Network users cannot log in to server

Similar Messages

• OD users cannot log on without server home directory

  I am new to OD and am trying to configure a working setup for a few Macs on the network. The server is set up as an OD master, and while we are running Active Directory, the Mac server is not integrated into the AD network. DHCP and DNS are handled by the server that provides AD.
  I have set up a few test users and bound a Mac to the OD server for testing. I've found that if I don't specify a home directory for a particular user in workgroup manager (i.e. I just leave it at (none)), the user cannot log on to the bound Mac. The log in window begins to slide as if it is accepting the password, then stops and shakes and brings me back to the login window without any error message. If I specify a home directory on the server, it will then accept the username and password, show that I am logging in as said user, then display the message, "You are unable to log in to the user account [user] at this time. Logging into the account failed because an error occurred."
  I'm guessing the error message relates to a permissions issue with the way the home directories are set up. But honestly, I'd rather the users just have their home directories stored locally rather than on the server. How do I configure it so that the users are able to log on and their home directories are stored locally?
  Thanks in advance for any assistance that can be provided!

  After playing around with the system some more, I found that I had to explicitly specify the local home directory. I set it to /Users/ and everything seems to be working now.

• Network users cannot log in to account on server

  Here's the situation.
  1) X-Server running 10.6
  2) Workstation running 10.5 or 10.4
  3) Created user accounts using WGM (from a machine other than the server)
  4) Bound workstation to server ('green-light' and message Network Accounts Available - shows up on workstation.
  5) When test account user name and password are entered, password shakes - we get the message 'Cannot log in due to an error'.
  What gives???!!!???

  If the error you're getting is 'You are unable to log in to the user account "suchandso" at this time. Logging in to the account failed because an error occurred', that usually indicates that there was a problem mounting the user's home folder. My standard approach to narrowing down where errors like this are coming from is to test the critical parts of a network login (user info lookup, authentication, and home directory mount) by hand and watch for informative errors:
  Log in as a local user on a client computer, and open the Terminal utility.
  Run the command "id suchandso" (where "suchandso" is the short name of a network user). It should reply with something like "uid=1025(suchandso), gid=20(staff)," etc. If it instead replies with "id: suchandso: no such user", you either have the wrong username or the client is having trouble looking up user info on the server over LDAP. (Note: if this isn't working, you generally don't get as far as the error message, just a shake of the login window.)
  Get a network authentication ticket with the command "kinit suchandso" (enter the user's password when prompted). If this works, it'll just come back with another shell prompt. If something goes wrong, you'll generally get an informative error message about what the problem is (e.g. if it says "Kerberos Login Failed: Clock skew too big", that means the client's clock is too far out of sync with the server's and one or both of them needs to be corrected).
  Now, use the Finder's Connect to Server (Command-K) feature to try to connect to the server; enter the server's full domain name in the Server Address field. You should not be prompted for a name and password (Kerberos authentication should be automatic after the "kinit" command; if not, something's wrong with the file service's Kerberos setup). You should get a "Select the volumes to mount" dialog including the Users folder (or whatever folder your user homes are under). Note that the user's actual home folder will also be listed, but that's not what you want; select the Users volume instead. If the Users folder isn't listed, or you get an error trying to mount it, troubleshoot that.
  If none of that shows any problem, you've got something more obscure going wrong. A couple of random things to try:
  Enable guest access to the Users folder (shouldn't be necessary, but I've seen reports that it sometimes avoids trouble).
  Make sure the user's home folder settings are configured correctly: use WGM to switch the user's home folder to "(None)", save, then set it back and save again.

