproj for any local users that may need to be created for various reasons).
    Recently I have come across a situation where, randomly, my customized user profile does not load at Login, and I am given the out-of-the-box default Apple profile. This is happening in 11 of my 14 labs. I have three labs that seem to not be affected by this.
    On some labs I manage the DHCP, some labs I do not, and rely on our Networking group to supply DHCP and DNS. Because of this setup I have six different DNS server that may be in the mix. Two are Unix boxes, the other four are the Active Directory Domain Control servers. I did create a spreadsheet of all the AD/OD settings for each lab to see if I could find some kind of pattern, but don't see a way to upload it.
    The one thing I do notice is that when I do a mass login using a shell script via Apple Remote Desktop, when the profile fails to build correctly, the user login is quick, much quicker than when the correct profile loads. Almost as if a packet is sent the the OD server, it's rejected, and bam, Apple's default profile loads.
    I have flushed the DNS cache of the local clients using killall --HUP mDNSResponder
    I've got one week to figure this out before classes start, so if you have a clue as to what's going on, I sure would be grateful.
    Here are logs from both the admin's account and the user's account when the default profile fails to build:
    ADMIN log:
    8/20/14 1:31:03.366 PM  CVMServer[109]  Check-in to the service com.apple.cvmsCompAgent_x86_64 failed. This is likely because you have either unloaded the job or the MachService has the ResetAtClose attribute specified in the launchd.plist. If present, this attribute should be removed.
    8/20/14 1:31:03.389 PM  loginwindow[44] Login Window - Returned from Security Agent
    8/20/14 1:31:03.491 PM  loginwindow[44] USER_PROCESS: 44 console
    8/20/14 1:31:04.084 PM  WindowServer[75]    **DMPROXY** (2) Found `/System/Library/CoreServices/DMProxy'.
    8/20/14 1:31:06.307 PM  locationd[563]  NOTICE,Location icon should now be in state 0
    8/20/14 1:31:06.478 PM  coreaudiod[560] Enabled automatic stack shots because audio IO is inactive
    8/20/14 1:31:06.621 PM  UserEventAgent[548] cannot find fw daemon port 1102
    8/20/14 1:31:08.530 PM  WindowServer[75]    Display 0x04280480: MappedDisplay Unit 0; ColorProfile { 2, "iMac"}; TransferFormula (1.000000, 1.000000, 1.000000)
    8/20/14 1:31:09.707 PM  NetworkBrowserAgent[591]    Starting NetworkBrowserAgent
    8/20/14 1:31:10.393 PM  apsd[593]   Certificate doesn't match host
    8/20/14 1:31:11.499 PM  com.apple.SecurityServer[15]    Session 100010 created
    8/20/14 1:31:13.561 PM  genatsdb[608]   ########## genatsdb Sandboxed. ##########
    8/20/14 1:31:13.562 PM  apsd[593]   Certificate doesn't match host
    8/20/14 1:31:13.740 PM  com.apple.time[548] Interval maximum value is 946100000 seconds (specified value: 9223372036854775807).
    8/20/14 1:31:14.555 PM  apsd[593]   Certificate doesn't match host
    8/20/14 1:31:45.040 PM  genatsdb[608]   *GENATSDB* FontObjects generated = 1113
    8/20/14 1:31:55.663 PM  com.apple.time[548] Interval maximum value is 946100000 seconds (specified value: 9223372036854775807).
    8/20/14 1:32:20.627 PM  WindowServer[75]    CGXGetConnectionProperty: Invalid connection 32023
    8/20/14 1:32:20.627 PM  WindowServer[75]    CGXGetConnectionProperty: Invalid connection 32023
    8/20/14 1:32:20.627 PM  WindowServer[75]    CGXGetConnectionProperty: Invalid connection 32023
    8/20/14 1:32:20.627 PM  WindowServer[75]    CGXGetConnectionProperty: Invalid connection 32023
    8/20/14 1:32:20.628 PM  WindowServer[75]    CGXGetConnectionProperty: Invalid connection 32023
    8/20/14 1:32:20.628 PM  WindowServer[75]    dict count after removing entry for window 0x2a is 0
    8/20/14 1:32:20.641 PM  com.apple.launchd[1]    (com.apple.quicklook.satellite.4D0B4319-944D-49A6-A515-02F31AE3C235[628]) Could not terminate job: 3: No such process
    8/20/14 1:32:20.641 PM  com.apple.launchd[1]    (com.apple.quicklook.satellite.4D0B4319-944D-49A6-A515-02F31AE3C235[628]) Using fallback option to terminate job...
    8/20/14 1:32:20.645 PM  coreservicesd[65]   SendFlattenedData, got error #268435459 (ipc/send) invalid destination port from ::mach_msg(), sending notification kLSNotifyApplicationDeath to notificationID=188
