Open directory users cannot connect to iCal.

Similar Messages

• Cannot find bookmarks - open directory user

  We have LDAP v3 at our school. A teacher logged on to a different computer and her bookmarks were missing. Since she is an open directory user, I believe her books should follow her. We were trying to figure out where on a Mac the bookmarks are stored...and we could not figure it out.
  We see the profile where an internet search told us the bookmarks were -- but we could not see them. What specific folder are they in and what is the name of the file/folder that contains the bookmarks?

  The name of the file is '''places.sqlite'''.

• Mountain Lion Open Directory Users PhotoShop Elements 6.0

  Under Mac 10.8.5 , Licensing works fine for local users, but it fail for Open Directory Users.
  specifically I'm trying to launch Adobe Photoshop Elements 6.
  none of my workstations are connected
  it worked just fine under Leopard and Snow Leopard.
  running disk utilities repair permissions did not help.
  running the License Repair tool from adobe did not help.
  deleting the FLEXnet Publisher
  and Preferences/FLEXnet Publisher
  and the
  Preferences/FLEXnet Publisher/FLEXnet did not help
  all of my open directory users are group 1028
  i have
  chgrp -R 1028 /Library/Application Support/Adobe/
  chgrp -R 1028 /Applications/Adobe*
  chmod 775 /Library/Application Support/Adobe/Elements Organizer/11.0/
  chmod 775 /Library/Application Support/Adobe/Adobe PCD/cache
  chmod 775 /Library/Application Support/Adobe/Adobe PCD
  chmod 775 /Library/Application Support/Adobe/SLStore/
  chmod 777 /Library/Application Support/Adobe/Premiere Elements/11.0/AMTInfo.txt
  many of the files in these directories have permissions 664.
  several of the files that are frequently accesses were already 664 before i looked at them.
  i have over 80 user workstations.
  Mountain Lion OSX 10.8.5
  MacPro workstations 2 3.06 GHz 6-core intel Xeon
  12 Gigs of Ram
  Note i also have Adobe Premiere 11.0 installed on the workstations.
  Adobe Premiere 11.0 works fine after all the ownership and permission issues are solved.

  Hi OpenDirectoryDude,
  Photoshop Elements 6 has not been tested and has compatibility issues with Mac 10.8.5

