Network Accounts problem

Similar Messages

• Network Accounting Problem

  I have a serious network accouting problem arisen from content engine:
  Our routers are connected to internal backbone router with enabling Netflow to bill the usage (from domestic to backbone) of each users.
  However, the CE will affect the network accounting seriously because it will replace the sender IP address with its own address before sending out to the link.
  Would you give me some solution to remedy the problem?
  Very Very Urgent!!
  Thanks a lot..
  Alex

  Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen
  If anyone else in the forum has some advice, please reply to this thread.
  Thank you for posting.

• Weired network account problem

  Hi,
  I have this very strange problem on a network account.
  Everything goes fine for about 1 min. From that moment, when I click on the sidebar on finder I am told that "The volume for "accounts" cannot be found". Items on my Desktop also disappear.
  Before things start to go wrong, if I go to terminal and type pwd I get the following:
  /private/Network/Servers/ATHENA.MYDOMAIN.LAN/Users/accounts
  After things are wrong when I open terminal I get the following error message:
  No home directory /Network/Servers/athena.mydomain.lan/Users/accounts
  Any suggestions would enormously appreciated.
  Cheers
  Ben

  One more thing. This problem disappear when mobile account is turned on.
  Tks in advance for any suggestions.
  Ben

• Red light - network accounts

  Hi
  My server is an Apple Intel Xserve running 10.5.8
  I have cloned this to a test system and am testing upgrading/migration etc to 10.6.3 .
  The server auto migration has given me no end of probs, so have discarded that for the moment. (Haven't looked at manual migration yet)
  The upgrade method seems to have worked successfully.
  All services seem to be up.
  However - Using a 10.6 client - The "Networked accounts" is showing green and available and I can log in as a "user"
  but
  A 10.4 user (and I have a few for legacy reasons) binds to the Server in LDAP and can be seen in WGM in computers.
  I can also see the correct search paths on the client.
  But "networked accounts" is showing RED and I cannot login as a "user"
  Any help that can be offered would be appreciated
  Tony

  I have no idea how to keep it connected, but you should have no problems logging back in to the network.  The upside to haveing the WIFI shut down when you are logged out is that nobody can remotely connect to your system over WIFI.  A wired ethernet connection remains active.
  The red light is more informative that indicating you have a problem.  I have the same symptoms with my work network and have no problems.  The network accounts problem is for those that are setup to have no local login and require a network connection for authentication.  Is this what you have?

• One iMac cannot login to network accounts

  We have a small network with Lion (10.7.5) Server running on a Mac Pro and a variety of 8 iMacs and Mac minis that use the server for file sharing and network accounts. The client Macs are running a mix of Mountain Lion (10.8) and Mavericks (10.9). They have all 'joined' the 'Network Account Server' using the 'Login Options' section of the Users & Groups preference pane. And, except for one iMac, all the clients can log into network (or mobile) accounts from the server -- both ones that have previously been logged into on that machine and ones that haven't. However, one of the iMacs will not log into a network account. There are a few local accounts and logging into them is no problem. But every time we try to log into a network account on this iMac, the login dialogue just does the 'invalid login' shake. It seems not to check the login credentials with the server.
  As far as I can tell, this iMac is set up the same as all the others. It is certainly joined the Network Account Server and there is a green dot by the server name in the Users & Groups preference pane. I have removed and re-added the server from there a few times, and I've even reinstalled Mavericks on this iMac (it is running 10.9.2). I haven't been able to find anything that has helped to solve this problem. Does anyone know why one iMac would refuse to use the network logins from the server when the others work? Or what I can do to gain further information?
  Many thanks.

