Network users cannot log in to account on server

Here's the situation.
1) X-Server running 10.6
2) Workstation running 10.5 or 10.4
3) Created user accounts using WGM (from a machine other than the server)
4) Bound workstation to server ('green-light' and message Network Accounts Available - shows up on workstation.
5) When test account user name and password are entered, password shakes - we get the message 'Cannot log in due to an error'.
What gives???!!!???

If the error you're getting is 'You are unable to log in to the user account "suchandso" at this time. Logging in to the account failed because an error occurred', that usually indicates that there was a problem mounting the user's home folder. My standard approach to narrowing down where errors like this are coming from is to test the critical parts of a network login (user info lookup, authentication, and home directory mount) by hand and watch for informative errors:
Log in as a local user on a client computer, and open the Terminal utility.
Run the command "id suchandso" (where "suchandso" is the short name of a network user). It should reply with something like "uid=1025(suchandso), gid=20(staff)," etc. If it instead replies with "id: suchandso: no such user", you either have the wrong username or the client is having trouble looking up user info on the server over LDAP. (Note: if this isn't working, you generally don't get as far as the error message, just a shake of the login window.)
Get a network authentication ticket with the command "kinit suchandso" (enter the user's password when prompted). If this works, it'll just come back with another shell prompt. If something goes wrong, you'll generally get an informative error message about what the problem is (e.g. if it says "Kerberos Login Failed: Clock skew too big", that means the client's clock is too far out of sync with the server's and one or both of them needs to be corrected).
Now, use the Finder's Connect to Server (Command-K) feature to try to connect to the server; enter the server's full domain name in the Server Address field. You should not be prompted for a name and password (Kerberos authentication should be automatic after the "kinit" command; if not, something's wrong with the file service's Kerberos setup). You should get a "Select the volumes to mount" dialog including the Users folder (or whatever folder your user homes are under). Note that the user's actual home folder will also be listed, but that's not what you want; select the Users volume instead. If the Users folder isn't listed, or you get an error trying to mount it, troubleshoot that.
If none of that shows any problem, you've got something more obscure going wrong. A couple of random things to try:
Enable guest access to the Users folder (shouldn't be necessary, but I've seen reports that it sometimes avoids trouble).
Make sure the user's home folder settings are configured correctly: use WGM to switch the user's home folder to "(None)", save, then set it back and save again.

Similar Messages

  • Network users cannot log in to server

    I have set up a new server from scratch on a new Macmini.  In the main, it works absolutely fine.  Users can log into the sever from client device as registered user and can share the screen with no problem.
    The users are set up as local network users and are in a local group and a network group. I set them up using Workgroup manager after setting up Open directory.  All users cn be seen from OD and WM.  However, they cannot log in to the server directly - only the server adminstrator can do that.  Home drives etc are all set up fine.
    Any help will be greatly appreciated.
    F

    Administrators always have access, you may have blocked Network Users from having access using Workgroup Manager 10.8.
    Open Workgroup Manager 10.8
    Authenticate to the local directory as an administrator.
    Go to the machines section and select the server where users cannot log in.
    Click the preferences icon to see the preferences for that computer set through WM 10.8
    From the overview choose Login.
    Choose the Access tab and set Manage: to Never.
    Message was edited by: Mark23

  • Network users cannot log in to Wiki

    I am managing an OS X Server 10.6 at work. As far as I can tell only local users on the server (i.e, those created through the server's Accounts preference pane) can log in to the Wiki (e.g., to "My Page"). Our user accounts are managed through the server's Open Directory LDAP. We don't have an Active Directory server (though we do have a mix of PCs and Macs). All SSL checkboxes are off, if that makes a difference. How do I enable Wiki login for Open Directory accounts?
    Message was edited by: MLModel

    Thanks for your reply. My concern is with users who don't have local accounts on the server machine. It seems to me that local accounts on the server machine are generally inappropriate, as well as imposing a maintenance burden that duplicates the maintenance of the Open Directory user entries.
    Am I correct that for users with no local server account I need to have "WebDAV-Digest" turned on in Server Admin > Open Directory > Settings > Policies > Authentication? Is it a bad idea to have that policy on? (I don't remember whether it is on by default when the server is installed, but it was off when I was having the Wiki problems and turning it on seemed to enable login by anyone in Open Directory.)