• Users cannot connect over SMB 10.10.1 server.app 4.0 and 4.0.3

  Hello,
  I have an issue where users cannot connect to a server for files sharing over SMB.
  Info:
  All users on 10.10.1
  2 Servers on 10.10.1
  Server.app 4.0.3 but issue was also present using 4.0
  SMB connection works when connecting to the OD Master
  SMB does not work when connecting to the OD Replica ServerBut AFP works fine when connecting to the OD Replica Server.
  I have destroyed and re-added the OD replica but that did not seem to help
  This is what I see in the logs each time I try to connect(logs have been cleaned to remove client details:
  Jan  9 14:37:12 server.pretendco.com digest-service[9961]: label: default
  Jan  9 14:37:12 server.pretendco.com digest-service[9961]: dbname: od:/Local/Default
  Jan  9 14:37:12 server.pretendco.com digest-service[9961]: mkey_file: /var/db/krb5kdc/m-key
  Jan  9 14:37:12 server.pretendco.com digest-service[9961]: acl_file: /var/db/krb5kdc/kadmind.acl
  Jan  9 14:37:12 server.pretendco.com digest-service[9961]: digest-request: uid=0
  Jan  9 14:37:12 server.pretendco.com digest-service[9961]: digest-request: netr probe 0
  Jan  9 14:37:12 server.pretendco.com digest-service[9961]: digest-request: init request
  Jan  9 14:37:12 server.pretendco.com digest-service[9961]: digest-request: init return domain: SERVER2 server: SERVER2 indomain was: <NULL>
  Jan  9 14:37:13 server.pretendco.com digest-service[9961]: digest-request: uid=0
  Jan  9 14:37:13 server.pretendco.com digest-service[9961]: digest-request: init request
  Jan  9 14:37:13 server.pretendco.com digest-service[9961]: digest-request: init return domain: SERVER2 server: SERVER2 indomain was: <NULL>
  Jan  9 14:37:13 server.pretendco.com kdc[4802]: Got a canonicalize request for a LKDC realm from local-ipc
  Jan  9 14:37:13 server.pretendco.com kdc[4802]: Asked for LKDC, but there is none
  Jan  9 14:37:13 server.pretendco.com sandboxd[395] ([4802]): kdc(4802) deny file-read-data /private/etc/krb5.conf
  Jan  9 14:37:22 server.pretendco.com kdc[4802]: Got a canonicalize request for a LKDC realm from local-ipc
  Jan  9 14:37:22 server.pretendco.com kdc[4802]: Asked for LKDC, but there is none
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: uid=0
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: init request
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: init return domain: SERVER2 server: SERVER2 indomain was: <NULL>
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: uid=0
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: init request
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: init return domain: SERVER2 server: SERVER2 indomain was: <NULL>
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: uid=0
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: od failed with 2 proto=ntlmv2
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: user=SERVER2\\username
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: kdc failed with 36150275 proto=unknown
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: guest failed with -1561745590 proto=ntlmv2
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: uid=0
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: init request
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: init return domain: SERVER2 server: SERVER2 indomain was: <NULL>
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: uid=0
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: init request
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: init return domain: SERVER2 server: SERVER2 indomain was: <NULL>
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: uid=0
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: od failed with 2 proto=ntlmv2
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: user=SERVER2\\codywood
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: kdc failed with 36150275 proto=unknown
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: guest failed with -1561745590 proto=ntlmv2
  I suspect the problem is to do with Kerberos and in relation to this server being an OD Replica.
  I would really appreciate anyone's insight into this.
  Thanks
  Morgs

  I have the same problem although I upgraded from Lion Server to Mountain Lion Server. The error appears to go hand in hand with this error.
  userInit: CFPreferences: user home directory for user kCFPreferencesCurrentUser at /Network/Servers/fullyqualifieddomainname/Users/user is unavailable. User domains will be volatile.
  I've read a number of things to try. A lot of people point to DNS being a problem, but I'm confident this is correct in my environment.