  On your client machine login screen, type in ">console" (without quotes) in the username field and hit enter. Try and login with your network account username and password. What error messages do you get in console?
  Taylor

• Cannot login to network accounts from client computer

  Hi. I'm setting up my first OS X Server setup for home use...I'm not creating a very complicated setup, but I've been working through the setup one step at a time.
  Right now, I'm just running the DNS, File Sharing, and Open Directory services. I setup a couple of Network User accounts, and I wanted to try using one of the accounts to log in to a Mac client (running Mountain Lion) on the network. When the machine first comes up, I get a message that says 'Network Accounts Unavailable,' and if I try to log in, I get the error message saying 'You are unable to log in to the user account "xxxxx" at this time. Logging in to the account failed because an error occurred.'
  If I stop and restart the Open Directory service, I get the following messages in the Open Directory Log:
  2013-02-15 09:11:01.017801 EST - Unregistered node with name '/LDAPv3/127.0.0.1'
  2013-02-15 09:16:19.139744 EST - Registered subnode with name '/LDAPv3/127.0.0.1'
  Not sure if this is the source of the problem, but these are the only messages that are coming up if I turn the Open Directory off and then on again.
  If anyone has any experience with this, or any suggestions, I'd greatly appreciate it!
  Thanks!
  If it helps:
  Running OS X Mountain Lion (10.8.2) with Server (v2.2.1)
  Client Machine is a VMWare Fusion VM Running Mountain Lion (10.8.2)

  On your client machine login screen, type in ">console" (without quotes) in the username field and hit enter. Try and login with your network account username and password. What error messages do you get in console?
  Taylor

• Can't Login With Network Account After Upgrade To Yosemite Server 4

  I've been putting off this troubleshooting for a while now, and after trying everything I could find, decided to post.
  - After upgrading my server to Yosemite with Server 4, and my MacBook to Yosemite, I can no longer login with any network accounts.
  - I was on clean installs of Mavericks before the upgrade.
  - I'm using SSL for the OD, with a GoDaddy cert, the same one that was working on Mavericks.
  - I've tried removing the laptop's binding using the Users and Groups preferences dialog, which does not remove the laptop's entry from Open Directory, so I manually deleted the record on the server.
  - I then choose to Join again, and it looks as though everything goes through, but I still cannot login with a network account.  Also, when rejoining, it does not create a binding on the server.
  - If I use the Directory Utility->Services->LDAPv3, and add it that way, entering the FQDN and checking Encrypt..., Use for auth and Use for contacts, it asks me for the directory admin username and password, and does in fact create the binding on the server, but I still cannot login.  What's strange about that method, is that it forces the use of the IP address of the server, rather than the FQDN, like I entered it, which would of course have problems, because the certificate's common name is the server's FQDN.  It does not allow me to change from using the IP address, graying out that field.
  - I've also tried destroying the OD and restoring from archive to no avail.
  It looks like many users have hit dead ends with this, with some having success by completely formatting and setting up a new iteration of the server, but I will not be doing that.  However, I'll be happy to try any other suggestions.
  Thanks for your time,
     -- Mike

       Okay, I've finally resolved the issue, thanks to the Apple Enterprise tech support team.  I'm thinking they wouldn't mind if I share this information, but I can't guarantee that this will work on your system or, worse yet, degrade your system further.  However, that's fairly unlikely, just make sure you have plenty of backups before you begin any troubleshooting session.
       So I was told to perform the following instructions, which I did, line for line.  The part about closing Server.app seems a given, but I'm not sure why they want you to open Server.app at the the end (maybe taken out of context from some other instructions?).  I did it anyway, but you should be able to begin testing, on a client workstation, right after rekerberizing is complete.  I did, however, need to reboot my client, login as local admin, and then binding would proceed, and network users are able to login again.  The engineer also let me know to expect an error, something like the following: "2015-03-11 21:58:38 +0000 Error synchronizing removal of attribute draft-krbPrincipalACL from record 72519e4c-7ac7-15e4-bd42-10adb1944cbc: 77013 result: 16 No such attribute" - this is apparently normal, and did in fact happen in my experience.
  So here's the fix:
  - Quit Server.app (don’t just close the window)
  - On the Open Directory Server, execute these Terminal commands:
    - sudo mkdir /var/db/openldap/migration/
    - sudo touch /var/db/openldap/migration/.rekerberize
    - sudo slapconfig -firstboot
  - Open Server.app
  And that's it.  I did nothing else on my OD server, just logged out.  Immediately tried binding on my MacBook client, it failed, I rebooted, tried again, it worked quickly, and I'm able to login with network user accounts again.

