Network users can't log on to client computers

Similar Messages

• How many users can be logged on to the base station

  how manty users can be logged onto the base station?

  I am not sure if you mean this to be in the TC area but it will handle 50users I think was the spec.. but never ever do it. Around 10users per AP is about the max you ever want to try. That is assuming all are using the net at the same time. You can probably manage more as long as most are not actually in use.

• A particular network user can't login to a mac in a classrom but other network users can. Then the network user can login to other identical macs in same classroom. Anyone seen this before?

  A particular network user can't login to a mac in a classrom but other network users can. Then the network user can login to other identical macs in same classroom. Anyone seen this before? It has happen twice. Two different teachers in two different classrooms entering the correct user name and passwords and computer won't allow them to login. Then they try in different computers in same classroom and have no problem login.

  Yes. I can login with a test user. And any other network user can login as well to this particular mac. Actually the mac has bootcamp and boots into either mac or windows. The same user entering the same login username and password can login into the windows side, but not the mac side.
  I had this same issue last semester in another classroom, another mac and a different teacher. This summer I reformatted and imaged that mac and I asked that teacher to login today to that reimagened mac and she had no problem today doing so.

• User can not log in

  I have a Document Center protected document - it's a test one, that simply needs a valid AdobeID and Password to open it.
  A new user can not log in and view it, older users are OK. He can log in, change has password etc, but when he tries to open the pdf, it will not accept his user name/password saying "The email address or password you entered is incorrect or you need to update your Adobe Online Centre Account. Please enter your email address or password again, or click the Manage My Account button below for help with your account". He has tried both but gets nowhere - with Manage My Account, He can log in and see his details, change password - but still can not open the pdf!
  Can anyone please help?
  I notice the link to Document Centre support now fails - is there any support for Document Center anymore?  

  Hi Chetan,
  You may check this thread to find your solution:
  Re: Two licences but only one is visible
  Thanks,
  Gordon

• User can't log in / Server can't create new users

  I recently updated to OS X Server 10.5.5. Now one of my users can't log in. Wrong username or password the system says. I've reset the password but it doesn't help.
  When creating a new user I get this error:
  "The server reported the error '-14120' while trying to create the user."
  How can I fix this?

  Well, to move the stuff, make a New Account, log into a different admin account & get BatchMod, it's much better/easier than the Finder for recursive Permission changes...
  http://www.lagentesoft.com/batchmod/index.html
  Now careful with BatchMod, it's crazy powerful, but easier than Command Line.
  Oh, this bad user isn't using FileVault I hope???
  OK, once BatchMod is loaded, you can drag the whole bad user's folder to it's icon and set the Ownership/permissions to the new replacement user, check Apply to Enclosed items, go.
  Oh, if you have room you might make a copy of that User's folder first & use the copy.
  Then open the bad User's folder, Select All, drag to new replacement User's folder.

• HT202233 If I made the mobile account for a network user, can this user unlock the FileVault2-disk?

  My Mac is connected to Microsoft Active Directory. Every time I schould unlock the disk with the local admin, then login as network user.
  If I made the mobile account for a network user, can this user unlock the FileVault2-disk?
  Thanks.

  Yes, but the FileVault password won't be updated automatically if the login password changes.

• Network user can't see local home directory

  Hi there,
  I have a Mac Mini running Lion Server with Directory Services turned on. I've been using this to allow network users to log into Lion clients, as well as set up mobile accounts. This has been working fine.
  Now I've just created a new network user for use with a Mountain Lion client and have experienced some strangeness with this new user's home directory. The binding to the directory was fine, and the credentials for the network user were fine. However, when logged in, this new user has his home drive mapped to /Network/Servers/<servername>/Users/<username> rather than the expected /Users/<username>. This has bad side-effects. For instance, Chrome tries to save downloads to the server instead of locally.
  What I can't work out is why the home directory isn't pointing to a local location. The other users (on Lion) have the same home directories defined in their Open  Directory profiles. The only difference is the new user is on Mountain Lion, but I don't think this has any bearing to the problem.
  Can anyone offer some advice?
  Benjamin

  So I took my Mac Mini running OS X 10.8 Server, along with two client laptops: one exhibiting the problem I described, and the other where network logins and home directories worked as intended.
  Long story short, the guys at the Bar couldn't figure it out. The user definitions in Open Directory seemed ok, but they still couldn't work out why no local home directories were being created. Not sure if this helps, but in trouble-shooting, we also discovered that trying to login with a network user on the problematic laptop didn't work when the server wasn't on the network. It's as if the server is required to be present.
  Anyway, the case has been referred to the business team, which is supposed to have more expertise with OS X Server.

