Network user can't login

Similar Messages

• A particular network user can't login to a mac in a classrom but other network users can. Then the network user can login to other identical macs in same classroom. Anyone seen this before?

  A particular network user can't login to a mac in a classrom but other network users can. Then the network user can login to other identical macs in same classroom. Anyone seen this before? It has happen twice. Two different teachers in two different classrooms entering the correct user name and passwords and computer won't allow them to login. Then they try in different computers in same classroom and have no problem login.

  Yes. I can login with a test user. And any other network user can login as well to this particular mac. Actually the mac has bootcamp and boots into either mac or windows. The same user entering the same login username and password can login into the windows side, but not the mac side.
  I had this same issue last semester in another classroom, another mac and a different teacher. This summer I reformatted and imaged that mac and I asked that teacher to login today to that reimagened mac and she had no problem today doing so.

• Network Users - Can't login without home folder

  Hey everyone,
  Got a problem. We upgraded our lab from 10.6.8 to 10.9.3. Preserving our settings and bootcamp by simply upgrading. After getting nearly all machines sorted out with active directory we are still having a problem with 2-3 machines with network user accounts being able to login. If no local home folder has been created prior to upgrading to 10.9.3 then the user cannot login, the login prompt dissapears then re-appears. Any way to fix this?
  Here is a run down of the set-up.
  Our settings force network users to have a local home folder on the local mac that they are logging into.
  Mac OS X server is 10.6.8.
  Active directory server is 2012 R2.
  Network users without a pre-created home folder on the local mac prior to upgrade cannot login. The login prompt dissapears, then re-appears. No login.
  Computers are managed with workgroup manager, as well as apple remote desktop. But no settings are applied, and no login scripts are being run.
  Also I have noticed something concerning Mac OS X 10.8.5 and up. And that is in the active directory settings, if you bind to a domain (using active directory and not LDAP), lets say for example:
  mydistrict.maindistrict.net
  And you go to add your local active directory district to the Authentication/Contacts search policy eg: Active Directory/mydistrict.maindistrict.net
  it will only show: Active Directory/mydistrict/alldomains.maindistrict.net.
  It shows a list of all domains for the forest. But it also adds the district that you bound to as the search directory?
  Let me use a precise example using actual names.
  Bind to local district: pineville.ketsds.net
  Now in search policy on 10.8.5 up to 10.9.3 it displays possible search domains like this:
  Active Directory/PINEVILLE/pineville.ketsds.net <- The domain we want.
  Active Directory/PINEVILLE/all-other-domains-in-forest.ketsds.net <--Which is fine.
  Which is all fine, but when we select  the local domain for authentication, and contacts search it adds it, but in the overview it says that it is not in our search policy even though it is.
  On Mac OS X versions below this (10.6.8 and down, cannot verify for 10.7 as we do not have systems with it) it displays the search domains as:
  Active Directory/pineville.ketsds.net
  as compared to  this on 10.8.5 and above:
  Active Directory/PINEVILLE/pineville.ketsds.net
  as well as all the other domains, and when you add the local to the search policy it does not give the error that it is not in your search policy. Is there anyway to make this happen on 10.8.5 and above? We have tried everything. Network accounts will login even though it says this, it is just annoying.
  Last question is on one computer that we upgraded, we had a problem with the network accounts. Tried deleting the .plist for network preferences, and the Directory services folder as well as the Open directory folder and now it create the open directory folder as locked and any changes made with the directory utility in the search policy is immediatley reverted once we hit apply.
  Summary of questions:
  1.) Network users cannot login without local folder created prior to upgrade.
  2.) Mac OS X 10.8.5 and above does not correctly add Authentication/Contact search policy domains as it does in 10.6.8 and below.
  3.) Active Directory/Open Directory Authentication/Contact search policy settings keey reverting after applying. (Happened prior to deleting .plist files and AD/OD folders in /Library/Preferences)
  Thanks guys, sorry if thi post is so long! :/

  -BUMP
  Not sure what the bump policy is but my post is fadiing fast. Third page already.
  Kind of an urgent situation guys, any help or insight at all would be greatly appreciated!!