• Cant login multiple network accounts on the same client?

  Setup:
  I have created a simple Lion Server on a new i7 Mac Mini. I have configured Open Directory in Master mode and have setup 4 user accounts. I have enabled the File Sharing service and checked the "Make available for home directories" option on the "Users" file share. I have configured each of the 4 user accounts to use this location as the home folder. I have connected my client machines (all OSX Lion) to the Network Account Server.
  Problem:
  I can log one user into the client machine, but when using "Fast User Switching" and logging on as the second user I get the following error:
  "You are unable to log in to the user account "guestaccount" at this time. Loggin to the account failed because an error occured"
  In the console if I search for that user account the related error message is:
  11-07-31 12:30:54.993 PM authorizationhost: ERROR | -[HomeDirMounter mountNetworkHomeWithURL:attributes:dirPath:username:] | PremountHomeDirectoryWithAuthentication( url=afp://inntaserver01.local/Users, homedir=/Network/Servers/inntaserver01.local/Users/guestaccount, name=guestaccount ) returned 16
  Any thoughts as to why the Home Folder "mounter" failed in this scenario?

  Historically you have never been allowed to use Fast User Switching to log in multiple network logins on the same client machine. This certainly applied with Tiger, Leopard, and Snow Leopard. I have not yet personally tried this with Lion.
  I believe that the underlying reason for this not being allowed is down to how AFP volumes are mounted. The AFP mount becomes 'owned' by the user that triggers the login. With a network login the first user becomes the owner and this means subsequent attempted network logins are denied access to that share and hence cannot access their home directories.
  With Tiger, Leopard, and Snow Leopard servers, one could configure network home directories to be shared via NFS instead of AFP. NFS gets treated a lot different in terms of mounting, and is done more at a system level than a user level. While again I have not personally tried Fast User Switching with NFS shared home directories, this approach is specifically recommended by the authors of AquaConnect (a Macintosh Terminal Server solution) in order to allow multiple logins on the same Terminal Server. This seems to be for the same underlying reason. Using NFS does certainly work for use with AquaConnect and also works for the competing iRAPP Terminal Server product as well.
  Unfortunately, Lion Server while it can be made to run an NFS server, will not let you configure using NFS for sharing home directories. I have actually reported this as a 'bug' in Lion server.
  Neither the authors of AquaConnect or iRAPP have actually tested this scenario with Lion server yet, but AquaConnect do plan to investigate it. It could make it considerably more difficult to use their products.
  So in summary, using NFS to share network home directories in theory would avoid the problem and can be done with a Tiger/Leopard/Snow Leopard server, but cannot be done with a Lion server. It is possible however to mix Lion with older server versions. This might for some people be a possible workaround.
  PS. A bonus side-effect of using NFS shared home directories was that this allowed badly written software like Adobe's applications which are otherwise notorious for having major issues with network logins and home directories to work without errors. As an example Adobe Acrobat Pro introduced a bug in version 7.0 which prevented it being able to print-to-PDF (one of the major reasons to buy Acrobat Pro). It tooks two years for them to eventually fix this in Acrobat Pro 8.1 (I know because I spent that two years nagging them to fix it and was a beta tester). Unfortunately they then reintroduced the bug in Acrobat Pro 9.0. Fortunately I discovered this side-effect got round the issue although a clunkier workaround was also possible for Snow Leopard clients by redirecting certain folder paths.

• Lion Server network accounts not working on some computers.