• Migrating 10.4 to 10.6 - Users can't log in

  Hello,
  Manually upgrading from 10.4.11 on G5 with internal drive to 10.6.5 on Intel with Firewire Raid Array. Moved all home directories as root with cp -pR to the firewire drive. Setup all the users in Workgroup manager (setting users to same UID as was on the 10.4.11 server). Set the new sharepoint from the external FW drive. Set all the users with this new sharepoint as the home directory. Gave AFP permission in SACL.
  Symptoms: logging in from workstation gives the shake and the message about home directory being on an AFP or SMB server - contact your administrator. If I log in from the laptop to the server, I am successful, but it mounts the Users directory and not the home director of the user (I can't log in only by clicking on the server icon, I need to click on connect as button).
  Thanks, for any assistance in advance.
  Dave

  For my two cents worth,.. I'm seeing exactly the same problem.
  If any of you guys/gals have solved this one, please post a summary here
  In case it helps,
  besides the similar behavior, as posted by Robert (msg: 'logging in to the account failed because of an error'), I can add the following observation:
  If I am logged into a client machine as administrator, and I open a terminal window,
  and then do:> +ssh localhost -l snoopy+
  I do get asked the password
  I am successfully logged in, but with no home directory
  I read the error message:
  +Could not chdir to home directory /Network/Servers/cbserver1.heidihills.ch/Volumes/group1/users/snoopy: No such file or directory+
  On that client machine, in the syslog, I read the following:
  +edu.mit.Kerberos.CCacheServer[13178]: launchctl start error: No such process+
  +sshd[13341]: afp home directory mount failed in theEnumerator->Mount in AFP_Mount: status = Unknown error: -5000+
  +edu.mit.Kerberos.CCacheServer[13178]: launchctl start error: No such process+
  and on the AFP server where the home directories lie... I read, in the AFP access logs:
  +128.178.107.77 Login snoopy 0 0 0+
  +128.178.107.77 Logout snoopy 0 0 0+
  Message was edited by: DrKdev
  Message was edited by: DrKdev

• Network users can not read Applications or Library

  Not sure exactly where to post this but I think the server section will have more expertise than the desktop section.
  We have 10.5.4 clients authenticating against a 10.4 Open Directory master. Prior to upgrading the clients to 10.5.5 everything was working fine. After upgrading the clients network users could no longer read the Applications or Library folders. When logging in all the icons in the dock would be replaced with the generic application icon and when trying to launch one the system reports the application could not be opened because it may be damaged or incomplete.
  Viewing the iMac hard drive in a Finder window the Applications and Library folders have the do not enter sign on them. Viewing Sharing & Permissions under the Get Info window as the local admin user shows Read & Write for system and admin and Read only for everyone. This looks correct.
  An `ls -l` on the root directory in Terminal as a network user reports that Applications and Library do not exist (no such file or directory). When running `ls -l` as the local admin the two folders appear and have a + sign after their permission strings which indicates extended security attributes (an ACL). I cannot find a command line tool to display or manipulate ACLs (such as getfacl and setfacl in Solaris) other than fsaclctl which enables and disables ACLs for an entire filesystem.
  I disabled ACLs for the root fileystem (sudo fsaclctl -p / -d) and then network users could read the Applications and Library folders without problem. So there must be something in the ACL for those two folders that is restricting network users.
  One other thing I noticed was that I tried to add a network user to Sharing & Permissions under the Get Info window, I could search for network users in the pop-up window but they would not get added to the list when I clicked select. So perhaps the problem is not with the ACL on Applications and Library but with 10.5.5 somehow not recognizing network users.
  Installing Security Update 2008-007 does not resolve the issue. In fact it re-eanbles ACLs and they have to be disabled again in order for network users to work properly.