• Authentication Delays / Slow Authentication for Open Directory Users

  I'm experiencing delays when authenticating Open Directory users and it absolutely has me at my wit's end.
  The problem is quite simple: any time an Open Directory user authenticates his password there is a delay of at least 5-10 seconds. This goes for clients that are bound to the directory server and also authenticating locally on the server. Here are some examples:
  * On the server, there is a several second delay on the Login Window screen when trying to log in using an Open Directory account. Logging in as a local user is instantaneous.
  * In Workgroup manager, authenticating as the Directory Administrator takes several seconds.
  * On a remote computer, sharing the screen using an Open Directory user take several seconds and again, a local user is instantaneous. Screen sharing takes particularly long and often temporarily shows a sheet saying it has lost the connection with the server while authenticating.
  * Connecting with AFP takes several seconds when using an Open Directory login
  * On a client computer, unlocking the screen after sleep or screen saver takes several seconds for Open Directory users
  * Connecting with SSH does NOT exhibit the behavior
  In addition to all of this, I've seen periodic random unexplainable freezes for several seconds on client computers that are bound to the directory even when logged in as a local user account (and with no other users logged in.) For example, launching applications often results in a freeze. After unbinding the computer from the directory the problem goes away entirely.
  The history of the problem:
  Used Tiger Server for over a year = no problems
  Clean install of Leopard Server 10.5.0 back in October = no problems
  Update to Leopard Server 10.5.1 = no problems
  Then, all of the sudden one day several weeks back I started having problems. The server had been up for a few weeks. I didn't install any updates. I didn't change any configuration. Literally the only thing that I had done recently was unplug the Apple Cinema Display and keyboard+mouse that was connected to the server. Then I started having problems so I plugged the display, keyboard and mouse back in to troubleshoot it. I cleared the directory services caches on my server and clients and rebooted the Airport Base Station that's serving as my router and eventually the problem went away. I wish I could tell you which of those things resolved the problem but I have no idea. It was fine for a couple more weeks (and incidentally I once again unplugged the display, keyboard and mouse from the server). Then last week I started having problems again and this time no amount of rebooting, cache clearing, rebinding, troubleshooting using information in these forums or anything else will fix the problem. I only mention the display/keyboard/mouse thing because it's literally the only thing I changed around the time the problems started happening. I truly don't think it has anything to do with it.
  So in desperation I backed up and did a clean install today. Here's the process I used:
  0. Erase the disk
  1. Install Leopard Server 10.5.0 from the install DVD
  2. In the setup assistant, use the Advanced Configuration option but I didn't enable any services. Set up network settings and host name of myserver.mydomain.private.
  3. Reboot
  4. Use Software Update to update to 10.5.1 and Security Update 2007-009 v1.1
  5. Reboot
  6. Configure DNS (see below for detailed configuration)
  7. Reboot
  8. Change role to Open Directory Master
  9. Reboot
  ... and the problem is still there. Simply logging into the server GUI with the Directory Administrator account has the delay. Authenticating in Workgroup Manager has the delay. I haven't even bothered to set up AFP or any other users yet. I'm truly at my wit's end and I'm ready to chuck the server out the window.
  I've done a lot of googling and searching of these forums looking for answers. All of the responses seem to point to a problem with DNS or with the Kerberos realm. I believe all of my setup is correct. Here it is:
  == Basic Configuration ==
  OS: Mac OS X Server 10.5.1 (9B18) with Security Update 2007-009 v.1.1
  Services Enabled:
  DNS
  Open Directory
  (All other services are not yet enabled)
  == DNS Setup ==
  Primary Zone: mydomain.private.
  Allows zone transfer: no
  Nameservers: ns.mydomain.private.
  myserver (Machine) 10.0.22.201
  ns (Alias) myserver.mydomain.private.
  Reverse Zone: 22.0.10.in-addr.arpa.
  10.0.22.201 (Reverse Mapping) myserver.mydomain.private.
  Accept recursive queries from the following networks:
  localnets
  Forwarder IP Addresses:
  208.67.222.222
  208.67.220.220
  == Open Directory Setup ==
  Role: Open Directory Master
  LDAP Search Base: dc=myserver,dc=mydomain,dc=private
  Kerberos Realm: myserver.mydomain.private
  == Network Configuration ==
  Configure: Manually
  IP Address: 10.0.22.201
  Subnet Mask: 255.255.255.0
  Router: 10.0.22.1
  DNS Server: 127.0.0.1
  Search Domains: mydomain.private
  == Other Stuff ==
  Using 'changeip -checkhostname' verifies that the hostname and DNS hostname are both myserver.mydomain.private.
  I set the realm to myserver.mydomain.private (though the default was myserver.local) based on the advice of another poster to this forum. Kerberos.app reveals something interesting: the kdc and admin servers are both myserver.local and the domains are .local and local. I tried changing all instances of 'local' to 'mydomain.private' to see if that would solve the problem. No luck.
  I verified on a client that 'host myserver' and 'host 10.0.22.201' return proper DNS and reverse DNS resolutions.
  Hopefully one of the gurus out there will be able to help me out.
  Thanks,
  jeff