    8/20/14 1:32:20.647 PM  coreservicesd[65]   SendFlattenedData, got error #268435460 (ipc/send) timed out from ::mach_msg(), sending notification kLSNotifyApplicationDeath to notificationID=147
    8/20/14 1:32:20.647 PM  coreservicesd[65]   SendFlattenedData, got error #268435460 (ipc/send) timed out from ::mach_msg(), sending notification kLSNotifyApplicationDeath to notificationID=194
    8/20/14 1:32:20.648 PM  WindowServer[75]    CGXGetConnectionProperty: Invalid connection 32023
    8/20/14 1:32:20.648 PM  WindowServer[75]    CGXGetConnectionProperty: Invalid connection 32023
    8/20/14 1:32:20.648 PM  WindowServer[75]    CGXGetConnectionProperty: Invalid connection 32023
    8/20/14 1:32:20.648 PM  WindowServer[75]    CGXGetConnectionProperty: Invalid connection 32023
    8/20/14 1:32:20.648 PM  WindowServer[75]    CGXGetConnectionProperty: Invalid connection 32023
    8/20/14 1:32:20.716 PM  loginwindow[44] DEAD_PROCESS: 44 console
    8/20/14 1:32:20.891 PM  com.apple.time[548] Interval maximum value is 946100000 seconds (specified value: 9223372036854775807).
    8/20/14 1:32:20.929 PM  WindowServer[75]    CGXGetConnectionProperty: Invalid connection 32023
    8/20/14 1:32:20.929 PM  WindowServer[75]    CGXGetConnectionProperty: Invalid connection 32023
    8/20/14 1:32:20.929 PM  WindowServer[75]    CGXGetConnectionProperty: Invalid connection 32023
    8/20/14 1:32:20.929 PM  WindowServer[75]    CGXGetConnectionProperty: Invalid connection 32023
    8/20/14 1:32:20.929 PM  WindowServer[75]    CGXGetConnectionProperty: Invalid connection 32023
    8/20/14 1:32:20.930 PM  coreservicesd[65]   SendFlattenedData, got error #268435459 (ipc/send) invalid destination port from ::mach_msg(), sending notification kLSNotifyApplicationDeath to notificationID=158
    8/20/14 1:32:22.259 PM  WindowServer[75]    CGXRestartSessionWorkspace: session workspace exited for session 256 (on console)
    8/20/14 1:32:22.259 PM  WindowServer[75]    Session 256 released (1 references)
    8/20/14 1:32:22.259 PM  WindowServer[75]    Session 256 released (0 references)
    8/20/14 1:32:22.259 PM  WindowServer[75]    loginwindow connection closed; closing server.
    8/20/14 1:32:22.268 PM  apsd[593]   CGSLookupServerRootPort: Failed to look up the port for "com.apple.windowserver.active" (1102)
    8/20/14 1:32:22.285 PM  loginwindow[653]    Login Window Application Started
    8/20/14 1:32:22.299 PM  UserEventAgent[11]  Captive: [UserAgentDied:139] User Agent @port=45319 Died
    8/20/14 1:32:22.310 PM  ARDAgent[574]   CGSGetNextEventRecord (Inline) connection 0xb903, 16384 bytes
    8/20/14 1:32:22.310 PM  ARDAgent[574]   CGSShutdownServerConnections: Detaching application from window server
    8/20/14 1:32:22.310 PM  ARDAgent[574]   CGSDisplayServerShutdown: Detaching display subsystem from window server
    8/20/14 1:32:22.311 PM  blued[58]   -[CBManager init] init returning self:0x7ff6a3b04990
    8/20/14 1:32:22.329 PM  WindowServer[654]   Server is starting up
    8/20/14 1:32:22.330 PM  WindowServer[654]   Session 256 retained (2 references)
    8/20/14 1:32:22.330 PM  WindowServer[654]   Session 256 released (1 references)
    8/20/14 1:32:22.333 PM  WindowServer[654]   Session 256 retained (2 references)
    8/20/14 1:32:22.333 PM  WindowServer[654]   init_page_flip: page flip mode is on
    8/20/14 1:32:22.357 PM  WindowServer[654]   mux_initialize: Couldn't find any matches
    8/20/14 1:32:22.367 PM  WindowServer[654]   GLCompositor enabled for tile size [256 x 256]
    8/20/14 1:32:22.367 PM  WindowServer[654]   CGXGLInitMipMap: mip map mode is on
    8/20/14 1:32:22.424 PM  WindowServer[654]   WSMachineUsesNewStyleMirroring: true
    8/20/14 1:32:22.425 PM  WindowServer[654]   Display 0x04280480: GL mask 0x1; bounds (0, 0)[1920 x 1080], 30 modes available
    Main, Active, on-line, enabled, built-in, boot, Vendor 610, Model a012, S/N 0, Unit 0, Rotation 0
    UUID 0x000006100000a0120000000004280480
    8/20/14 1:32:22.425 PM  WindowServer[654]   Display 0x003f003e: GL mask 0x4; bounds (0, 0)[0 x 0], 1 modes available
    off-line, enabled, Vendor ffffffff, Model ffffffff, S/N ffffffff, Unit 2, Rotation 0
    UUID 0xffffffffffffffffffffffff003f003e