• Network users cannot log in to Wiki

  I am managing an OS X Server 10.6 at work. As far as I can tell only local users on the server (i.e, those created through the server's Accounts preference pane) can log in to the Wiki (e.g., to "My Page"). Our user accounts are managed through the server's Open Directory LDAP. We don't have an Active Directory server (though we do have a mix of PCs and Macs). All SSL checkboxes are off, if that makes a difference. How do I enable Wiki login for Open Directory accounts?
  Message was edited by: MLModel

  Thanks for your reply. My concern is with users who don't have local accounts on the server machine. It seems to me that local accounts on the server machine are generally inappropriate, as well as imposing a maintenance burden that duplicates the maintenance of the Open Directory user entries.
  Am I correct that for users with no local server account I need to have "WebDAV-Digest" turned on in Server Admin > Open Directory > Settings > Policies > Authentication? Is it a bad idea to have that policy on? (I don't remember whether it is on by default when the server is installed, but it was off when I was having the Wiki problems and turning it on seemed to enable login by anyone in Open Directory.)

• When one network user is logged in another network user cannot on the same machine

  I am working on a home network for 5 family members and we are use to fast user switching. Since getting the server up we can no longer fast user switch. If one network user is logged in and we go to switch to a new user the server returns an error and that user can not log into that machine until the first user logs out. I would expect this to work but I have not had any success.
  Any suggestions
  David urban

  Hi,
  What is the current setting of Enable user policy polling on clients?
  However, if this setting is False or No, the following will not work when users use the Application Catalog:
  In System Center 2012 Configuration Manager SP1 and System Center 2012 R2 Configuration Manager only, users cannot install the applications that they see in the Application Catalog.
  Users will not see notifications about their application approval requests. Instead, they must refresh the Application Catalog and check the approval status.
  Users will not receive revisions and updates for applications that are published to the Application Catalog. However, they will see changes to application information in the Application Catalog.
  If you remove an application deployment after the client has installed the application from the Application Catalog, clients continue to check that the application is installed for up to 2 days.
  http://technet.microsoft.com/en-in/library/gg682067.aspx#BKMK_ClientPolicyDeviceSettings
  In addition, the following to thread may give us some clue:
  http://social.technet.microsoft.com/Forums/en-US/6a51488c-ff68-4c83-9b3d-6d03fd74a373/application-catalog-could-not-communicate-with-the-client-control-properly?forum=configmanagerapps
  http://social.technet.microsoft.com/Forums/en-US/235f7ef7-e646-401e-9524-008831a32cde/application-catalog-silverlight-error-could-not-communicate-with-the-client-control-properly?forum=configmanagerapps

• User cannot log into ZCM Agent 11.3.1

  We just went through a domain migration. All PCs were unregistered from the old ZCM 11.2 server in the old domain before they were migrated. When we went to re-register them to the 11.3.1 ZCM server, we ran into 2 issues. Some of the systems successfully upgraded to 11.3.1 BUT users cannot log onto the ZCM 11.3.1 Agent. It's giving an error of "unable to log into the network because the login credentials or the server certificate is incorrect". The PCs that didn't not upgraded to ZCM 11.3.1 and are running 11.2.0 do not have this problem. They get authenticated appropriately. The User configuration is set to eDirectory (just like on the ZCM 11.2 server in the old domain).
  I ran "zac ci" and noticed there are old certificates from ZENworks servers that are no longer around. How do you get rid of these old references? It's picking up the new server's certificates. I ran this on my PC ZCM Agent 11.2 (won't upgrade and can authenticate into the ZCM 11.2 agent just fine) and I do not see the old certificates. I'm only seeing certificates for the new ZCM 11.3.1 server in the new domain and the eDirectory master server that the ZCM server is referencing.