  I gathered together some log information for when I try to authenticate user 'diradmin' in Workgroup Manager. You can see from the log messages that this authentication took 4 seconds. There's an interesting error message in slapd.log (see below) but it doesn't say what it's looking for in the keytab that it's not finding. Grr! I've provided a listing of the principles in my keytab. I haven't monkeyed around with it at all -- this is just what resulted from promoting the server to an Open Directory Master.
  == kdc.log ==
  Dec 30 18:21:48 myserver.mydomain.private krb5kdc[79](debug): handling authdata
  Dec 30 18:21:48 myserver.mydomain.private krb5kdc[79](debug): handling authdata
  Dec 30 18:21:48 myserver.mydomain.private krb5kdc[79](debug): .. .. ok
  Dec 30 18:21:48 myserver.mydomain.private krb5kdc[79](debug): .. .. ok
  Dec 30 18:21:48 myserver.mydomain.private krb5kdc[79](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) fe80::216:cbff:fea5:f3ce: ISSUE: authtime 1199060508, etypes {rep=16 tkt=16 ses=16}, [email protected] for krbtgt/[email protected]
  Dec 30 18:21:48 myserver.mydomain.private krb5kdc[79](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) fe80::216:cbff:fea5:f3ce: ISSUE: authtime 1199060508, etypes {rep=16 tkt=16 ses=16}, [email protected] for krbtgt/[email protected]
  Dec 30 18:21:52 myserver.mydomain.private krb5kdc[79](info): TGS_REQ (7 etypes {18 17 16 23 1 3 2}) fe80::216:cbff:fea5:f3ce: ISSUE: authtime 1199060508, etypes {rep=16 tkt=16 ses=16}, [email protected] for ldap/[email protected]
  Dec 30 18:21:52 myserver.mydomain.private krb5kdc[79](info): TGS_REQ (7 etypes {18 17 16 23 1 3 2}) fe80::216:cbff:fea5:f3ce: ISSUE: authtime 1199060508, etypes {rep=16 tkt=16 ses=16}, [email protected] for ldap/[email protected]
  == slapd.log ==
  Dec 30 18:21:48 myserver slapd[36]: <= bdbsubstringcandidates: (authAuthority) index_param failed (18)
  Dec 30 18:21:52 myserver slapd[36]: SASL [conn=20] Failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No principal in keytab matches desired name)
  == sudo klist -k ==
  Keytab name: FILE:/etc/krb5.keytab
  KVNO Principal
  3 afpserver/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4 D0DDB570D64ED88C5D06A78A34B7167C
  3 afpserver/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4 D0DDB570D64ED88C5D06A78A34B7167C
  3 afpserver/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4 D0DDB570D64ED88C5D06A78A34B7167C
  3 cifs/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4D0DDB 570D64ED88C5D06A78A34B7167C
  3 cifs/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4D0DDB 570D64ED88C5D06A78A34B7167C
  3 cifs/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4D0DDB 570D64ED88C5D06A78A34B7167C
  3 vnc/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4D0DDB5 70D64ED88C5D06A78A34B7167C
  3 vnc/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4D0DDB5 70D64ED88C5D06A78A34B7167C
  3 vnc/LKDC:SHA1.D711BEA4D0DDB570D64ED88C5D06A78A34B7167C@LKDC:SHA1.D711BEA4D0DDB5 70D64ED88C5D06A78A34B7167C
  3 cifs/[email protected]
  3 cifs/[email protected]
  3 cifs/[email protected]
  3 ldap/[email protected]
  3 ldap/[email protected]
  3 ldap/[email protected]
  3 xgrid/[email protected]
  3 xgrid/[email protected]
  3 xgrid/[email protected]
  3 vpn/[email protected]
  3 vpn/[email protected]
  3 vpn/[email protected]
  3 ipp/[email protected]
  3 ipp/[email protected]
  3 ipp/[email protected]
  3 xmpp/[email protected]
  3 xmpp/[email protected]
  3 xmpp/[email protected]
  3 XMPP/[email protected]
  3 XMPP/[email protected]
  3 XMPP/[email protected]
  3 host/[email protected]
  3 host/[email protected]
  3 host/[email protected]
  3 smtp/[email protected]
  3 smtp/[email protected]
  3 smtp/[email protected]
  3 nfs/[email protected]
  3 nfs/[email protected]
  3 nfs/[email protected]
  3 http/[email protected]
  3 http/[email protected]
  3 http/[email protected]
  3 HTTP/[email protected]
  3 HTTP/[email protected]
  3 HTTP/[email protected]
  3 pop/[email protected]
  3 pop/[email protected]
  3 pop/[email protected]
  3 imap/[email protected]
  3 imap/[email protected]
  3 imap/[email protected]
  3 ftp/[email protected]
  3 ftp/[email protected]
  3 ftp/[email protected]
  3 afpserver/[email protected]
  3 afpserver/[email protected]
  3 afpserver/[email protected]