    8/20/14 1:32:22.425 PM  WindowServer[654]   Display 0x003f003d: GL mask 0x2; bounds (0, 0)[0 x 0], 1 modes available
    off-line, enabled, Vendor ffffffff, Model ffffffff, S/N ffffffff, Unit 1, Rotation 0
    UUID 0xffffffffffffffffffffffff003f003d
    8/20/14 1:32:22.429 PM  WindowServer[654]   Created shield window 0x4 for display 0x04280480
    8/20/14 1:32:22.429 PM  WindowServer[654]   Created shield window 0x5 for display 0x003f003e
    8/20/14 1:32:22.429 PM  WindowServer[654]   Created shield window 0x6 for display 0x003f003d
    8/20/14 1:32:22.431 PM  WindowServer[654]   Display 0x04280480: GL mask 0x1; bounds (0, 0)[1920 x 1080], 30 modes available
    Main, Active, on-line, enabled, built-in, boot, Vendor 610, Model a012, S/N 0, Unit 0, Rotation 0
    UUID 0x000006100000a0120000000004280480
    8/20/14 1:32:22.431 PM  WindowServer[654]   Display 0x003f003e: GL mask 0x4; bounds (2944, 0)[1 x 1], 1 modes available
    off-line, enabled, Vendor ffffffff, Model ffffffff, S/N ffffffff, Unit 2, Rotation 0
    UUID 0xffffffffffffffffffffffff003f003e
    8/20/14 1:32:22.431 PM  WindowServer[654]   Display 0x003f003d: GL mask 0x2; bounds (2945, 0)[1 x 1], 1 modes available
    off-line, enabled, Vendor ffffffff, Model ffffffff, S/N ffffffff, Unit 1, Rotation 0
    UUID 0xffffffffffffffffffffffff003f003d
    8/20/14 1:32:22.431 PM  WindowServer[654]   CGXPerformInitialDisplayConfiguration
    8/20/14 1:32:22.431 PM  WindowServer[654]     Display 0x04280480: MappedDisplay Unit 0; Vendor 0x610 Model 0xa012 S/N 0 Dimensions 18.70 x 10.51; online enabled built-in, Bounds (0,0)[1920 x 1080], Rotation 0, Resolution 1
    8/20/14 1:32:22.431 PM  WindowServer[654]     Display 0x003f003e: MappedDisplay Unit 2; Vendor 0xffffffff Model 0xffffffff S/N -1 Dimensions 0.00 x 0.00; offline enabled, Bounds (2944,0)[1 x 1], Rotation 0, Resolution 1
    8/20/14 1:32:22.431 PM  WindowServer[654]     Display 0x003f003d: MappedDisplay Unit 1; Vendor 0xffffffff Model 0xffffffff S/N -1 Dimensions 0.00 x 0.00; offline enabled, Bounds (2945,0)[1 x 1], Rotation 0, Resolution 1
    8/20/14 1:32:22.522 PM  WindowServer[654]   GLCompositor: GL renderer id 0x01022647, GL mask 0x00000007, accelerator 0x00003fab, unit 0, caps QEX|QGL|MIPMAP, vram 512 MB
    8/20/14 1:32:22.527 PM  WindowServer[654]   GLCompositor: GL renderer id 0x01022647, GL mask 0x00000007, texture units 8, texture max 16384, viewport max {16384, 16384}, extensions FPRG|NPOT|GLSL|FLOAT
    8/20/14 1:32:22.530 PM  loginwindow[653]    **DMPROXY** Found `/System/Library/CoreServices/DMProxy'.
    8/20/14 1:32:22.557 PM  WindowServer[654]   Created shield window 0x7 for display 0x04280480
    8/20/14 1:32:22.557 PM  WindowServer[654]   Display 0x04280480: MappedDisplay Unit 0; ColorProfile { 2, "iMac"}; TransferFormula (1.000000, 1.000000, 1.000000)
    8/20/14 1:32:22.609 PM  launchctl[657]  com.apple.findmymacmessenger: Already loaded
    8/20/14 1:32:22.613 PM  hidd[49]    CGSShutdownServerConnections: Detaching application from window server
    8/20/14 1:32:22.613 PM  hidd[49]    CGSDisplayServerShutdown: Detaching display subsystem from window server
    8/20/14 1:32:22.621 PM  com.apple.SecurityServer[15]    Session 100012 created
    8/20/14 1:32:22.622 PM  loginwindow[653]    Login Window Started Security Agent
    8/20/14 1:32:22.666 PM  com.apple.dock.extra[644]   Our bootstrap port disappeared out from under us: 0x1507 { urefs = 32774, rights = 0x1507: dead name }
    8/20/14 1:32:22.667 PM  com.apple.dock.extra[644]   Bug: 12F45: libxpc.dylib + 36100 [70BC645B-6952-3264-930C-C835010CCEF9]: 0x10000003
    8/20/14 1:32:22.681 PM  UserEventAgent[659] cannot find useragent 1102
    8/20/14 1:32:22.686 PM  com.apple.dock.extra[644]   Check-in to the service com.apple.imagent.desktop.auth failed. This is likely because you have either unloaded the job or the MachService has the ResetAtClose attribute specified in the launchd.plist. If present, this attribute should be removed.
    8/20/14 1:32:22.693 PM  SecurityAgent[665]  MacBuddy was run = 0
    8/20/14 1:32:22.695 PM  com.apple.dock.extra[644]   CGSGetNextEventRecord (Inline) connection 0xc917, 16384 bytes
    8/20/14 1:32:22.695 PM  com.apple.dock.extra[644]   CGSShutdownServerConnections: Detaching application from window server