• HT202233 If I made the mobile account for a network user, can this user unlock the FileVault2-disk?

  My Mac is connected to Microsoft Active Directory. Every time I schould unlock the disk with the local admin, then login as network user.
  If I made the mobile account for a network user, can this user unlock the FileVault2-disk?
  Thanks.

  Yes, but the FileVault password won't be updated automatically if the login password changes.

• Lync 2013 disabled user can still login.

  Ok. so we have this weird behavior and it's been driving us crazy for over a week. We have a lync 2013 deployment on a forest with several child domains.<o:p></o:p>
  In the middle of the deployment, we noticed that our changes to the user characteristics were not being updated. Eg: we enable or disable
  enterprise voice, no changes. We change the sip URI, log out, login, nothing, no changes. And we noticed that if we disable the user from Lync server (from the lync controlpanel), the user can still login. We assumed some lag on AD replication, but no, a user
  can still login after a week!<o:p></o:p>
  The deployment is a standard Lync 2013, single FE, with a single Edge server. We have enabled Enterprise voice, changes to the enterprise voice routes are
  working, if we enable or disable a route we can see it on the client, but changes on the dialplan are not reflected.<o:p></o:p>
  I can’t find any reference to this behavior. I know if I disable a user from the AD he can still signing into Lync, but this is different, we are disabling
  the user from Lync server. We even removed the user completely from Lync and he can still use it as normal.<o:p></o:p>
  We checked the user using adsiedit and the msrtcsip-userenabled is set to false, we even voided the certificate via lync console. Still able to use it.
  Suggestions?
  Thanks in advance.
  Fabio Ricci.

  Hi,
  Please check if there is any error message on FE Server when the issue happen.
  It seems to be the issue of CMS replication.
  Please check CMS replication status by running Get-CsManagementStoreReplicationStatus.
  If CMS replication not update to the latest version, run Invoke-CsManagementStoreReplication.
  If the issue persists, please check Lync Server update, make sure Lync Server update to the latest version, and then test again.
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• The same user can only login once

  Hello,
  I have a problem with my system. I made a system where you must login.
  I use the following code:
  boolean login = false;
  String username= request.getParameter("username");
  String password= request.getParameter("password");
  User user= Usermutations.makeviaUsername(username);
  if (user.getPassword().equals(password) && !password.equals("")) login= true;
  if (login) ReqD = getServletContext().getRequestDispatcher("/Overview.jsp");
  else ReqD = getServletContext().getRequestDispatcher("/False.jsp");
  request.getSession().setAttribute("user",user);
  request.getSession().setAttribute("username",username);
  request.getSession().setAttribute("password",password);
  if (ReqD != null) ReqD.forward(request,response);
  //Clean up resources
  public void destroy()
  Now I want that the same user can only login once. So when a user login with his username and password, no one else can login with that user name and password.
  I don't wan't to put the username in the database and then validate if the user is already logged in, because then the user must logout and not close the webbrowser else the user stays in the system.
  Does anyone knows a solution top this problem.
  Thanks in advance,
  Henk

  So I wan't the database and when the user is logged in
  the name is set in the database. But when the user
  clicks on the X (close button in the browser his
  username must be deleted from the database)You can't tell when the user does that (or perhaps you can sometimes, with difficulty). But even if you could it doesn't solve your problem. Many people keep their browsers open all day, and -- you may find this shocking -- they go to sites other than yours.
  So basically, if you don't provide them with a logout button you can't tell when they "leave" your site. And even if you do provide them with a logout button, they won't necessarily bother to use it. So you're left with waiting until the session expires, and then logging them out. This also means that if they come back to your site while the session is still active, then they are still logged in. This is not an error and you should not treat it as one.
  PC&#178;

• Two users can't login to Bonjour, but other users can

  All the Macs in my house are set to log into iChat on startup, which creates a defacto messaging network around the house. Quite handy. But now, on one particular machine (a G5 iMac iSight) two users can't seem to log into Bonjour, although on the same machine all the other users can.
  I've looked at some other posts on this site, and have checked that Address Book shows 'me' as correct for both users. The Firewall is not set to Essential Services Only, and there is no limit on the bandwidth. The Quicktime streaming setting is set to 1.5 mbps.
  In iChat, when using one of the two troublesome logins on the G5, when I click cmd-2 to bring up the Bonjour list, it says Bonjour is not enabled, and gives a click button to enable it. But clicking it does nothing - no effect whatsoever.
  When those two same users use the external Buddy List (and an AIM screen name) their iChat works fine.