• Sharing only users cannot connect to Lion Server

  Dear all,
  I stumbled across a funny problem, that I tried to resolve all day. I just wanted to add a sharing only user for my girlfriends new MacBook that she could use to connect to a shared Time Machine Volume.
  If I add a new standard user, this user can connect to my server via finder (connect as...) and see the shared drives. If the same user tries to connect to the Time Machine Backup Volume via the settings dialog, it receives an error message (OSStatus-error 5).
  If I add a sharing only user, this user cannot connect via finder or Time Machine (same error). The clients console states the following error message:
  /System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthAgent[2471]      AFP error -5018 mapped to EIO
  Does anybody have an Idea?

  That is my point.  Yes, Apple still lets you add users via users and groups in system preferences but that is not how you should be adding users.  I've seen nothing but trouble when that option is used to add users and I believe that the Lion server docs say to not use that.  If you are using lion server why not use it the way it was meant to be.  Just create a account in OD and only give her access to the Time Machine Service and none of the others.

• Please help me. My YouTube app will not work. Every time I open it says 'cannot connect to youtube'. I have searched for help and tried resetting my settings and rebooting my ipad2 but nothing has solved the issue.

  Please help me. My YouTube app will not work. Every time I open it says 'cannot connect to youtube'. I have searched for help and tried resetting my settings and rebooting my ipad2 but nothing has solved the issue.

  Yes, I am connected to the Internet through my wifi. Everything is working fine with the e  eption of youtube.  I have reset all Internet settings and have tried synching to iTunes followed by rebooting.  This is all the advice I have found although none of it has been helpful.
  Has anyone else encountered this problem?

• How do I unbind a local user from an Open Directory user?

  I have a couple MacBook Pros running Leopard that successfully bound a local account to a corresponding Open Directory account using Directory Utility.
  I had to re-install Leopard Server (using Standard configuration) and re-create Open Directory accounts. Now these laptops are unable to bind to the new Open Directory accounts. They receive an error that the Open Directory user ID and password provided is incorrect. In addition the local user can no longer reset or change their password. I'm thinking this is because their local accounts are still bound to the old Open Directory accounts that no longer exist. Is there are way to unbind a local account in Leopard that has been bound to an Open Directory account via the Directory Utility.

  What account are you using to bind the machine? When binding you must authenticate using the OD admin login which is usually setup as diradmin or as the current client you are logged into the machine with, but this client needs to exist on the OD server.

• Lion: All Open Directory users obliterated

  After a rough migration from SLS, I've been running Lion Server successfully for a couple of weeks now.  However, this morning I saw that the file sharing services were down.  When I brought the server up on the monitor, the Finder was frozen solid.  I had to do a hard restart, and once it came up, all the Open Directory users are gone.  Only local users remain.  When I attempt to open the LDAP directory in Workgroup Manager it throws up a -14006 error.
  I'm going to attempt to rebuild the machine from a backup last night, but I'm wondering if anyone has any (quicker) advice.
  I'm tempted to just try and copy /var/db/openldap from the backup image over to the server, but I'm afraid it'll simply explode.  Is there a better alternative?  I don't have a current backup archive of *just* the open directory stuff...

  Restoring from a backup image "fixed" it of course, but I'm still curious how to restore the open directory database from a mirrored partition (i.e. without the use of an explicite restore from an open directory backup)

• User cannot connect to backend system with user J2EE_ADMIN.

  I am using Rapid Installer to initiate the second part of the installtion "ERP 6.0 EhP 3 – Self-Service Scenarios and Automatic Roles".  When I get to the J2EE User section to enter the parameters, the user is defaulted to "Administrator" and I enter my password.  I click next and get this message "User cannot connect to backend system with user J2EE_ADMIN."  Any ideas?