  I eventually managed to fix it again - don't know exactly what broke it and what resulted in a fix.
  Check what groups your network users are in, in a terminal enter the command:
  groups <username>
  My machine was only reporting the primary group of the user - none of the secondary groups were listed. This machine has a Open Directory custom mapping to force local home folders (a special case, we generally use NFS homes), and when I removed and re-added this mapping (rebooting in between changes) the groups command began to work correctly again and access to these folders was restored.
  I was able to confirm that the ACL was the problem, removing it allowed the network users to gain access, restoring it broke it again.
  BTW, the error messages you got when you ran the ACL removal chmod command are nothing to worry about, these are just device special files (representing hardware devices in the filesystem), I doubt that ACLs can be setup for these.

• New users can't log into /mydevices or /profilemanager

  Hi all,
  I've got Profile Manager up and running and have deployed about 25 iPads using the current setup.
  My configuration has not changed but all of sudden, new users created today can not log into /mydevices or /profilemanager.  Says the username or password is incorrect, but they're entered properly.  Again, the configuration of the server has NOT changed since users entered (and working) last week.
  Anyone have this issue?  If anyone can shed some light, I'd really appreciate it.
  Apple: Lion Server is buggy as ****.  Profile Manager is buggy as ****.  I've spent hours on the phone with Apple support with one issue after another.  I'm getting sick of the instability and crankiness of Lion Server.  These forums are chalked full of people having such a massive range of issues that I can only draw one conculsion: Lion Server is half baked.
  Please help (again),
  Chris

  I got my problem solved - and here is a few things to note and some steps to resolve the issue.
  1) you do not need to create augmented users - unless you need extra settings for local logins (you most likely won't have users logging into your mav) - if you are using AD that is - if not just create local users
  2) server is buggy - perhaps - but after dealing with this issue for a few days - as much as i want to agree with it i want to say that now it is running very smoothly - and it boils down to order of steps in the install
  4) do not change hostnames once it's set up - that will scre it up even worse
  here is what i woudl suggest to blow it away and reset it up
  1) system pref - users and groups - login options - network account server - edit - unjoin the domain
  2) blow away your open directory and profile manager in command line
  sudo /usr/share/devicemgr/backend/wipeDB.sh
  sudo slapconfig -destroyldapserver
  3) reset apache web config
  sudo /serveradmin command web:command=restoreFactorySettings
  4)make sure your hostname is correct
  5) join domain (if needed)
       on command line veryfiy ad is working by typing
       user "username" where username is username of AD user
  6) if AD set up - check dns search order - make sure no local host (127.0.0.1) is in the list
       system preferences - network - ethernet - advanced -dns - remove 127.0.0.1 if there (only if using AD)
  6) server admin - open directory - settings - change - set up as standalone
  configure yoru ldap server - this will reissue signing authority certificate that you will need if you want to sign your configurations profiles for clients (iOS and Mac)
  7) then configure profile manager
  Reboot after step 2 - step 3, step 6
  if you have a firewall infront of the server there will be aditinal ports required for SCEP
  http://support.apple.com/kb/TS1629
  you will need port 80,443 and 1640
  If you have a reverse proxy you will need to set up a trust to the cetificate on the proxy to the authority configured in the open ldap - different topic - but just tought it was worth mentioning

• Mobile account users can not log on to the snow leopard server machine?