  Hello all -
  I'm currently having an issue with network accounts working on some Macs but not others. I have a Mac Mini and a MacBook Pro. The Mac Mini works fine and I can login and sync my network account with the server just fine. However, I cannot connect to it from my MBP.
  When I try and connect I get an error that says "You are unable to log in to the user account "xxxx" at this time. Logging in to the account failed because an error occurred."
  If I login through console (by typing in ">console" in the username field) I get an error that says the user does not have a home directory...
  I have searched numourous other forums but I have not found a solution that seems to solve this problem. I have unbound and re-bound my client to the open directory and I have restarted file sharing. Neither has solved the problem. I have a feeling the issue originates somewhere on the MBP since I can log in to the Mac Mini without any problems.
  Anymore suggestions?

  Thanks for your suggestion, SolidWood. Unfortunately it didn't help.
  After a 90 minute phone call with AppleCare, this issue has finally been resolved. Here is what the solution was. Turns out it was pretty simple but it took a while to find it.
  First we created a test user and left the home folder set to Local Only in the Server App. I was successfully able to login with the test user on both clients but since there were no mobility preferences set, it was pretty basic.
  Then, we removed the Users sharepoint from file sharing, turned off file sharing to disconnect any users, and restarted the server. Then we created a new folder on the Server HD with a random name. We chose Darron. We created a new sharepoint in file sharing (with it still turned off), and shared the new folder called Darron. Double click on the sharepoint and scroll to the bottom and check the box that says "Make available for home directories over AFP". Then we restarted file sharing.
  Then we opened Workgroup Manager, clicked on the problem user in the left sidebar, clicked on the Home option at the top, and there were three things listed:
       (None)
       afp://servername.com/Users
       afp://servername.com/Darron
  Then we removed the Darron sharepoint from file sharing, and found that it was still listed as a home directory under the problem user.
  This was the root of the problem. The system didn't know which path to use as the home directory.
  Sooooo...
  In the server app, we opened the Directory Utility (Tools in the menubar, Directory Utility). Clicked on Directory Editor. Authenticate to the directory using the diradmin login. Changed view settings to match this below:
  In the left column, there were two paths listed for home mounts. We deleted both of them, saved changes, and closed directory editor.
  Then, we restarted workgroup manager and both paths had been deleted from the users home listings. This was begining to solve the problem.
  In the Server App, we recreated the users sharepoint, made it available for home directories, and restarted file sharing and workgroup manager. Now only one path is listed for the home folder for all the users.
  This solved my problem of not being able to login on the MBP. The system synced the home folder and all was well. On the Mac Mini, I had to delete the problem account, un-bind from the network server, re-bind, and recreate the account. Now both clients are sycning perfectly and all is well.
  Thank God I bought AppleCare! Thanks to everyone else for their help and suggestions.
  As a recap, the problem of not being able to login to the MacBook Pro was caused by having multiple paths to the multiple home folders. These rogue paths were added somewhere in the troubleshooting process to try and recreate the home directories before I called AppleCare. To solve this, we had to remove the directory listings from accounts using Directory Editor, remove and recreate the users sharepoint in file sharing. The syncing problem on the Mac Mini was also created when multiple paths were introduced. The system didn't know which files to use.
  Taylor

• Acrobat 9.3.4 - OS 10.6.4 - Network Logins Problem

  We have 25 new Imacs running Acrobat 9.3.4 with OS 10.6.4 logging in with network accounts on a Mac XServer with Open Directory.  Acrobat will open for about 20 seconds and then "close unexpectedly".  It happens on every computer.  Does anyone know of a fix for this????

  I did a complete removal, including the hidden ARD files and then did a permissions repair, disk repair and a new installation from disk of ARD 3.1 and then upgraded to 3.4 (with no intermediate updates). The problem has been reduced but not eliminated.
  Since the reinstall, the ARD app has shut down, without any warning, twice and then it restarted normally when told to re-open. So far it has NOT frozen the computer. When I do scans, across many different sub-nets, ARD seems to find the "new" computers and will handle them normally. When the ARD shuts down without warning it does not seem to matter if any others apps are running or not. One shutdown occurred when ARD was the only open app, while the other quit occurred when a couple of others app were running.
  ARD 3.4 still has the problem that 3.3.2 had in that a computer found on a previous scan and entered into the All Computers group but which is then shut down and the DHCP lease expires, will not allow a new computer to be entered if it has the same IP address that DHCP assigned to the old computer. I have to delete the old computer from the All Computers list and then re-enter it when it shows up on a later scan with a different IP addr. Like I said this existed for the last couple updates of 3.3 so this problem is NOT 3.4 specific.