    8/20/14 1:32:22.695 PM  com.apple.dock.extra[644]   CGSReleaseShmem : Cannot release shared memory
    8/20/14 1:32:22.695 PM  com.apple.dock.extra[644]   CGSDisplayServerShutdown: Detaching display subsystem from window server
    8/20/14 1:32:22.696 PM  com.apple.dock.extra[644]   Our bootstrap port disappeared out from under us: 0x1507 { urefs = 32774, rights = 0x1507: dead name }
    8/20/14 1:32:22.696 PM  com.apple.dock.extra[644]   Bug: 12F45: libxpc.dylib + 36100 [70BC645B-6952-3264-930C-C835010CCEF9]: 0x10000003
    8/20/14 1:32:22.696 PM  com.apple.dock.extra[644]   [Warning] Bad response from daemon for setup info
    8/20/14 1:32:22.704 PM  WindowServer[654]   MPAccessSurfaceForDisplayDevice: Set up page flip mode on display 0x04280480 device: 0x106d8d110  isBackBuffered: 1 numComp: 3 numDisp: 3
    8/20/14 1:32:24.429 PM  WindowServer[654]   **DMPROXY** (2) Found /System/Library/CoreServices/DMProxy'.
    8/20/14 1:32:24.459 PM  WindowServer[654]   Display 0x04280480: MappedDisplay Unit 0; ColorProfile { 2, "iMac"}; TransferFormula (1.000000, 1.000000, 1.000000)
    8/20/14 1:32:24.500 PM  WindowServer[654]   Display 0x04280480: MappedDisplay Unit 0; ColorProfile { 2, "iMac"}; TransferFormula (1.000000, 1.000000, 1.000000)
    8/20/14 1:32:24.695 PM  com.apple.dock.extra[644]   Our bootstrap port disappeared out from under us: 0x1507 { urefs = 32774, rights = 0x1507: dead name }
    8/20/14 1:32:24.696 PM  com.apple.dock.extra[644]   Bug: 12F45: libxpc.dylib + 36100 [70BC645B-6952-3264-930C-C835010CCEF9]: 0x10000003
    8/20/14 1:32:24.696 PM  com.apple.dock.extra[644]   [Warning] Bad response from daemon for setup info
    8/20/14 1:32:40.928 PM  com.apple.launchd[1]    (com.apple.dock.extra[644]) Exit timeout elapsed (20 seconds). Killing
    8/20/14 1:32:40.928 PM  coreservicesd[65]   SendFlattenedData, got error #268435459 (ipc/send) invalid destination port from ::mach_msg(), sending notification kLSNotifyApplicationDeath to notificationID=202
    8/20/14 1:33:35.215 PM  SecurityAgent[665]  User info context values set for jsuny
    8/20/14 1:33:35.297 PM  SecurityAgent[665]  Login Window login proceeding
    8/20/14 1:33:36.387 PM  loginwindow[653]    Login Window - Returned from Security Agent
    8/20/14 1:33:36.000 PM  kernel[0]   Sandbox: kcm(695) deny mach-lookup com.apple.networkd
    8/20/14 1:33:36.453 PM  loginwindow[653]    USER_PROCESS: 653 console
    8/20/14 1:33:37.052 PM  locationd[708]  NOTICE,Location icon should now be in state 0
    8/20/14 1:33:37.107 PM  UserEventAgent[700] cannot find fw daemon port 1102
    8/20/14 1:33:37.683 PM  xpcd[611]   MiniLauncher[711]: registration request failed: (0x12, 0xd) process failed sandbox check
    8/20/14 1:33:37.907 PM  WindowServer[654]   **DMPROXY** (2) Found `/System/Library/CoreServices/DMProxy'.
    8/20/14 1:33:38.011 PM  coreservicesd[65]   SendFlattenedData, got error #268435460 (ipc/send) timed out from ::mach_msg(), sending notification kLSNotifyApplicationReady to notificationID=237
    8/20/14 1:33:38.114 PM  WindowServer[654]   Display 0x04280480: MappedDisplay Unit 0; ColorProfile { 2, "iMac"}; TransferFormula (1.000000, 1.000000, 1.000000)
    8/20/14 1:33:38.395 PM  imagent[737]    [Warning] Setting up a new messages database.
    8/20/14 1:33:38.428 PM  NetworkBrowserAgent[747]    Starting NetworkBrowserAgent
    8/20/14 1:33:40.068 PM  com.apple.time[700] Interval maximum value is 946100000 seconds (specified value: 9223372036854775807).
    8/20/14 1:33:40.069 PM  com.apple.time[700] Interval maximum value is 946100000 seconds (specified value: 9223372036854775807).
    8/20/14 1:33:43.910 PM  netbiosd[89]    name servers down?
    8/20/14 1:33:56.635 PM  netbiosd[89]    notify name "self.mdns.disconnection" has been registered 20 times - this may be a leak
    8/20/14 1:33:56.639 PM  netbiosd[89]    notify name "self.mdns.disconnection" has been registered 40 times - this may be a leak
    8/20/14 1:34:49.927 PM  netbiosd[89]    name servers down?
    8/20/14 1:35:54.977 PM  netbiosd[89]    name servers down?
    USER LOG:
    8/20/14 1:31:03.956 PM  com.apple.launchd.peruser.1467285364[536]   (com.apple.gamed) Ignored this key: UserName
    8/20/14 1:31:03.956 PM  com.apple.launchd.peruser.1467285364[536]   (com.apple.gamed) Ignored this key: GroupName