  • When one network user is logged in another network user cannot on the same machine

    I am working on a home network for 5 family members and we are use to fast user switching. Since getting the server up we can no longer fast user switch. If one network user is logged in and we go to switch to a new user the server returns an error and that user can not log into that machine until the first user logs out. I would expect this to work but I have not had any success.
    Any suggestions
    David urban

    Hi,
    What is the current setting of Enable user policy polling on clients?
    However, if this setting is False or No, the following will not work when users use the Application Catalog:
    In System Center 2012 Configuration Manager SP1 and System Center 2012 R2 Configuration Manager only, users cannot install the applications that they see in the Application Catalog.
    Users will not see notifications about their application approval requests. Instead, they must refresh the Application Catalog and check the approval status.
    Users will not receive revisions and updates for applications that are published to the Application Catalog. However, they will see changes to application information in the Application Catalog.
    If you remove an application deployment after the client has installed the application from the Application Catalog, clients continue to check that the application is installed for up to 2 days.
    http://technet.microsoft.com/en-in/library/gg682067.aspx#BKMK_ClientPolicyDeviceSettings
    In addition, the following to thread may give us some clue:
    http://social.technet.microsoft.com/Forums/en-US/6a51488c-ff68-4c83-9b3d-6d03fd74a373/application-catalog-could-not-communicate-with-the-client-control-properly?forum=configmanagerapps
    http://social.technet.microsoft.com/Forums/en-US/235f7ef7-e646-401e-9524-008831a32cde/application-catalog-silverlight-error-could-not-communicate-with-the-client-control-properly?forum=configmanagerapps

  • OD users cannot log on without server home directory

    I am new to OD and am trying to configure a working setup for a few Macs on the network. The server is set up as an OD master, and while we are running Active Directory, the Mac server is not integrated into the AD network. DHCP and DNS are handled by the server that provides AD.
    I have set up a few test users and bound a Mac to the OD server for testing. I've found that if I don't specify a home directory for a particular user in workgroup manager (i.e. I just leave it at (none)), the user cannot log on to the bound Mac. The log in window begins to slide as if it is accepting the password, then stops and shakes and brings me back to the login window without any error message. If I specify a home directory on the server, it will then accept the username and password, show that I am logging in as said user, then display the message, "You are unable to log in to the user account [user] at this time. Logging into the account failed because an error occurred."
    I'm guessing the error message relates to a permissions issue with the way the home directories are set up. But honestly, I'd rather the users just have their home directories stored locally rather than on the server. How do I configure it so that the users are able to log on and their home directories are stored locally?
    Thanks in advance for any assistance that can be provided!

    After playing around with the system some more, I found that I had to explicitly specify the local home directory. I set it to /Users/ and everything seems to be working now.

  • User cannot log into ZCM Agent 11.3.1

    We just went through a domain migration. All PCs were unregistered from the old ZCM 11.2 server in the old domain before they were migrated. When we went to re-register them to the 11.3.1 ZCM server, we ran into 2 issues. Some of the systems successfully upgraded to 11.3.1 BUT users cannot log onto the ZCM 11.3.1 Agent. It's giving an error of "unable to log into the network because the login credentials or the server certificate is incorrect". The PCs that didn't not upgraded to ZCM 11.3.1 and are running 11.2.0 do not have this problem. They get authenticated appropriately. The User configuration is set to eDirectory (just like on the ZCM 11.2 server in the old domain).
    I ran "zac ci" and noticed there are old certificates from ZENworks servers that are no longer around. How do you get rid of these old references? It's picking up the new server's certificates. I ran this on my PC ZCM Agent 11.2 (won't upgrade and can authenticate into the ZCM 11.2 agent just fine) and I do not see the old certificates. I'm only seeing certificates for the new ZCM 11.3.1 server in the new domain and the eDirectory master server that the ZCM server is referencing.