  Hi Nick,
  This is what I have found out.
  It relates more to Shares shown in the Finder but may offer clues.
  I have G4 Tower that has been upgraded from Jaguar actually, to Panther, Tiger and Finally Leopard.
  Along the way I bought a MacBook Pro. (Now on Snow Leopard)
  At this Point I changed the G4's Computer name to represent it was the G4 and called the MacBook Pro "MacBook Pro" rather than my first Admin Account name (otherwise both Computer names and Short names would have been the same)
  I also changed the Leopard's My Card in the Address Book to give it a different Name in iChat.
  Somewhere during this process the G4 ended up with a Ralph-G4.local ID, a computer's name of Ralph Johns's Computer, a Address Book ID of Ralph G4 and the short name of ralphjohns
  The MacBook Pro has MacBook Pro as the Computer name and .local name and the short name is alsoralphjohns. The Address Book My Card is my full name.
  Now in discussion with a Level 4 poster who knows more about this than I do I found out that in Leopard if File Sharing is Off the Bonjour ID is still supposed to show in the Snow Leopard Shares.
  However if it is ON whether you use AFP or SMB or Both it is only supposed to appear once and mine was appearing twice.
  Changing the Computer name to something else seemed to confuse things (I could not Log on to share from Either Computer)
  Changing the name back resolved that but changed the .local ID on the G4 as well.
  (Changing the .local name back to what it was before seems to have had now effect now.)
  However the G4 now only shows once in the MacBook Pro Shares.
  I do not think the Upgrades are the distinguishing feature more my poor attempts at making sure the new (then) MacBook Pro had a different ID than the G4.
  I have been able to Bonjour Video and send files as well as see the Other Computer in the Bonjour Buddy lists.
  So in summary.
  The Address Book My Cards have to be Different.
  Sometimes changing the Computer name or the .local name does seem to cause issues in File Sharing - which may have some influence on Bonjour as a whole.
  Whilst my G4 was showing up in the MacBook Pro as two Shares it was listing the .local name and the Computer's Name as shown in Sharing which were different.
  It maybe this if it is happening for this computer that may give clues.
  7:59 PM Thursday; October 15, 2009
  Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"

• Network user can't see local home directory

  Hi there,
  I have a Mac Mini running Lion Server with Directory Services turned on. I've been using this to allow network users to log into Lion clients, as well as set up mobile accounts. This has been working fine.
  Now I've just created a new network user for use with a Mountain Lion client and have experienced some strangeness with this new user's home directory. The binding to the directory was fine, and the credentials for the network user were fine. However, when logged in, this new user has his home drive mapped to /Network/Servers/<servername>/Users/<username> rather than the expected /Users/<username>. This has bad side-effects. For instance, Chrome tries to save downloads to the server instead of locally.
  What I can't work out is why the home directory isn't pointing to a local location. The other users (on Lion) have the same home directories defined in their Open  Directory profiles. The only difference is the new user is on Mountain Lion, but I don't think this has any bearing to the problem.
  Can anyone offer some advice?
  Benjamin

  So I took my Mac Mini running OS X 10.8 Server, along with two client laptops: one exhibiting the problem I described, and the other where network logins and home directories worked as intended.
  Long story short, the guys at the Bar couldn't figure it out. The user definitions in Open Directory seemed ok, but they still couldn't work out why no local home directories were being created. Not sure if this helps, but in trouble-shooting, we also discovered that trying to login with a network user on the problematic laptop didn't work when the server wasn't on the network. It's as if the server is required to be present.
  Anyway, the case has been referred to the business team, which is supposed to have more expertise with OS X Server.