  If this is a double stack installation, you need to enter J2EE_ADMIN as user, NOT administrator.
  Markus

• Users cannot connect to Open Directory Leopard server

  Just testing Leopard server and running into all sorts of problems...
  Clean install of Leopard Server running DNS, AFP and Open Directory.
  Set up DNS first and checked both forward and reverse look-up was correct.
  Promoted to Open Directory master from Standalone.
  Created two test user accounts (without Home directories) and gave them access to a specific sharepoint.
  Setup LDAP on the client machine (Leopard client) and could see the user accounts in the Directory app.
  Try to log in.....'username or password incorrect'.
  Check the OD logs and cannot find any reference to the attempted log-in.
  I understand that it appears that user accounts require a Home Directory in Leopard, regardless of whether you actually want one (I don't). I tried creating a home directory using Workgroup Manager but as noted in other threads, the 'create home directory' button doesn't work.
  I then created a home directory via the command line for one of the user accounts but am still unable to log-in.
  Any ideas?
  Thanks.

  This may be a stupid question but have you run sudo chown on the user's home directory after creating it?
  I had the same problem and my solution is posted here: http://discussions.apple.com/thread.jspa?threadID=1290158&tstart=0
  Let me know if that works. If not, we'll work on it together.

• IChat not working with Open Directory users

  I have a Mac Mini running Snow Leopard Server 10.6.1. It provides services like Address Book, iCal, iChat, Mobile Access, MySQL, Web, SMB, Push, etc... I named the server 'Alpha' with the hostname 'alpha.markhadjar.com'
  I use DynDNS to help update my dynamic IP address with my ISP. They host my domain markhadjar.com. I created an 'A' record for markhadjar.com using my current IP. The DynDNS software client sends my current dynamic IP address and updates the record. I also created an alias for 'www'.
  Airport Extreme port forwards the correct ports to the requested server providing those services.
  All my users are listed in the Open Directory. My trouble is I can't seem to get iChat to work for the OD users. I get a connection error.
  The jabber account i'm using is the [email protected] I use the server 'ichat.markhadjar.com' with port 5222 without SSL as I do not have a SSL certificate.
  In the ichat settings of Server Admin, I specified ichat.markhadjar.com as the server name. I also created an alias in DynDNS for ichat.markhadjar.com - not sure if that was needed.
  I cannot connect using iChat to the server. I even changed the server in the iChat preferences (client side) to just markhadjar.com with no luck.
  Any help is greatly appreciated!
  Thanks.

  Mark, you mention that this server 'alpha' is running many things including Mobile Access Server. Do you also run Open Directory on the server? I am trying to figure out if Open Directory is required to be running on the server that runs Mobile Access for it to work in authenticating users and granting them appropriate access. I am hoping it is not required, because I'm having problems getting it to replicate from the Master OD server. It would be easier if it doesn't need to run OD at all. But then if it doesn't run OD, what do I need to do to "bind" it to the other internal origin server? I have read all the MObile Access doc's 50 times, and this is not clear to me. Just wondering how you are using Mobile Access. thanks man!

• Make Open Directory Users/Groups Administrators on Mac clients

  I have setup a OS X 10.8 server with Open Directory and have 2 mac os x mountain lion clients.  I would like for the user accounts I have created in the Open Directory to have admin access to the 2 mac client machines.  How can I do this?  I am new to OS X server.  Is there a Group Policy type equivalent like in Windows? 

  Ah! Thanks! No wonder I cannot do this...
  Unfortunately, the printers are all USB shared printers connected to computers on the network. Is there anyway to preset these printers? They don't show up in the Print manage settings at all.