    The old Trusts can be cleared using IE to managed the Trusted Root
    Stores. There are some other ways too.
    However, Having old ones should not be an issue unless the old and new
    Servers have the same name. Not 100% sure matching will cause an issue,
    but I think I have seen that before.
    It may be possible to automate the removal of the old trusts, but I
    would not worry about that until you verify it is an issue by manually
    fixing a couple and see if resolves your issue.
    Your issue may be something else.
    Reinstalling CASA is something else to try.
    On 10/9/2014 5:16 AM, hfr63 wrote:
    >
    > We just went through a domain migration. All PCs were unregistered from
    > the old ZCM 11.2 server in the old domain before they were migrated.
    > When we went to re-register them to the 11.3.1 ZCM server, we ran into 2
    > issues. Some of the systems successfully upgraded to 11.3.1 BUT users
    > cannot log onto the ZCM 11.3.1 Agent. It's giving an error of "unable
    > to log into the network because the login credentials or the server
    > certificate is incorrect". The PCs that didn't not upgraded to ZCM
    > 11.3.1 and are running 11.2.0 do not have this problem. They get
    > authenticated appropriately. The User configuration is set to
    > eDirectory (just like on the ZCM 11.2 server in the old domain).
    >
    > I ran "zac ci" and noticed there are old certificates from ZENworks
    > servers that are no longer around. How do you get rid of these old
    > references? It's picking up the new server's certificates. I ran this
    > on my PC ZCM Agent 11.2 (won't upgrade and can authenticate into the ZCM
    > 11.2 agent just fine) and I do not see the old certificates. I'm only
    > seeing certificates for the new ZCM 11.3.1 server in the new domain and
    > the eDirectory master server that the ZCM server is referencing.
    >
    >
    Going to Brainshare 2014?
    http://www.brainshare.com
    Use Registration Code "nvlcwilson" for $300 off!
    Craig Wilson - MCNE, MCSE, CCNA
    Novell Technical Support Engineer
    Novell does not officially monitor these forums.
    Suggestions/Opinions/Statements made by me are solely my own.
    These thoughts may not be shared by either Novell or any rational human.

  • I cannot log in my account but can as a guest even after removing the password

    i cannot log in my account but can as a guest even after removing the password

    Hi Kabiru,
    Thanks for visiting Apple Support Communities.
    You may want to use the steps in this article to reset your user account password:
    OS X: Changing or resetting an account password
    http://support.apple.com/kb/HT1274
    Best,
    Jeremy

  • SAPJSF user cannot log-on to the User Management Engine.

    We have a newly installed PI 7.0 system.
    SLDCHECK is succussful but if we go to the http://hostname:50100/sld - we are redirected to http://hostname:50100/logon/logonServlet?redirectURL=%2Fwebdynpro%2Fdispatcher%2Fsap.com%2Ftc%7Esld%7Ewd%7Emain%2FMain
    When we check the default.trc file, we see the error: User "SAPJSF" is the communication user for the connection between User Management Engine and the ABAP backend system SIDCLNTxyz. This user cannot log-on to the User Management Engine.
    The SAPJSF user is not locked in SU01.  This user is used by the JCO providers to connect to the gateway service.
    We opened Visual Administrator and navigated to Server0 -> Services -> UM Provider
    We changed the password  property at ume.r3.connection.master.passwd
    We then restarted the ABAP and J2EE engine.  But we still see this error.
    Any help to solve this issue is appreciate.
    Jay Malla

    Hi,
    Please, refer the link below. It says you cannot logon with SAPJSF user to J2EE engine for security reasons.
    http://help.sap.com/saphelp_nw2004s/helpdata/en/4e/225b42eeb66255e10000000a155106/frameset.htm
    Thanks
    R.Murali

  • Firefox Sync: I cannot log into my account using the sync key that was given to me and nothing I do seems to fix it. Is there anyway I can "reset" my username? I'd like to reopen an account using my same username as opposed to starting from scratch.

    I cannot log into my account using the sync key that was given to me and nothing I do seems to fix it. Is there anyway I can "reset" my username? I'd like to reopen an account using my same username as opposed to starting from scratch.

    reading through that, it doesn't look like you were given up on Candice. you never replied to StarDeb's last set of questions in that thread. she was probably waiting to hear back from you.
    why didn't you reply?