  Hi all,
  I've setup a network user and designated it as a mobile account. ** OS X 10.6.2 **
  When the user logs out of the snow leopard server machine, home sync tries to sync the local and network home directories. It is never able to connect. The network home directory is automounted and is not the default path /Users. I can see the two home directories on disk.
  Anyone else able to have their mobile users log in to the snow leopard server machine without issues?
  OS X 10.6.2 **

  It was the Sync server was down and did not know it

• Network User Can't Delete Desktop Files

  I'm not sure if this is a server or dekstop question because I'm not sure where the problem is, but I'll start here.
  I have a user that cannot delete files on his desktop, and now can't change his desktop background.  He is a networked user on a 10.6.2 iMac.  His account is on a Mac OS X 10.6.8 server.  When I try to delete the file, it prompts for administrator authentication.  I enter it in, but nothing happens.  No errors appear and the file doesn't delete.  When I look at the details, it says "com.apple.desktopservices".  I have done the following things:
  1.  Reapplied rights to his folder in the Get Info Box
  2.  Deleted him from Workgroup Manager and re-created his account
  3.  Checked that the file isn't locked
  4.  Checked that the desktop folder isn't locked
  5.  Verified his permissions are correct on all folders
  6.  Ran Disk Utility on his machine
  7.  Tried his account on another machine (same result as on his machine)
  Based on another forum, I moved the com.apple.desktop.plist file out of his library and logged him in again. The only thing that I noticed is the background picture changed back to default.  I moved the file back, but the desktop picture is still back to default and if I go into System Prefences, I can't change the background or screen saver.
  Something is messed up somewhere with his desktop settings, but I can't figure out where.  Does anyone have any ideas?

  Today I backed up my Open Directory master on the server, deleted it and recreated it from the backup. No change unfortunately and still the same message:
  "The document xxx.yyy could not be saved. You don't have permission."
  Any good suggestions available?

• Mobile user can't log in

  Hello,
  I have an issue with mobile users. I have a Mac OS X server set up with OD. I have created mobile user profiles on it. Those profiles can log in to the server without issues.
  Yet, I can't log on to any other mac on my network with those mobile users. If I try using the graphical interface, I get a login failed message, with the following error in the system.log file.
  Aug 19 06:08:58 macbook edu.mit.Kerberos.CCacheServer[1162]: launchctl start error: No such process
  Aug 19 06:08:59 macbook sshd[1184]: afp home directory mount failed in theEnumerator->Count in AFP_OpenSession: status = Unknown error: -5023
  Aug 19 06:08:59 macbook edu.mit.Kerberos.CCacheServer[1162]: launchctl start error: No such process
  Can anyone help me out ?
  Peter

  Hi
  +"is there anyway for mobile users to be admins of the local machine when they are offline?"+
  Yes. System Preferences > Accounts > Select the Network Account. Click the lock to authenticate. Provide the local admin name and password. Tick the "Allow user to administer this computer" box. Logout and Login. Doing it this way reliably works for me every time. Train/Teach the user how to use the Sync options. Try not to sync everything. Avoid the Pictures folder if you can especially if there are large iPhoto libraries. Same for Movies folder. For offline users works best if they manually sync. Less problems that way.
  +"in the Directory Utility was that it mounted my AD specified home directory in the dock"+
  Apply a Dock MCX for that User or Group. Does not have to be a persistent setting. Once allows for additional user configuration. Under the "Add other folders" section tick the "Network Home" option. There are other ways of doing this but that should do it.
  HTH?
  Tony

• Network user switching from log in screen in Mavericks

  I have an iMac set up for network users, but I can't seem to figure out how to switch users from the login screen after a time out screen lock. That is, if I'm logged on to the machine, and walk away from it and it autmatically locks the screen, how can another network user log on at that point? This seems like it should be a pretty basic feature, like it is in (stupid) Windows.
  I'm running:
  OS X Mavericks 10.9.1
  iMac (2013) 2.7 GHz

  Hi,
  i am experiencing smiliar problem:
  Sep 21 23:09:40 Xserve slapd[40]: SASL [conn=143] Failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No principal in keytab matches desired name)
  Sep 21 23:15:41 Xserve slapd[40]: <= bdbsubstringcandidates: (authAuthority) index_param failed (18)
  several times - every time a user from a Mac (iMac with Intel processor and 10.5.8 OS X) tries to log in.
  Remark: There are some windows-Workstations that login on Active Directory and work fine!
  Does anyone have some ideas how to solve that problem?
  Thanks!