  The old Trusts can be cleared using IE to managed the Trusted Root
  Stores. There are some other ways too.
  However, Having old ones should not be an issue unless the old and new
  Servers have the same name. Not 100% sure matching will cause an issue,
  but I think I have seen that before.
  It may be possible to automate the removal of the old trusts, but I
  would not worry about that until you verify it is an issue by manually
  fixing a couple and see if resolves your issue.
  Your issue may be something else.
  Reinstalling CASA is something else to try.
  On 10/9/2014 5:16 AM, hfr63 wrote:
  >
  > We just went through a domain migration. All PCs were unregistered from
  > the old ZCM 11.2 server in the old domain before they were migrated.
  > When we went to re-register them to the 11.3.1 ZCM server, we ran into 2
  > issues. Some of the systems successfully upgraded to 11.3.1 BUT users
  > cannot log onto the ZCM 11.3.1 Agent. It's giving an error of "unable
  > to log into the network because the login credentials or the server
  > certificate is incorrect". The PCs that didn't not upgraded to ZCM
  > 11.3.1 and are running 11.2.0 do not have this problem. They get
  > authenticated appropriately. The User configuration is set to
  > eDirectory (just like on the ZCM 11.2 server in the old domain).
  >
  > I ran "zac ci" and noticed there are old certificates from ZENworks
  > servers that are no longer around. How do you get rid of these old
  > references? It's picking up the new server's certificates. I ran this
  > on my PC ZCM Agent 11.2 (won't upgrade and can authenticate into the ZCM
  > 11.2 agent just fine) and I do not see the old certificates. I'm only
  > seeing certificates for the new ZCM 11.3.1 server in the new domain and
  > the eDirectory master server that the ZCM server is referencing.
  >
  >
  Going to Brainshare 2014?
  http://www.brainshare.com
  Use Registration Code "nvlcwilson" for $300 off!
  Craig Wilson - MCNE, MCSE, CCNA
  Novell Technical Support Engineer
  Novell does not officially monitor these forums.
  Suggestions/Opinions/Statements made by me are solely my own.
  These thoughts may not be shared by either Novell or any rational human.

• Cannot log into OpenDirectory server

  I am running OSX Server 2.2 on a Mac Mini with 10.8.5.  I have successfully enabled Open Directory and created several users that are set up as Services Only, as they do not need home directories, only file sharing and (hopefully in the future) contacts and single sign-on.
  I am able to bind my computer to the OD server using the fully qualified domain name (internal.xxxx.org) and get the green "enabled" dot in the Users page on the Mac.
  I turned on "Allow Network Users to Log In" and tried to log in as my network user, and it "shakes" when I enter the username and password, and won't log in.  What am I doing wrong?  I'm unclear how to log in as a network user from my Mac's sign-in screen.  I also tried using the administrator's account, which is an actual user account on the server and that did not log in either.  It doesn't seem like the Mac is even attempting to check the server for user information.
  Thank you.

  Many Open Directory problems can be resolved by taking the following steps. Test after each one, and back up all data before making any changes.
  1. The OD master must have a static IP address on the local network, not a dynamic address.
  2. You must have a working DNS service, and the server's hostname must match its fully-qualified domain name. To confirm, select the server by name in the sidebar of the Server application window, then select the Overview tab. Click the Edit button on the Host Name line. On the Accessing your Server sheet, Domain Name should be selected. Change the Host Name, if necessary. The server must have at least a three-level name (e.g. "server.yourdomain.com"), and the name must not be in the ".local" top-level domain, which is reserved for Bonjour.
  3. The primary DNS server used by the server must be 127.0.0.1 (that is, itself) unless you're using another server for internal DNS. The only DNS server set on the clients should be the internal one, which they should get from DHCP if applicable.
  4. Follow these instructions to rebuild the Kerberos configuration on the master.
  5. If you use authenticated binding, check the validity of the master's certificate. The common name must match the hostname and domain name. Deselecting and then reselecting the certificate in Server.app has been reported to have an effect in some cases. Otherwise delete all certificates and create new ones.
  6. Unbind and then rebind the clients in the Users & Groups preference pane. Use the fully-qualified domain name of the master.
  7. Reboot the master and the clients.
  8. Don't log in to the server with a network user's account.
  9. Disable any internal firewalls in use, including third-party "security" software.
  10. If you've created any replica servers, delete them.
  11. As a last resort, export all OD users. In the Open Directory pane of Server, delete the OD server. Then recreate it and import the users. Ensure that the UID's are in the 1001+ range.