  • HELP NEEDED - 530 user cannot log in

    I'm using CS5.5 and would desperately like some advice over a very odd problem.
    For some reason I have a duplicate website  showing in DW. It is not on the desktop and doesn't appear in any search.
    The original - Cumbria Dog Training, ha sbeen joined by Cumbria Dog Training 2.
    I have no idea how this has happened.
    I have been validating two items today, one a simple js item and the other is renaming an.htaccess file without the .txt
    At the moment, when I try to upload anything from the original, I have the message
    FTP error occurred - cannot make connection to host etc.
    530 user cannot log in
    What does all this mean and what can I do about it.
    Many thanks for any advice.
    Paul
    btw - I also upgraded my server plan today.

    Thanks SnakEyez
    You're right and I've sorted it out, to the point that I can now upload stuff.
    It may sound a dumb question but how - safely - do I remove the duplicate copy, which is showing under "manage sites".
    Many thanks
    Paul

  • End Users cannot log in to the ccmuser web page.

    Greetings,
    I have a Call Manager Business Edition that was synched with a customer's AD directory. However, the end users cannot log in to the ccmuser web page with either their AD password or the Call Manager end user PIN.
    Any suggestions?
    Thanks
    George

    Thanks for your reply, Aaron.
    All users are in the end user group.. I even created a new role/user group that gives users complete read/write access to all end user features. Still no go. I think it is an LDAP issue, but I'm confused because everything else works.

  • Why i cannot log in my account on ipad and cannot download app from ipad?

    why i cannot log in my account on ipad and oso cannot download app from ipad??

    I don't totally understand what you are trying to do. Do you have an Apple ID and have you registered a valid credit card with iTunes?

  • User cannot log in using Opendirectory password but can log in using Crypt

    Hi,
    We have an Xsan environment with Opendirectory authentication. Most of the users are created in Workgroup manager and home folders are stored on an Xsan volume.
    We have noticed (this has happened to two users recently) that sometimes user cannot log in using his password stored in Opendirectory Password server. This is permanent to some specific User/Workstation combination. Other users can log in to the same workstation and this user can log in to other workstations.
    Also, if I change password type to Crypt in Workgroup manager, user can log in to this workstation. In past this happened to another user/workstation combination.
    I tried to create a new Opendirectory password (password ID has changed in WM), with no success.
    Any ideas?
    Thanks,
    Darius

    You say you can log in the web browser right? You can find your username in the following url: https://play.spotify.com/user

  • OD network user cannot download files.  Otherwise account is acting normaly

    I just inherited an open directory workgroup.... but am still an OD admin newbie, so be gentle
    I have a network user (home directory resides on an xserve). her account is acting normally except for the inability to download anything to her Home directory. She can save files to and from her Home directory fine (from the server or from an email attachment, etc...). a get-info on her Desktop folder shows her as the owner with read/write access. If I change the browser setting from Desktop to Documents I get the very same error.
    the error is as follows (with names changes to protect the innocent):
    Downloading
    /private/network/servers/MYXSERVER/volumes/xraidhd1/networkusers/THEUSER/desktop /THEFILENAME
    /private/network/servers/MYXSERVER/volumes/xraidhd1/networkusers/THEUSER/desktop /THEFILENAME could not be saved, because you cannot change the contents of that folder.
    Change the folder properties and try again, or try saving to a different location.
    thank you.
    G5 single 1.8 Mac OS X (10.4.8)
    Mac OS X (10.4.6)
      Mac OS X (10.4.8)  