    8/20/14 1:31:03.957 PM  com.apple.launchd.peruser.1467285364[536]   (com.apple.ReportCrash) Falling back to default Mach exception handler. Could not find: com.apple.ReportCrash.Self
    8/20/14 1:31:03.961 PM  loginwindow[44] Connection with distnoted server was invalidated
    8/20/14 1:31:04.013 PM  distnoted[549]  # distnote server agent  absolute time: 799.097924175   civil time: Wed Aug 20 13:31:04 2014   pid: 549 uid: 1467285364  root: no
    8/20/14 1:31:08.954 PM  com.apple.launchd.peruser.1467285364[536]   (com.apple.afpstat-qfa[588]) Job failed to exec(3). Setting up event to tell us when to try again: 2: No such file or directory
    8/20/14 1:31:08.955 PM  com.apple.launchd.peruser.1467285364[536]   (com.apple.afpstat-qfa[588]) Job failed to exec(3) for weird reason: 2
    8/20/14 1:31:08.958 PM  com.apple.launchd.peruser.1467285364[536]   (com.google.keystone.user.agent[590]) Job failed to exec(3). Setting up event to tell us when to try again: 2: No such file or directory
    8/20/14 1:31:08.958 PM  com.apple.launchd.peruser.1467285364[536]   (com.google.keystone.user.agent[590]) Job failed to exec(3) for weird reason: 2
    8/20/14 1:31:12.394 PM  com.apple.launchd.peruser.1467285364[536]   (com.apple.mrt.uiagent[578]) Exited with code: 255
    8/20/14 1:31:15.132 PM  SystemUIServer[557] Could not load menu extra NSBundle </System/Library/CoreServices/Menu Extras/User.menu> (loaded) for Class AppleUser
    8/20/14 1:32:20.642 PM  com.apple.launchd.peruser.1467285364[536]   (com.apple.quicklook[626]) Exited: Killed: 9
    8/20/14 1:32:20.647 PM  com.apple.launchd.peruser.1467285364[536]   (com.apple.mdworker.single.08000000-0000-0000-0000-000000000000[641]) Exited: Killed: 9
    8/20/14 1:32:20.647 PM  com.apple.launchd.peruser.1467285364[536]   (com.apple.mdworker.shared.04000000-0000-0000-0000-000000000000[635]) Exited: Killed: 9
    8/20/14 1:32:20.783 PM  Dock[556]   could not open iterator, -43, for directory <ECDirectory: 0x7fd8ac846970> {path=/Users/jsuny/Documents/} (directory changed)
    8/20/14 1:32:20.783 PM  Dock[556]   problem iterating directory, -43, for directory <ECDirectory: 0x7fd8ac846970> {path=/Users/jsuny/Documents/} (directory changed)
    8/20/14 1:32:22.310 PM  ARDAgent[574]   HIToolbox: received notification of WindowServer event port death.
    8/20/14 1:32:22.311 PM  ARDAgent[574]   port matched the WindowServer port created in BindCGSToRunLoop
    8/20/14 1:32:22.694 PM  com.apple.dock.extra[644]   HIToolbox: received notification of WindowServer event port death.
    8/20/14 1:32:22.694 PM  com.apple.dock.extra[644]   port matched the WindowServer port created in BindCGSToRunLoop
    8/20/14 1:33:36.504 PM  com.apple.launchd.peruser.1467285364[536]   (com.apple.gamed) Ignored this key: UserName
    8/20/14 1:33:36.504 PM  com.apple.launchd.peruser.1467285364[536]   (com.apple.gamed) Ignored this key: GroupName
    8/20/14 1:33:36.505 PM  com.apple.launchd.peruser.1467285364[536]   (com.apple.ReportCrash) Falling back to default Mach exception handler. Could not find: com.apple.ReportCrash.Self
    8/20/14 1:33:36.517 PM  loginwindow[653]    Connection with distnoted server was invalidated
    8/20/14 1:33:37.429 PM  MiniLauncher[711]   Skipping Setup Assistant for user 1467285364
    8/20/14 1:33:37.464 PM  transition[714] INFO: Not signed into MobileMe, nothing to do. Reason: 3
    8/20/14 1:33:37.506 PM  MiniLauncher[711]   INFO: MMAccountMgr_Private: finishedSetup called.
    8/20/14 1:33:38.180 PM  com.apple.launchd.peruser.1467285364[536]   (com.apple.afpstat-qfa[744]) Job failed to exec(3). Setting up event to tell us when to try again: 2: No such file or directory
    8/20/14 1:33:38.180 PM  com.apple.launchd.peruser.1467285364[536]   (com.apple.afpstat-qfa[744]) Job failed to exec(3) for weird reason: 2
    8/20/14 1:33:38.489 PM  CalendarAgent[741]  Could not find Meta Data for persistent Store
    8/20/14 1:33:38.877 PM  fontd[716]  FontWorker failed to return directory info (IPC failure?) for file://localhost/Users/jsuny/Library/Fonts/
    8/20/14 1:34:48.723 PM  migCacheCleanup[719]    Cache cleanup: cleanup for user 1467285364 took 0.43 seconds
    8/20/14 1:37:15.114 PM  Dock[723]   no information back from LS about running process