• User can not login? Error comes up - only happens on mac pro

  Hi. I have just set up a server system and users can login fine on all the imacs. However, When a user comes to login on a mac pro, they get this message:
  The home folder of this user account is on a afp or smb server. Please contact the system administrator. This happens as soon as they press login.
  We are running Mac OSX SERVER 10.4.10
  Thanks,

  Hi
  On the MacPro what is in the DNS Servers field in Network Preferences? Compare what is there with what is in the same area on the iMacs that can successfully log in. Where are they getting their IP addresses from?
  Tony

• OS X Server 3 new installation - network users can`t connect - what the h... am I doing wrong ?!?!

  Mac Server 3 drives me crazy ...
  I have a brand new MacMini here with Maverick on board, and two brandnew Macbook Air and 3 27"iMac that I want to set up as small office. The MacMini should act as Server (with two thunderbolt harddisks connected) for the rest. So far the theory, meanwhile I´m the reality of Server 3 ...
  Having years of experience with "normal network" solutions like filesharing etc. I had a look at Server 3 and thought it couldn`t be that complicated to set it up - but meanwhile I`m disillusioned.
  I`ve now completely reinstalled the MacMini and the Server the third time, connected directly to the Airport Extreme, started filesharing and started the Server app. afterwards. Then I just
  - opened the settings of the server, set up a local network (xxx.local)
  - activated push-notification and got a ceritficate
  - started the profile manager
  - started open directory
  - started started the DNS server
  - started file sharing (creating a new folder on the MacMini, offering user folders via SMB or AFP (tested both))
  - started the other services (calendar, contacts, etc.)
  - opened ports for the public services on the AirportExtreme
  - set up a testuser (network user), giving access to all services
  - gave the test user access to the network folder created
  On the Macbook Air i used for testing I registered the network account server (getting a green light afterwards), put the hook at "allow network users to sign on" (I even coot see the test users name there).
  But after switching to the login I only got normal users on the MacBook Air. Switching the "allow network users to sign on" sometimes resulted in a third user "other" where I could enter the Username and password - but : no result - just as explained several times in this thread ... :-( :-(
  The last three days I tried several setups, switch and renamed, issued certificates, tried out the profile manager and registered the MBA, set up the user folder via AFP and SMB, ...
  But : no access to the network user granted ...
  Just read the last lines of the Protokoll after my last attempts and could read "connection invalid" and "connection denied" several times in it ... does anyone have an idea what`s going wrong here ?!?!??!
  I really need to set up this server a.s.a. possible and am really frustrated about this really not Apple like behaviour of this software *eyesroll* ...
  Any help appreciated !

  Hi,
  sorry, but frustration continues ... here`s what I did :
  - complete did the forth reinstall of the MacMini, new Maverick, all updates. Then installed the server.app
  - delete all network connections except the Ethernet, gave it a static IP 10.0.1.201
  - started the server app, renamed the computername and the hostname
  Result :
  - This automatically started the DNS server - i just checked this and found a server.dizwo.private entry pointing at the 10.0.1.201. According to your proposal I entered a second entry with "dizwo.private" pointing at the same IP 10.0.1.201 (named "server") - as you didn´t respond to my request above the entries are only guesses
  - on the AirportExtreme I opened the ports for all necessary services
  - I created a public user folder with all necessary access types (using SMB for the user folder)
  - created network user pointing at this folder
  - checked whether it has access to all services (was already  preset) and gave him access read/write to the user folder
  - last but not least i started the OpenDirectory server showing availibility of the OD server at server.dizwo.private
  ... and then ?
  On the MacBook Air and on another iMac I first had a look whether I get access to the user folder on the server. I could see it in the finder windows and got access, okay - fine.
  Then I want to set up the OD server in the user settings on the clients - but in contrary to my earlier tries I didn`t got the OD server name, but simply a "server.local".
  Trying to enter the "server.dizwo.private" simply resulted in a "host not found" ??!?!
  You can imagine how frustrated I`m now about all this stuff - I`m Apple user since more than 20 years and haven`t seen such weird behaviour of an Apple software before - not user friendly in any matter ... .
  This server software is advertised and looking like to be an easy to use front end to create a server, even the "manuals" (not that I would tell them so ...) do so. But it looks like it`s really more a trial and error thing when you do the installation ...
  So : what I did I do wrong now ? Is there anything that I missed ? Is it a certificate thing (I didn`t set up a custom one but used the intermediate one preinstalled) ? Or another network issue ? The DNS server ? The OD server ? The naming of the server ?
  I really urgently need help - need to set up this server the next 2 weeks !!
  any help appreciated !!