• Open Directory users can't access shares

  Greetings all.
  I apologize if this has been covered, but I couldn't find a search term that would locate the issue.
  I have a 10.5.8 Server running on a MDD dual 1Ghz G4. I have it set up as an OD Master and providing time services, DNS, file sharing, portable home directories and calendaring for a small workgroup of 7 computers. At least that's the idea when it's functional.
  It is behind a NAT and only serves the local network.
  Until I have the user's data all transferred from local directories to portable home directories, I need to make it so that the users can access the shares.
  In testing, when I try to access a share, I get an error message that the login failed because the username or password was invalid.
  However, when I go look at the Password Service log, the user was authenticated and in good standing.
  Any ideas?
  Thank you,
  John

  maybe some additional information or rephrasing might help.
  I have users and groups set up with ACLs on the shares that are set up with automount over NFS. The shares should also be available via appleshare, but not automount.
  The users are configured now with Portable Home Directories.
  The client computers are bound to the Open Directory Master on which the shares reside.
  The server runs network time services and the client computers use that for their time service.
  The server also runs DNS, and the client computers use that DNS.
  Users can log into their Portable Home Directories ok.
  Users can not log into shares via "connect to server" as it says that the username/password is invalid, even though the password service log says that the user was authenticated and in good standing.
  Users can see the NFS automount shares at /Network/Servers/Library (where it is supposed to be), but they cannot write, even though the ACL gives the user account permission to do so.
  For the permissions on the automount, I can't tell if the user is not being detected as the authenticated user, and is therefore being given "everyone" permissions, or if the ACL is not working on the mount and so the user is being given ""everyone" permissions.
  Anyone have any idea how I can find out?
  As to why a user can't log in via "connect to server" I'm clueless.
  Thank you,
  John

• 10.6.8 to Mavericks Server Upgrade loses Open Directory Users

  Hi,
  I have an OpenDirectory Master running OSX Server 10.6.8. An upgrade to Mavericks 10.9 has just failed.
  The server has about 50 OD users and passwords need to be retained across the upgrade. Apart from OD, the only other active service is AFP file sharing.
  DNS is good forward and back as per this article: OS X Server: Steps to take before upgrading or migrating the Open Directory database
  I followed these Apple guidelines for server migration: OS X Server: Upgrade and migration from Lion Server or Snow Leopard Server.
  I cloned the boot drive, booted from the clone, upgraded to Mavericks, then installed the Mavericks Server app.
  On opening the Mavericks Server app "Configuring services' showed for 5 minutes, but then an error message appeared. I did not record it exactly, but it was something like, "There was an error configuring the server. Certificate not valid!".
  I was able to continue through the error but on opening Server app there were no OD (local/network) users showing. Authentication was not happening.
  I had underestimated the time to get the installation done and I had used up the window of downtime I had booked - I did not have much time to troubleshoot. So, I cut back to the original hard drive and the server is back to 10.6.8 again.
  Can anyone point me in the right direction to find out what may have gone wrong? How can I get my users into 10.9 Server?
  Many thanks,
  b.

  Linc Davis advice is spot-on, as usual.
  There seem to be dozens of sub-databases in the LDAP database. A problem in any of them seems to derail the entire conversion process. I tried a straight conversion and was also disappointed that there were unresolved issues, and it meant that the conversion failed.
  So I did the export route using WorkGroup Manager, and exported four sets:
  Users
  Groups
  Computers
  Computer groups
  go to the appropriate pane (e.g., Users) and Select All, then choose Export, and give it a name (probably with an embedded date in case you need to do it again later)
  Then use 10.9 WorkGroup Manager (available as a separate download) to Import.
  When re-imported, everything worked just fine (except the passwords, which cannot be carried forward using this method). I did have to manually enable at least one service, such as File Sharing service in Server [admin], or users showed up as "not allowed" [to log in].
  This entire process of getting Server 3 to work is fraught with peril, and everything converges on ONE diagnostic, "Network users can't log in". Which means you blew it, but provides no additional information about WHERE you blew it.
  There do not appear to be any magic bullets. It is just a tough slog. Users who reported success after failing the first time reported they returned to fundamental principles and did all the steps over, in order, to attain success.