• OS X Server 3 new installation - network users can`t connect - what the h... am I doing wrong ?!?!

  Mac Server 3 drives me crazy ...
  I have a brand new MacMini here with Maverick on board, and two brandnew Macbook Air and 3 27"iMac that I want to set up as small office. The MacMini should act as Server (with two thunderbolt harddisks connected) for the rest. So far the theory, meanwhile I´m the reality of Server 3 ...
  Having years of experience with "normal network" solutions like filesharing etc. I had a look at Server 3 and thought it couldn`t be that complicated to set it up - but meanwhile I`m disillusioned.
  I`ve now completely reinstalled the MacMini and the Server the third time, connected directly to the Airport Extreme, started filesharing and started the Server app. afterwards. Then I just
  - opened the settings of the server, set up a local network (xxx.local)
  - activated push-notification and got a ceritficate
  - started the profile manager
  - started open directory
  - started started the DNS server
  - started file sharing (creating a new folder on the MacMini, offering user folders via SMB or AFP (tested both))
  - started the other services (calendar, contacts, etc.)
  - opened ports for the public services on the AirportExtreme
  - set up a testuser (network user), giving access to all services
  - gave the test user access to the network folder created
  On the Macbook Air i used for testing I registered the network account server (getting a green light afterwards), put the hook at "allow network users to sign on" (I even coot see the test users name there).
  But after switching to the login I only got normal users on the MacBook Air. Switching the "allow network users to sign on" sometimes resulted in a third user "other" where I could enter the Username and password - but : no result - just as explained several times in this thread ... :-( :-(
  The last three days I tried several setups, switch and renamed, issued certificates, tried out the profile manager and registered the MBA, set up the user folder via AFP and SMB, ...
  But : no access to the network user granted ...
  Just read the last lines of the Protokoll after my last attempts and could read "connection invalid" and "connection denied" several times in it ... does anyone have an idea what`s going wrong here ?!?!??!
  I really need to set up this server a.s.a. possible and am really frustrated about this really not Apple like behaviour of this software *eyesroll* ...
  Any help appreciated !

  Hi,
  sorry, but frustration continues ... here`s what I did :
  - complete did the forth reinstall of the MacMini, new Maverick, all updates. Then installed the server.app
  - delete all network connections except the Ethernet, gave it a static IP 10.0.1.201
  - started the server app, renamed the computername and the hostname
  Result :
  - This automatically started the DNS server - i just checked this and found a server.dizwo.private entry pointing at the 10.0.1.201. According to your proposal I entered a second entry with "dizwo.private" pointing at the same IP 10.0.1.201 (named "server") - as you didn´t respond to my request above the entries are only guesses
  - on the AirportExtreme I opened the ports for all necessary services
  - I created a public user folder with all necessary access types (using SMB for the user folder)
  - created network user pointing at this folder
  - checked whether it has access to all services (was already  preset) and gave him access read/write to the user folder
  - last but not least i started the OpenDirectory server showing availibility of the OD server at server.dizwo.private
  ... and then ?
  On the MacBook Air and on another iMac I first had a look whether I get access to the user folder on the server. I could see it in the finder windows and got access, okay - fine.
  Then I want to set up the OD server in the user settings on the clients - but in contrary to my earlier tries I didn`t got the OD server name, but simply a "server.local".
  Trying to enter the "server.dizwo.private" simply resulted in a "host not found" ??!?!
  You can imagine how frustrated I`m now about all this stuff - I`m Apple user since more than 20 years and haven`t seen such weird behaviour of an Apple software before - not user friendly in any matter ... .
  This server software is advertised and looking like to be an easy to use front end to create a server, even the "manuals" (not that I would tell them so ...) do so. But it looks like it`s really more a trial and error thing when you do the installation ...
  So : what I did I do wrong now ? Is there anything that I missed ? Is it a certificate thing (I didn`t set up a custom one but used the intermediate one preinstalled) ? Or another network issue ? The DNS server ? The OD server ? The naming of the server ?
  I really urgently need help - need to set up this server the next 2 weeks !!
  any help appreciated !!