    Check these out:
    http://images.apple.com/server/macosx/docs/UserManagementv10.5.mnl.pdf
    http://clc.its.psu.edu/Labs/Mac/Resources/blastimageconfig/
    
http://blog.macadmincorner.com/

  • Lost Mail on Network User Accounts

    This problem has happened several times and I am pretty sure it relates to using Network User accounts. We're running Tiger server and all user accounts are stored on the server. We are using POP mail that is hosted externally.
    A user logs in to his account. There are unread messages and the user starts to read them and reply to email. An hour or two goes by and when the user tries to read an unread email, the email disappears in the list when clicked, along with all the emails that had been received or sent since the last time he had logged into his user account.
    There is no trace of the lost mail in the library on the server. If this isn't weird enough, the incoming mail on the ISP host account when accessed by webmail, is either gone or when you try to read it disappears when clicked along with all mail back to the same time that is missing on the user account stored on the server.
    This has happened on different users and from different workstations. The only constant appears to be that these accounts are stored in network user accounts.
    We are planning to bring mail in-house and switch to IMAP. But would like to know if anyone else has ever seen this.
    Any ideas?
    Thanks,
    Bob

    Having the same problem here. I think its to do with the network home having a different database file from the local home and when the background sync happens the local home database is being replaced by the network home.
    There is nowhere to set that during a background sync the local home should always be considered the newest and be pushed to the network. Sounds like it should be logical, but it doesn't seem to work like that.
    I have users complaining that there machines are ok when they start, they have mail arrive during the day and then disappear and their mail box reverts back to the state it was when they logged in.
    There is also the problem that when they move they don't always get the latest version of their mail box.