• Network users can't log on to client computers

  Hi,
  This is my first OSX server install, so bear with me if I am missing something!
  I have searched for a solution, but cant find one similar maybe I am doing something drastically wrong?
  The Problem Summarised;
  New Mac OSX Snow Leopards Mac Mini server, clean install.
  New iMac OSX Snow Leopard Client.
  Can not log in using the network users. I have joined to the open directory, I get a green dot saying network available and all network users listed.
  When I try to login, the OSX Login screen shakes as if incorrect password is being used.
  In a bit more detail
  Ok, I have installed a new Mac Mini Snow Leopard Server, created a handful of user accounts and then bound my iMac snow leopard client to the server (using the open directory utility under the accounts login preferences).
  I have also added the computer as a client computer under the servers workgroup manager app.
  I have also (using the workgroup manager on server) selected the client computer, selected preferences and added the users to the access part.
  The client now shows the OSX login box with a green dot saying network accounts available. The network accounts all appear.
  However, when I try to login as one of the network users, the login box just shakes and wont let me login.
  Any ideas? If there is a known bit of documentation, could someone point me to it?
  * saw this posted in a different secretion and I HAVE THE SAME ISSUE.

  My guess is:
  Have you created or pointed their home directories to a specific location?
  Each network user in WGM user needs to have their home directories defined to a folder on the local machine or a folder/location on the server. Here is an example... my user has it's Home defined as being within the /Users folder.
  http://i42.tinypic.com/dyoupu.jpg
  If this is not done, you will see the results you've described so far... the appearance of a successful login, then the shaking login window.

• Users can't login on workstations with new os

  I have just upgraded my client machines from OS 9 to 10.3, now they won't log into their specific drives on the server. I can login using the workstations stand alone name and I can authenticate and see/reach the server, but the users can't log in.
  Do I need to change some settings to allow the users to access their drive?
  Does the change that I am assuming I need to make need to be done on every workstation?
  I have six workstations that didn't need to have their os upgraded. The students can log into those perfectly fine.
  I think I've checked everywhere I'm supposed to and haven't seen any settings that aren't the same on the other workstations but I'm sure I've missed something as I don't have much experience working with the server at all.
  Not only is our tech budget tiny (we're a small school) but no one in our area works with macs anymore. So thank you for any help you can give me.
  Dana

  Hi
  Presumably the server is 10.4? What Services are configured and running on the Server?
  +I have just upgraded my client machines from OS 9 to 10.3+
  Would this be 10.3.9?
  +now they won't log into their specific drives on the server+
  Do you mean individual user's networked homes? OR do you mean a share point accessible to all?
  +Do I need to change some settings to allow the users to access their drive?+
  If you are indeed talking about networked home directories - yes.
  +Does the change that I am assuming I need to make need to be done on every workstation?+
  Yes.
  +I have six workstations that didn't need to have their os upgraded. The students can log into those perfectly fine+
  Presumably these workstations are a mix of 10.4/10.5? If so then check the LDAPv3 configuration in Directory Access (for 10.4) and Directory Utiltu (for 10.5). These applications can be found in /Applications/Utilties.
  I appreciate your budget is tiny but why 10.3? For a small outlay you should be able to purchase 10.4? There's nothing wrong with 10.3 its just from your point of view and skill set it would probably be easier to integrate workstations running 10.4. Taking this further you could utilize what budget you have and hire a consultant to do this for you. It should not take too long judging from what you've posted?
  Tony

• Domain users and local users can't login to reporting service web environment

  Hello,
  We installed reporting services at one of our customers but aren't able to use domain users to login. We've tried to login with a domain user, a local user but both aren't working. We set the proper permissions for the users on the reports folders.
  We can only login with the buildin/administrator account on the local url: http://servername/reports
  How can we allow login with domain users on other report manager url's?