    that's another thing I cannot figure out. What's with the "/private/network/servers/" line in the error? there is no such directory on the xserve.
    Firefox generates the error.. Safari just says it cannot save the file.
    here is the ls -l command for the user:
    bos-xserve01:~ admin$ ls -l /Volumes/XRAIDHD1/NetworkUsers/mcrean
    total 0
    drwxrwx--- 17 mcrean staff 578 Mar 9 10:26 Desktop
    drwxrwx--- 8 mcrean staff 272 Mar 9 10:19 Documents
    drwxrwx--- 34 mcrean staff 1156 Jan 26 11:39 Library
    drwxrwx--- 3 mcrean staff 102 Jan 8 08:20 Movies
    drwxrwx--- 3 mcrean staff 102 Jan 8 08:20 Music
    drwxrwx--- 5 mcrean staff 170 Jan 8 08:20 Pictures
    drwxrwx--- 4 mcrean staff 136 Jan 8 08:20 Public
    drwxrwx--- 6 mcrean staff 204 Jan 8 08:20 Sites
    bos-xserve01:~ admin$
    and for the NetworkUsers directory:
    bos-xserve01:~ admin$ ls -l /Volumes/XRAIDHD1/NetworkUsers
    total 0
    drwxrwx--- 16 acarpine admin 544 Mar 9 07:28 acarpinella
    drwxrwx--- 12 admin staff 408 Nov 17 2005 afitch
    drwxrwx--- 11 admin staff 374 Sep 12 13:26 ainachchal
    drwxr-xr-x 17 bbendavi staff 578 Mar 9 08:13 bbendavidval
    drwxr-xr-x 11 bblancha staff 374 Mar 8 17:03 bblanchard
    drwxr-xr-x 16 bmcdermo staff 544 Mar 9 08:57 bmcdermott
    drwxr-xr-x 11 bwogan staff 374 Mar 9 10:45 bwogan
    drwxrwx--- 11 czink admin 374 Nov 17 2005 czink
    drwxrwx--- 19 dpapapie admin 646 Mar 9 12:13 dpapapietro
    drwxr-xr-x 15 dpoplin staff 510 Mar 7 17:32 dpoplin
    drwxr-xr-x 15 eyoung staff 510 Mar 9 09:57 eyoung
    drwxr-xr-x 15 gfodero staff 510 Mar 6 10:49 gfodero
    drwxr-xr-x 16 hfaneuf staff 544 Mar 8 08:38 hfaneuf
    drwxrwx--- 17 jhannon admin 578 Mar 9 13:10 jhannon
    drwxrwx--- 11 admin staff 374 Nov 17 2005 kessleruser
    drwxr-xr-x 17 khodder staff 578 Mar 8 17:00 khodder
    drwxrwx--- 11 admin staff 374 Nov 17 2005 lcorse
    drwxr-xr-x 16 ldalbert staff 544 Mar 9 08:37 ldalberti
    drwxr-xr-x 24 lyin staff 816 Mar 9 08:29 lyin
    drwxr-xr-x 16 mcrean staff 544 Mar 9 10:26 mcrean
    drwxr-xr-x 11 mfinegan staff 374 Mar 9 08:39 mfinegan
    drwxr-xr-x 17 mmaguire staff 578 Mar 9 08:50 mmaguire
    drwxrwx--- 11 mremick admin 374 Nov 17 2005 mremick
    drwxr-xr-x 18 msilva staff 612 Mar 9 13:09 msilva
    drwxr-xr-x 15 mwalker staff 510 Mar 9 07:39 mwalker
    drwxr-xr-x 15 nbarber staff 510 Jan 8 08:44 nbarber
    drwxr-xr-x 12 oddonder staff 408 Jan 16 10:17 oddondero
    drwxr-xr-x 20 rmccuske staff 680 Mar 9 09:21 rmccusker
    drwxrwx--- 11 scanner admin 374 Mar 7 09:26 scanner
    drwxrwx--- 11 admin staff 374 Nov 17 2005 sparemac
    drwxrwx--- 18 admin staff 612 Sep 11 17:14 temp
    drwxrwx--- 16 admin staff 5

  • Network user cannot migrate AppleMail account from Snow Leopard to Lion 10.7.1.