• Network accounts no longer available after server reboot

  Mac OS Server 10.4.10
  Open Directory Master running DNS. DNS is working properly and the system had been up and running for about 4 months without any problems and it had been restarted periodically for software updates, etc. I restarted the server the other day just to do so, and when it came back up, none of my network accounts were able to log into the server. The "Other" option at the login screen is actually missing from the client. I am able to log in locally to the client machines and access network shares with OD accounts, so the usernames and passwords are still functioning as they should, I just can't use them to log onto the client computers. I have the following errors in my ldap log when I start up a client machine:
  Sep 8 11:40:19 macserver slapd[55]: SASL [conn=20] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
  Sep 8 11:40:19 macserver slapd[55]: SASL [conn=20] Failure: no user in database\n
  Sep 8 11:40:29 macserver slapd[55]: SASL [conn=24] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
  Sep 8 11:40:29 macserver slapd[55]: SASL [conn=24] Failure: no user in database\n
  Sep 8 11:40:30 macserver slapd[55]: SASL [conn=28] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
  Sep 8 11:40:30 macserver slapd[55]: SASL [conn=28] Failure: no user in database\n
  The fix for this is to restore my OD database from the archive backup that I make every other day, but I shouldn't have to be doing that every time I may need to reboot my server. I did not make any configuration changes to the server before this started happening, so I can't point to any one thing that would lead to this type of behavior. Any help would be greatly appreciated.
  Thanks

  Hi… I don’t think there should be any such limitation for the file transfer wirelessly. However it can be issue, as you wired is connect at a speed of 100 Mbps and wireless connects to the max at 54 Mbps. Try to upgrade the firmware. Also try reducing Fragmentation Threshold and RTS threshold by 40 each under advance wireless settings on the router. Go to www.speedguide.net, and download the TCP optimizer. Try reducing the MTU of your wireless adapter. Please Revert Back, even if this resolves your issue.

• My daughter has just bought me an iPad 2 from Dubai and set it all up for me but unfortunately the iMessage function doesn't seem to work. We keep getting messages,when trying to activate it, that there is a network connection problem - help!

  My daughter has just bought me an iPad 2 from Dubai and set it all up for me but unfortunately the iMessage function doesn't seem to work. We keep getting messages,when trying to activate it, that there is a network connection problem - help!

  Thank you both for your responses but my daughter was reassured by the salesman in the iStyle store (official Apple store in the UAE) that iMessages would work but conceded that FaceTime wouldn't. My iTunes account is registered in the uk and my daughter's iPhone has iMessages even though she bought it (and uses it) in Dubai. Can anyone else throw any light on this?

• SL bound clients can't logon Lion Server network accounts

  Sorry if this has been covered or resolved elsewhere elsewhere, if so please point me in the right direction!
  I posted this in a different thread and it was suggested this one would be more helpful.
  I've spent all day with a new mac pro with Lion Server installed trying to set up a small network. Created an OD Master (from the Server App) then used WGM to make accounts. From the Server app I'd created sharepoints (where has File Sharing gone in Server Admin?) one of which was enabled to be used as home directories for which I configured back in WGM. I then bound SL clients computers to OD making sure there were no hypens in the computer names and allowed all network users to logon onto the machine as well as adding the Lion servers IP address as a DNS record.
  The problem is, I go to logon with the network account and it starts to logon, i.e the icon expands rather than shakes then stops with the not very informative error  "Cannot log you on because an error occurred".
  The bound clients appear in WGM. The user accounts look ok. I've not enabled SSL on anything. This is really frustrating.
  Any help much appreciated.
  Regards,
  Evan