• HELP NEEDED - 530 user cannot log in

  I'm using CS5.5 and would desperately like some advice over a very odd problem.
  For some reason I have a duplicate website  showing in DW. It is not on the desktop and doesn't appear in any search.
  The original - Cumbria Dog Training, ha sbeen joined by Cumbria Dog Training 2.
  I have no idea how this has happened.
  I have been validating two items today, one a simple js item and the other is renaming an.htaccess file without the .txt
  At the moment, when I try to upload anything from the original, I have the message
  FTP error occurred - cannot make connection to host etc.
  530 user cannot log in
  What does all this mean and what can I do about it.
  Many thanks for any advice.
  Paul
  btw - I also upgraded my server plan today.

  Thanks SnakEyez
  You're right and I've sorted it out, to the point that I can now upload stuff.
  It may sound a dumb question but how - safely - do I remove the duplicate copy, which is showing under "manage sites".
  Many thanks
  Paul

• Is there an application to monitor users who log into Windows Server 2012 R2?

  I'm looking at Family Safety Feature in Windows 8 and like what they can do.  I have a request to monitor, track users who log into Windows Server 2012 R2 to see how many users login, how long each login is for each user so a monthly report can be generated.  
  1.  I just wonder if Windows Essential 2012 can be used for this purpose or not.  If it can, is Windows Essential 2012 a feature can be added or installed on Windows Server 2012 R2?
  2.  If Window Essential 2012 cannot be used for this purpose, is there any feature in Windows Server 2012 R2 that can be used for this purpose?
  3.  Is there any other suggestions?
  Thank you for your help.
  Thanks and Regards,
  Hien Phan

  Hi Hien,
  Anything updates?
  It seems that there is no feature can do that. I agree with Tim that you can check the event logs. In general, the event 4624 would be created when a user was logged on, and the event 4634 would be created when a user account was logged
  off.
  More information:
  Tracking User Logon Activity Using Logon Events
  Best regards,
  Susie
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• User cannot log in using Opendirectory password but can log in using Crypt

  Hi,
  We have an Xsan environment with Opendirectory authentication. Most of the users are created in Workgroup manager and home folders are stored on an Xsan volume.
  We have noticed (this has happened to two users recently) that sometimes user cannot log in using his password stored in Opendirectory Password server. This is permanent to some specific User/Workstation combination. Other users can log in to the same workstation and this user can log in to other workstations.
  Also, if I change password type to Crypt in Workgroup manager, user can log in to this workstation. In past this happened to another user/workstation combination.
  I tried to create a new Opendirectory password (password ID has changed in WM), with no success.
  Any ideas?
  Thanks,
  Darius

  You say you can log in the web browser right? You can find your username in the following url: https://play.spotify.com/user

• SAPJSF user cannot log-on to the User Management Engine.

  We have a newly installed PI 7.0 system.
  SLDCHECK is succussful but if we go to the http://hostname:50100/sld - we are redirected to http://hostname:50100/logon/logonServlet?redirectURL=%2Fwebdynpro%2Fdispatcher%2Fsap.com%2Ftc%7Esld%7Ewd%7Emain%2FMain
  When we check the default.trc file, we see the error: User "SAPJSF" is the communication user for the connection between User Management Engine and the ABAP backend system SIDCLNTxyz. This user cannot log-on to the User Management Engine.
  The SAPJSF user is not locked in SU01.  This user is used by the JCO providers to connect to the gateway service.
  We opened Visual Administrator and navigated to Server0 -> Services -> UM Provider
  We changed the password  property at ume.r3.connection.master.passwd
  We then restarted the ABAP and J2EE engine.  But we still see this error.
  Any help to solve this issue is appreciate.
  Jay Malla

  Hi,
  Please, refer the link below. It says you cannot logon with SAPJSF user to J2EE engine for security reasons.
  http://help.sap.com/saphelp_nw2004s/helpdata/en/4e/225b42eeb66255e10000000a155106/frameset.htm
  Thanks
  R.Murali

• How to have the network users home folder on the server

  I have snow leopard server up and running and I want to have the network users home folder on the server, instead of it being located on the connected computers. This way the users can access their folders from other computers in the network

  In addition you have to make the sharepoint able to be automaticly mounted. The manual say this is very important.
  But you should really read the announced manual. All the manuals all filled with step-by-step instructions for modifiing many preferences... That´s my experience!
  Now I´ve got a question, too...
  My OD-Master is bound to AD. I try to use win-Accounts for workin on mac. It work pretty good, by using an group-account. In this group-account I cennect the win-accounts to instruct all the restrictions I´ve set for user-accounts.
  But this way I can´t create a homefolder on a share...
  The share(netusers) is on the same server(mac-server2) like OD-Master is running. I´ve set the path for creating homefolders in Mobility option on "//mac-server2/netusers" for the group-account the AD-user is member of.
  Is it the wrong way?

