Snow Leopard Server - Can't delete users in WGM?

Similar Messages

• Mac Mini Snow Leopard Server - can't login with admin account

  SO....i was having problems setting up network accounts from my mac Mini Server. I took it to the Apple Genius bar one night after work to get some help on why the login screen appears for Other..but could not login into any of the accounts I created.
  They made an appt for me for the next morning since they had a "guy" that could help the next morning.
  When I got there for my second appt..they said they don't support server issues. Only consumer products..I though the server WAS and i WAS a consumer of their products..so..they gave me a number of a consultant..of course..for pay...
  So later that day I was trying some other configurations....the power came out while I was checking a monitor cable..and when I restarted I couldn't login to the master admin account.
  Since mac mini server doesn't have a DVD drive..you have to boot up with their Server DVD from another computer and the Server installs it through airport.
  So I did the boot up via airport from the server install DVD.
  Did the Utility disk repair AND password changed. Got some error about not being to able to login if I don't change the keychains to the account.
  Rebooted the server.
  It didn't work.
  So now stuck with a login window..and NO ACCESS to change anything.
  HELP!!!!

  You can access to system with root account.
  If you didn't enable before, boot from SLS DVD and activate from menu (after choose language).
  After that, reset all the passwords (there is a menu to do that).
  After that exit from installer and reboot.
  At login screen you can try to login with your user and new/blank password.
  If it fails, you have to login with user root and the password you choose before.
  With root user, you can access to all system, be very carefull.
  Now you can create a new user and import all the files (you have to do a little work with permissions)
  I hope i help you!

• Can i install snow leopard server on a macbook?

  hi,
  i have to do some tests with snow leopard server. can i install it on a macbook white unibody bought one mounth ago? i don't want to buy a desktop mac to do this.
  bye.
  ls

  Sure, as long as it meets the hardware specs.

• I transferred files from a NAS server to the Mac Mini Snow Leopard Server and now some of the files have Custom Access and can't  be opened by some users.  How do I fix this?

  We're setting up our Mac Mini Snow Leopard Server, and in the process transferred files that had been stored and accessed from our Blackarmor NAS server over to the Mac.  These files were all created on PC's and are Office Excel files, WordPerfect files or PDF's.  When you look at the files on the Mac from the Mac and bring up Get Info for the affected file, it says that the file has Custom Access.  The files that work properly don't have that configuration.  I can access and open the files on some computers, but some users can't open the files from their computer even though they can see it.  We're all using PC's and they get the Error:  Access Denied-Contact your administrator--or something similar.  I've seen on the web similar issues and it may have something to do with ACL permissions.  I don't know enough about Mac OS to understand this, but what is baffling is that they can be opened from some PC's but not others, and all of the Users have the same accessibility to the files.  Thanks for a solution!!

  Oh, on the losing Internet, try this...
  Make a New Location, Using network locations in Mac OS X ...
  http://support.apple.com/kb/HT2712
  10.7 & 10.8…
  System Preferences>Network, top of window>Locations>Edit Locations, little plus icon, give it a name.
  10.5.x/10.6.x/10.7.x instructions...
  System Preferences>Network, click on the little gear at the bottom next to the + & - icons, (unlock lock first if locked), choose Set Service Order.
  The interface that connects to the Internet should be dragged to the top of the list.
  Instead of joining your Network from the list, click the WiFi icon at the top, and click join other network. Fill in everything as needed.
  For 10.5/10.6, System Preferences>Network, unlock the lock if need be, highlight the Interface you use to connect to Internet, click on the advanced button, click on the DNS tab, click on the little plus icon, then add these numbers...
  208.67.222.222
  208.67.220.220
  Click OK.
  PS. Your English is quite good & completely understandable.

• Mobile account users can not log on to the snow leopard server machine?

  Hi all,
  I've setup a network user and designated it as a mobile account. ** OS X 10.6.2 **
  When the user logs out of the snow leopard server machine, home sync tries to sync the local and network home directories. It is never able to connect. The network home directory is automounted and is not the default path /Users. I can see the two home directories on disk.
  Anyone else able to have their mobile users log in to the snow leopard server machine without issues?
  OS X 10.6.2 **

  It was the Sync server was down and did not know it

• Can't rename folders on Snow Leopard Server

  I have 10.6.8 Snow Leopard Server running on a new Mac Mini server. Attached I have a Pegasus Raid storing all my files. I have a sharepoint set up for every project we work on but a couple act strangely. Users can create and delete folders but can not rename them once created. In order to rename they must drag the folder onto the desktop, rename and then replace the folder on the server. All permissions are set up identical to the other sharepoints which work fine. I have had a couple so-called "experts" look at the permissions in both the terminal and Server Admin. Everyone seems stumped. Any ideas?