  • Lion Server: All network users have disappeared

    Hi,
    A search through the forums and kbase didn't give me anything that mapped well to my problem. Here's the situation:
    Specs:
    Mac Pro (2008) 6GB RAM, SSD boot with space available, OS X Lion (latest) with Server.app
    Services:
    File Sharing
    Users: less than 15—accounts only used for file server access.
    This is the only server on the local network, all network routing is taken care of by a Meraki router.
    I went to add a new user to our fileserver, and was unable to connect to the server over Apple Remote Desktop. At the time, file sharing from the server (I *believe*) was still working. I logged in with the file server's local admin account via SSH and tried to use Kickstart to get ARD running again—something I'm well versed in. The script ran as usual, but ARD could still not connect. So, as everyone was in a meeting, I tried to use `shutdown` to reboot the fileserver from the CLI, something I've also done in the past (but not frequently). Usually that takes about a minute to work, and then my shell disconnects—but after 5 minutes, the Mac had not rebooted.
    At that point, I decided to walk to the server and manually force it down by holding the power button in. That powered off the Mac, and 30 seconds later, I booted it up.
    Back on my Mac via ARD, I was able to remotely control it and got to the Fileserver's log in screen, which featured a red dot in the use field I'd never seen before. It's tool tip read "network users are currently unavailable" (paraphrased, perhaps). I logged in with the Fileserver's local admin user (as usual) and launched the Server.app, only to find that in the `Users` section, there were no users listed, and the plus and minus buttons were greyed out.
    I tried rebooting but got the same results. I then repaired permissions and verified the boot drive. Lots of permissions repairs (as usual) but nothing improved. Another reboot after the permission repair and disk repair, just for safety's sakes… and as you can guess by me posting here… no improvement.
    I'm not heavily versed in Server. I'm not even sure if those users are stored in a database, and where that DB would live. Does server make dumps or backups of the users on its own? Should I have been? Is this LDAP? Anyone have some next steps I can try? What info would be useful?
    My first goal would be to recover a damaged DB. I only have just under 15 users, so re-creation isn't difficult. But, under the department of "I don't know a ton about Lion Server" I don't know if network users act like OS X users… where you could create a new user with the same username, but if their UID is different, then they won't have access to their owned files on the fileserver… is Server that exacting? Does it care who owns the file?
    Thanks in advance for any ideas, or resources you can point me to!

    It gets far weirder……
    Now no one, myself included can log in.
    Checking the logs, which I'll try to attach a small sample of here (Dropbox link below since you can only attach images here), I see repeated instance of both `opendirectoryd` crashing and respawning, and of server manager unable to authenticate:
    1/19/15 4:57:06.658 PM com.apple.opendirectoryd: Assertion failed: (0 == (connection->flags & eODConnectionFlagSocketValid)), function __odconnection_connect_block_invoke_2, file /SourceCache/opendirectoryd/opendirectoryd-172.17/src/odconnection.c, line 988.
    1/19/15 4:57:07.641 PM com.apple.launchd: (com.apple.opendirectoryd[13760]) Job appears to have crashed: Abort trap: 6
    1/19/15 4:57:07.641 PM com.apple.launchd: (com.apple.opendirectoryd) Throttling respawn: Will start in 9 seconds
    1/19/15 4:57:07.761 PM ReportCrash: Saved crash report for opendirectoryd[13760] version ??? (???) to /Library/Logs/DiagnosticReports/opendirectoryd_2015-01-19-165707_localhost.cras h
    1/19/15 4:57:17.276 PM PasswordService: -[AuthDBFile getPasswordRec:putItHere:unObfuscate:]: user with slot 4873a20f-0cc0-f7c3-0000-000a0000000a not found.  Result: 80 Other (e.g., implementation specific) error
    1/19/15 4:57:17.277 PM AppleFileServer: _Assert: /SourceCache/afpserver/afpserver-585.7/afpserver/AgentSession.cpp, 856 (4294952813)
    1/19/15 4:57:32.703 PM servermgrd: servermgr_accounts: got error 2100 trying to auth to local LDAP node
    https://dl.dropboxusercontent.com/u/1344045/server-sample.log.txt