    I have a network user that is trying to open Apple Mail on a mini running Lion 10.7.1 for the first time.  This user previously used a mini that is running Snow Leopard.  Apple Mail is trying to perform an import I assume because Apple Mail 5 on the Lion is different then the version running on Snow Leopard?  The import fails and says to press Continue to allow the Migration Assistant to create a new library.  When we do this, the system responds that the Mail Index is damaged, to quit and reopen Mail so it can be repaired.  We get the same set of messages when we close and go back into Mail.
    When I access the console logs, here is what I saw:
    10/18/11 12:23:01.647 PM Mail: Upgrade failed because of exception: Could not move /Network/Servers/server.aigtechnologies.net/Volumes/Data/Users/javier/Library/M ail/V2-Temp.noindex to /Network/Servers/server.aigtechnologies.net/Volumes/Data/Users/javier/Library/M ail/V2; ERROR: Error Domain=NSCocoaErrorDomain Code=513 "“V2-Temp.noindex” couldn’t be moved because you don’t have permission to access “Mail”." UserInfo=0x7fec021161b0 {NSUserStringVariant=(
        Move
    ), NSDestinationFilePath=/Network/Servers/server.aigtechnologies.net/Volumes/Data/ Users/javier/Library/Mail/V2, NSFilePath=/Network/Servers/server.aigtechnologies.net/Volumes/Data/Users/javie r/Library/Mail/V2-Temp.noindex, NSUnderlyingError=0x7fec021144b0 "The operation couldn’t be completed. Permission denied"}
    My interpretation of this message is that either the ACL or POSIX permissions are not set correctly for the user.  When I log into Server Admin and check this though, ACL is set to allow Full Control for the user's folder and all children folders.  The POSIX is set to Read&Write for the user's folder and all of the children files.
    I read some of the discussions and tried removing all of the contents of the V2-Temp file, but this creates the same result.
    Any suggestions would be appreciated.
    Charlene

    I have a network user that is trying to open Apple Mail on a mini running Lion 10.7.1 for the first time.  This user previously used a mini that is running Snow Leopard.  Apple Mail is trying to perform an import I assume because Apple Mail 5 on the Lion is different then the version running on Snow Leopard?  The import fails and says to press Continue to allow the Migration Assistant to create a new library.  When we do this, the system responds that the Mail Index is damaged, to quit and reopen Mail so it can be repaired.  We get the same set of messages when we close and go back into Mail.
    When I access the console logs, here is what I saw:
    10/18/11 12:23:01.647 PM Mail: Upgrade failed because of exception: Could not move /Network/Servers/server.aigtechnologies.net/Volumes/Data/Users/javier/Library/M ail/V2-Temp.noindex to /Network/Servers/server.aigtechnologies.net/Volumes/Data/Users/javier/Library/M ail/V2; ERROR: Error Domain=NSCocoaErrorDomain Code=513 "“V2-Temp.noindex” couldn’t be moved because you don’t have permission to access “Mail”." UserInfo=0x7fec021161b0 {NSUserStringVariant=(
        Move
    ), NSDestinationFilePath=/Network/Servers/server.aigtechnologies.net/Volumes/Data/ Users/javier/Library/Mail/V2, NSFilePath=/Network/Servers/server.aigtechnologies.net/Volumes/Data/Users/javie r/Library/Mail/V2-Temp.noindex, NSUnderlyingError=0x7fec021144b0 "The operation couldn’t be completed. Permission denied"}
    My interpretation of this message is that either the ACL or POSIX permissions are not set correctly for the user.  When I log into Server Admin and check this though, ACL is set to allow Full Control for the user's folder and all children folders.  The POSIX is set to Read&Write for the user's folder and all of the children files.
    I read some of the discussions and tried removing all of the contents of the V2-Temp file, but this creates the same result.
    Any suggestions would be appreciated.
    Charlene

Maybe you are looking for

  • The valuation category cannot be changed in MM02

    Hi, While activating the Valuation category in accounting view in materail master getting the below error "The valuation category cannot be changed" due to batch xx is existing. checked the following. 1.No open PO's or PR's or any other documents. 2.

  • Can't open iTunes or App Store on my ipad2

    iTunes when finally opens it shows only pics and txts, as if I lost the configuration some how... The same happens if I open facebook using safari... My app store won't even open... Please help me!!! I'm totally new to apple products. Right now I'm t

  • Not linking to comp

    so i got a macbook after i bought my ipod...it was formatted to a pc...so today, after finally getting all of my music onto itunes, i decided it was time to reformat my ipod. my ipod works, everything went fine, but now when i plug it into my compute

  • System Update with T440s and Windows 8.1

    I installed clean install windows 8.1 (iso directly from Microsoft) and I was thinking, that Lenovo System Update will install all necessary drivers and tools for me. Sadly, this was not happening at all. Majority of drivers was missing. Even newest

  • "Cannot find symbol" error problem

    I've got problem with compiling this program: import java.awt.*; import java.awt.event.*; import javax.swing.*; import javax.swing.event.*; public class SliderDemo extends JFrame {      private JSlider diameterSlider;      private ovalPanel myPanel;