  Sorry if this has been covered or resolved elsewhere elsewhere, if so please point me in the right direction!
  I posted this in a different thread and it was suggested this one would be more helpful.
  I've spent all day with a new mac pro with Lion Server installed trying to set up a small network. Created an OD Master (from the Server App) then used WGM to make accounts. From the Server app I'd created sharepoints (where has File Sharing gone in Server Admin?) one of which was enabled to be used as home directories for which I configured back in WGM. I then bound SL clients computers to OD making sure there were no hypens in the computer names and allowed all network users to logon onto the machine as well as adding the Lion servers IP address as a DNS record.
  The problem is, I go to logon with the network account and it starts to logon, i.e the icon expands rather than shakes then stops with the not very informative error  "Cannot log you on because an error occurred".
  The bound clients appear in WGM. The user accounts look ok. I've not enabled SSL on anything. This is really frustrating.
  Any help much appreciated.
  Regards,
  Evan

• Lion Server Network Account loses all created files after logout

  Hi,
  I am new to Server, I got Lion Server working on a Mac Mini and everything was alright until I added users from existing client machines. I created new Users on the Server App with the same name and passwords as on the existing client machines, logged in as root on the Server and copied the client user home folder contents from an external HD into the User home directory on the Server. After that I ran Batchmod on all the User folders on the server and everything seemed to be working alright, now the only problem is, if you create a file or folder on the desktop it is not there anymore the next time I log back in. The accounts are setup as Network Accounts, and they are available from any computer in the office, they just don't save any settings that have been changed or any files and folders.
  I have found the "Convert a local Home into a Network Home" post to late, http://www.afp548.com/article.php?story=20050331212133607&query=migrate%2B
  does this sound like a permissions issue, and if so, can I still repair it or is it better to start fresh?
  Thank you

  I think your problem has a rather simple solution, since all files in a directory aren't modified unless you tell the OS or a program you've installed to.
  To keep the external hard drive mounted even when nobody is logged into your server, enter the following into terminal:
  sudo defaults write /Library/Preferences/SystemConfiguration/autodiskmount \
  AutomountDisksWithoutUserLogin -bool YES
  I think your server is looking for the external Hard Drive, but can' tfind it and thus defaults back to the internal HD.

• Lion Clients 10.7.4 show network accounts are unavailable and server is not responding when binding to Snow Leopard server 10.6.8

  Hello,
  I am running Snow Leopard Server 10.6.8 and my clients are Lion 10.7.4.  While testing I had no issues binding 10.7.4 to our 10.6.8 server's OD.  I created a 10.7.4 image to push to all of our machines and in the beginning of last week I was able to push the image and get the machines to bind with OD and apply preferences on these machines through workgroup manager.  Towards the end of the week though this stopped working.  Now any time I bind a 10.7.4 client to OD it allows me to perform an authenticated bind and the machine shows up in workgroup manager but immediatley after binding the client the status jelly next to the OD server in the directory list is red and says "This server is not responding".  If I reboot the client I get a notification that "Network accounts are unavailable" at the login screen.  My preferences from workgroup manager are also not applying, which is my main concern because without workgroup manager my mac server is somewhat pointless as we use it for very little else. 
  I've since tried to bind a snow leopard machine (10.6.8) and this still is working with a green status jelly.  I've also built a lion machine from scratch, updated to the 10.7.4 combined update and am still getting the same issue where it shows the server is not responding when binding to OD.  I then applied the subsiquent OS update after the 10.7.4 combined update but the problem still persists.
  Is anyone else having this issue?  Any help would help me keep my sanity.
  Thanks,
  Dane

  Have you had any luck finding a solution to this?  The only thing I have found was to unbind and then bind without authentication.  Any help with progress on your end would be appreciated!
  Nick.