  • Mountain Lion Server: add network user to remote management

    Hi,
    So recently I have upgraded from Lion Server to ML Server. A little disappointing, but whatever, I've moved on and got everything almost back to where I had it with Lion.
    My last few issues I believe are related but can't quite figure it out. In Lion I have an admin profile and then a network user profile that I used on my MBP bound with AD. I'm at the stage where my nre network user can log in on the server machine but I can't log in as the network user via screen sharing. I can't add a network user to Remote Management, and with Remote Management enabled Screen Sharing is greyed out. I'd really like this to work.
    My second problem is that I can't bind my MBP to the server but even when bound the network user account can't log in.
    Any body have  any ideas?
    Thanks!

    I had this problem on a clean install.
    The solution was incredibly simple for me, but only  after I saw Ross.M's note about opening the Users & Groups settings panel (in the OS System Prefs, not in server) and rebinding to OD server under Login Options.
    That was not the solution for me, but under Login Options I discovered a previously unnoticed pref for "Allow network users to login at login window."  I had this option set (apparently by default) to "Only these network users:"  but with an empty list.  Adding my users to the list made it work perfectly.
    Talk about KISS

  • Mobile account setup stops syncing and acts like a network user

    Mobile account setup stops syncing and acts like a network user system under ODM
    Setup: Mobile laptop users authenticating against an ODM. Every user has a networked home directory on an Xserve. The whole setup is 10.4 (client and server). All systems run a standard image. Most effected systems have been re-imaged since the onset of the issue.
    Issue: Some of the users are not syncing properly every time. It is as if the system forgets it is a mobile system and reverts to using the User's network home (instead of saving to /Users and syncing). If the user is effected, the system will not even accept cached credentials if they are off network. This forgetfulness does not seem to follow any pattern and does not effect all of our mobile users.
    In mucking about trying to find a cause to this issue I ran across an oddity in all effected systems Netinfo database. The users are each listed twice. Each entry has the same username, short name and UID. Also, In each case one record looks wrong... this varies somewhat from user to user, but in each case there is marked difference in the record's contents. Deleting the incomplete record in Netinfo manager seems to solve the issue (seems, as we are very early in testing this).
    Anyone have a clues as to where this double came from? The only lead so far is that it looks like the users having issues pre-date the use of mobile accounts. At some time they all had local accounts that authenticated against the ODM but never synced or had networked home directories. The pool of users who just got laptops (and thus never had a local account) seem unaffected so far.
    Also, what is the best way to browse the ODM master to find these duplicates?

    I have a similar issue with computers bound to Active Directory. Users occasionally have a problem logging into their computers even though their account is fine. Logging in as Admin and running netinfo manager always shows duplicate user accounts. Deleting the one that says disabled always clears up the issue. I'd like to find a startup script that would delete the disabled account, thus preventing the issue.

  • Mac OSX Lion Server Network User Login Issue

    We have in the office a server running Mac OSX Lion, and several network users who've all been running happily for quite a will.
    About a month ago I was added to the system, and initially we had a few issues relating to the home directory, but we changed 'something' and it all worked.
    Fast forward to now, and we've added a new user - Hannah - to our system.
    I've added her in the Workgroup Manager, and set her up everywhere I can find on the server. Her home directory creates on the server fine.
    She appears in the Logon list on the client machines, and here's where the trouble starts...
    Every time she tries to log on, it fails. The logon box just bounces or wobbles as though the password is incorrect. We've tried changing the password, to no avail. We've tried adding new test users - same problem.
    We've tried sudo kinet on the Terminal as a local user, with variable results.
    I'm at my wits end, and really hoping someone here can help offer some suggestions or advice we can work through to get to the bottom of this.
    Thanks in advance!

    Your problems are likely occurring because you added her to the directory with Workgroup Manager.
    You should really start avoiding WGM when at all possible as Apple is clearly moving away from it. Because of this, things don't always work as expected when using 'legacy' tools like WGM.
    My guess as to what your problem is: When you create a new user in Server.app, two things happen for you automatically that WILL NOT HAPPEN if done from WGM.
    First the user is added to the default "Workgroup" group.
    More importantly (and the source of much confusion), the user is automatically added to SACLs.
    Check the SACL for the user in Server.app, I bet you'll notice that they aren't a member of the File Sharing group like they should be. To solve this problem, you can either delete the user and recreate them in Server.app, or manually add them to the appropriate SACL.
    I would opt for recreating them in Server.app if I were you, as I don't trust user accounts that originate in WGM on Lion Server.

Maybe you are looking for