  Below link may be helpful,
  http://social.msdn.microsoft.com/Forums/sqlserver/en-US/623da309-21fa-42a8-905f-1424144a347d/setting-up-a-user-in-ssrs?forum=sqlreportingservices
  Regards, RSingh

• 2 users can't login - HTTP Status 500 - on Teaming 2.0

  I have 2 user that can't login to Teaming 2.0. They get this error: "HTTP Status 500". Even if I enter a bogus password for them the "HTTP Status 500" error occurs. I use LDAP authentication to eDirectory. These users DON'T have duplicate objects in my tree. In eDirectory they have first name, last name, full name, phone number and email address entries. All other users can login. Where are the Apache Tomcat/6.0.18 logs on a SLES 10 install of Teaming 2.0? There are log files in /opt/novell/teaming/
  Browser screen content:
  HTTP Status 500 -
  type Exception report
  message
  description The server encountered an internal error () that prevented it from fulfilling this request.
  exception
  org.springframework.dao.IncorrectResultSizeDataAcc essException: Incorrect result size: expected 1, actual 2
  org.springframework.security.ldap.SpringSecurityLd apTemplate$3.executeWithContext(SpringSecurityLdap Template.java:204)
  org.springframework.ldap.core.LdapTemplate.execute WithContext(LdapTemplate.java:807)
  org.springframework.ldap.core.LdapTemplate.execute ReadOnly(LdapTemplate.java:793)
  org.springframework.security.ldap.SpringSecurityLd apTemplate.searchForSingleEntry(SpringSecurityLdap Template.java:190)
  org.springframework.security.ldap.search.FilterBas edLdapUserSearch.searchForUser(FilterBasedLdapUser Search.java:118)
  org.springframework.security.providers.ldap.authen ticator.BindAuthenticator.authenticate(BindAuthent icator.java:82)
  org.springframework.security.providers.ldap.LdapAu thenticationProvider.authenticate(LdapAuthenticati onProvider.java:229)
  org.springframework.security.providers.ProviderMan ager.doAuthentication(ProviderManager.java:195)
  org.springframework.security.AbstractAuthenticatio nManager.authenticate(AbstractAuthenticationManage r.java:46)
  org.kablink.teaming.module.authentication.impl.Aut henticationModuleImpl.doAuthenticate(Authenticatio nModuleImpl.java:280)
  org.kablink.teaming.module.authentication.impl.Aut henticationModuleImpl.authenticate(AuthenticationM oduleImpl.java:245)
  sun.reflect.GeneratedMethodAccessor660.invoke(Unkn own Source)
  sun.reflect.DelegatingMethodAccessorImpl.invoke(De legatingMethodAccessorImpl.java:25)
  java.lang.reflect.Method.invoke(Method.java:585)
  org.springframework.aop.support.AopUtils.invokeJoi npointUsingReflection(AopUtils.java:307)
  org.springframework.aop.framework.ReflectiveMethod Invocation.invokeJoinpoint(ReflectiveMethodInvocat ion.java:182)
  org.springframework.aop.framework.ReflectiveMethod Invocation.proceed(ReflectiveMethodInvocation.java :149)
  org.kablink.teaming.search.interceptor.IndexSynchr onizationManagerInterceptor.invoke(IndexSynchroniz ationManagerInterceptor.java:67)
  org.springframework.aop.framework.ReflectiveMethod Invocation.proceed(ReflectiveMethodInvocation.java :171)
  org.springframework.aop.interceptor.AbstractTraceI nterceptor.invoke(AbstractTraceInterceptor.java:11 3)
  org.springframework.aop.framework.ReflectiveMethod Invocation.proceed(ReflectiveMethodInvocation.java :171)
  org.springframework.aop.framework.JdkDynamicAopPro xy.invoke(JdkDynamicAopProxy.java:204)
  $Proxy21.authenticate(Unknown Source)
  org.springframework.security.providers.ProviderMan ager.doAuthentication(ProviderManager.java:195)
  org.springframework.security.AbstractAuthenticatio nManager.authenticate(AbstractAuthenticationManage r.java:46)
  org.springframework.security.ui.webapp.Authenticat ionProcessingFilter.attemptAuthentication(Authenti cationProcessingFilter.java:82)
  org.springframework.security.ui.AbstractProcessing Filter.doFilterHttp(AbstractProcessingFilter.java: 252)
  org.springframework.security.ui.SpringSecurityFilt er.doFilter(SpringSecurityFilter.java:53)
  org.springframework.security.util.FilterChainProxy $VirtualFilterChain.doFilter(FilterChainProxy.java :371)
  org.springframework.security.ui.logout.LogoutFilte r.doFilterHttp(LogoutFilter.java:89)
  org.springframework.security.ui.SpringSecurityFilt er.doFilter(SpringSecurityFilter.java:53)
  org.springframework.security.util.FilterChainProxy $VirtualFilterChain.doFilter(FilterChainProxy.java :371)
  org.springframework.security.context.HttpSessionCo ntextIntegrationFilter.doFilterHttp(HttpSessionCon textIntegrationFilter.java:235)
  org.springframework.security.ui.SpringSecurityFilt er.doFilter(SpringSecurityFilter.java:53)
  org.springframework.security.util.FilterChainProxy $VirtualFilterChain.doFilter(FilterChainProxy.java :371)
  org.kablink.teaming.spring.security.ZoneGrabbingFi lter.doFilterHttp(ZoneGrabbingFilter.java:58)
  org.springframework.security.ui.SpringSecurityFilt er.doFilter(SpringSecurityFilter.java:53)
  org.springframework.security.util.FilterChainProxy $VirtualFilterChain.doFilter(FilterChainProxy.java :371)
  org.springframework.security.util.FilterChainProxy .doFilter(FilterChainProxy.java:174)
  org.springframework.web.filter.DelegatingFilterPro xy.invokeDelegate(DelegatingFilterProxy.java:236)
  org.springframework.web.filter.DelegatingFilterPro xy.doFilter(DelegatingFilterProxy.java:167)
  note The full stack trace of the root cause is available in the Apache Tomcat/6.0.18 logs.