• End Users cannot log in to the ccmuser web page.

  Greetings,
  I have a Call Manager Business Edition that was synched with a customer's AD directory. However, the end users cannot log in to the ccmuser web page with either their AD password or the Call Manager end user PIN.
  Any suggestions?
  Thanks
  George

  Thanks for your reply, Aaron.
  All users are in the end user group.. I even created a new role/user group that gives users complete read/write access to all end user features. Still no go. I think it is an LDAP issue, but I'm confused because everything else works.

• Network Account Cannot Log On

  New, fresh install of 10.8.2 OS X Server. DHCP, DNS, Open Directory, File Sharing all working. Server hostname is set to myserver.private. Two users are created:
  test1 (and other accounts) has a network home, on AFP-shared Users, enabled for Home Directories
  test2 home is set to Local Only
  On an MBP 10.8.2, successfully joined to myserver.private, I try to log-in with those two network accounts. One works, the other does not:
  test2 is able to log-on without a problem, log-out, and log-on, and so on,
  test1 seems to authenticate, but cannot log on, displays message "You are unable to log in to the user account "test1" at this time. Logging in to the account failed because an error occurred."
  After failing with test1, test2 will also produce the same error, until I log-in and log-out successfully with a local MBP account, or it has been rebooted.
  The only error related to test1 that I can see in the Console logs is:
  authorizationhost[1197]: ERROR | -[HomeDirMounter mountNetworkHomeWithURL:attributes:dirPath:username:] | PremountHomeDirectoryWithAuthentication( url=afp://myserver.private/Users, homedir=/Network/Servers/myserver.private/Users/test1, name=test1 ) returned 64
  Now, if I change test1 home directory setting (using Server.app) to "Local Only", I will be able to log-in on the MBP, however no home directory is provided (it serves the root of the local file system). If I log-out, and then use the Server.app to change it back to the previously set network home, I will be able to log-in with this account on the MBP with test1, but not with any other accounts that have a network home directory.
  Any ideas why I am getting the "You are unable to log in" error in the first place? Many thanks for any hints...

  It seems that the problem is that LS cannot prompt you for connection requests during the very early login stage, ie. when you are still at the login window, so the connection gets rejected and the login fails.
  If you disable the LS then upon first login you will get a dialog from LS saying that there were connection attempts during login, and allow you to verfiy them, I tried it now on the second mac, and it seems that all that matters is the NetAuthSysAgent - allow outgoing connections to domain yourdomainname, but this is a rule of the user you are logging into!

• 10.5.6 update - user cannot stay connected to server anymore!

  Ugh. Here we go again, Apple! One user updated to .6 before leaving last night. Today, he can log in (local account) and now when he's connected to our XSERVE, he CANNOT save or copy files to it. he is getting constant "connection interrupted" messages. I am also looking at the Server Admin utility on the server and he's showing up multiple times as either "Disabled/Asleep" or (weird) his machine name is showing up as server-16027567 instead of the machine's actual name.
  Someone, PLEASE tell me there is a simple way to roll back this update!!

  Hi DevCom ,
  Just wanted you to know that I've solved my "saved-over-the-network" problem by upgrading my AFP server to 10.4.11, after reading this note from Apple :
  Improves Apple File Service performance, especially when using a home directory hosted on an AFP server. Important: If you are using Mac OS X 10.5.6 (client) to connect to a Mac OS X Server 10.4-based server, it is strongly recommended that you update the server to Mac OS X Server version 10.4.11.