  You need to be sure that it is not an LDAP problem... the best way is to start from LDAP to investigate. Enable the LDAP trace on eDir with imonitor, during the teaming login. Also you can use ldapsearch to have full details on the accounts in order to compare them with a working user (a space somewhere, an additional attribute, etc...).

• Network User Can't Delete Desktop Files

  I'm not sure if this is a server or dekstop question because I'm not sure where the problem is, but I'll start here.
  I have a user that cannot delete files on his desktop, and now can't change his desktop background.  He is a networked user on a 10.6.2 iMac.  His account is on a Mac OS X 10.6.8 server.  When I try to delete the file, it prompts for administrator authentication.  I enter it in, but nothing happens.  No errors appear and the file doesn't delete.  When I look at the details, it says "com.apple.desktopservices".  I have done the following things:
  1.  Reapplied rights to his folder in the Get Info Box
  2.  Deleted him from Workgroup Manager and re-created his account
  3.  Checked that the file isn't locked
  4.  Checked that the desktop folder isn't locked
  5.  Verified his permissions are correct on all folders
  6.  Ran Disk Utility on his machine
  7.  Tried his account on another machine (same result as on his machine)
  Based on another forum, I moved the com.apple.desktop.plist file out of his library and logged him in again. The only thing that I noticed is the background picture changed back to default.  I moved the file back, but the desktop picture is still back to default and if I go into System Prefences, I can't change the background or screen saver.
  Something is messed up somewhere with his desktop settings, but I can't figure out where.  Does anyone have any ideas?

  Today I backed up my Open Directory master on the server, deleted it and recreated it from the backup. No change unfortunately and still the same message:
  "The document xxx.yyy could not be saved. You don't have permission."
  Any good suggestions available?