  Thanks for the input but I finally soved the problem. Here is what I found...
  Although I had given users/group the ALLOW/FULL CONTROL premission with a sharepoint, I discovered that in Server Admin if you double-click on the User or Group name under the ACL permissions that a drop down box appears. This box allows you to fine tune the ACL but it appears that by default all of the boxes are not checked even though I granted the user Full Control. After checking all of the boxes I was able to create and rename folders in my share as expected.
  This also had an similar effect if I denied Full Control. Some of the boxes remained unchecked and it left holes in my system where denied users could still access some files. Again by checking all boxes these holes were closed.
  Does anyone know how to change the default so that all boxes are checked when assigning the Full Control permission?

• Problems deleting pdf's generated from files off of Snow Leopard Server

  The small design studio I work at has just upgraded from G5's running 10.4 Tiger, working off Tiger Server, to new iMacs running 10.6 Snow Leopard and a Mac Mini Server, on Snow Leopard Server.
  Normal working practice is to open files off the server across the network, making changes and saving them back down. Most of the time, a pdf will be generated from the file to send to the client when copy changes have been made, then saving down the pdf file to the iMac to email to the client.
  The issue is now that when the pdf has been emailed, attempting to delete it brings up a warning window that 'You do not have sufficient accesses privileges to delete the file' and this then has to be done by selecting secure empty trash.
  We are all registered users on the Mac Mini Server and this was not an issue we had when using Tiger.
  Could anyone suggest any setting changes that would be required to get around this issue?
  As a note, all the work files were originally on a older G4 being used as a sever and were copied to the new Mac Mini Server, that was set up as a new machine and was not done via transfer files.
  Thanks
  Ben

  Hello Ben,
  I'm very sorry, but this is not the correct forum in which to post your question! Universal Access is the facility for ensuring that all Mac users can benefit fully from their machines, regardless of disability.
  Try Snow Leopard Server—Installation, Setup and Migration instead!
  Cheers,
  Archie

• Why can't Firefox set permissions for Snow Leopard Server Web-Site Wikis

  I've established a web-site for collaboration of planning for a state-wide NGO and a local citizens-government oversight commission.
  I'm using Snow Leopard Server v10.6.4, to drive the web-site, which includes the use of wikis.
  In creating a wiki and setting permissions, I find that I cannot set permissions for users or groups to 'read only' from the default 'read & write' while using Firefox. However, I CAN set them to 'read only' using Safari. And, once the permission has been modified in Safari, THEN it can be modified in Firefox.

  Solution found at http://michaeljin.wordpress.com/2010/01/05/locked-out-of-mac-os-x-server/
  It’s blog update time! Updates have been a little scarce lately, been super busy with getting trophies on PS3
  Anyway, recently encountered the following with a Mac mini server running Snow Leopard Server:
  Despite being able to ARD / Screenshare the Mac mini, I was unable to get any further than the login window. Authentication credentials are obviously valid. No weird access permissions have been set. However, the weird thing was, I can connect to the server via Server Admin tools (from another Mac) and all other services were running without a hitch.
  After much head scratching it turns out to be a sACL (Service Access Control List) issue.
  This thread solved the mystery!
  http://discussions.apple.com/thread.jspa?threadID=1654864
  To save you the trouble, I’ll lay it out here. I cannot take credit for this, but Randall can!
  Open Server Admin on a computer (any), and connect with the local admin to the machine.
  Select the server and authenticate.
  Select Settings, then go to Access. You’ll want to make sure that Login Window and SSH have the local admin account listed if you select the option to “Allow only these users”. For now, I would suggest making sure all services have “Allow all users and groups” selected.
  If (as in my case) it was set to Allow All in the first place, simply toggle the settings – back and forth.
  Save.
  Try logging in again… should be a good one!

• The Windows SMB feature has file locking if multiple users are accessing the same file.  Does Snow Leopard Server File Sharing (AFP) provide similar features?

  The Windows SMB feature has file locking if multiple users are accessing the same file.  Does File Sharing (AFP) on Snow Leopard Server provide similar services?

  Were you ever able to solve this problem. I'm having similar issues since upgrading to snow leopard. Four macs connect to a Windows Server 2003 for shared files. Each user has full permissions & when we "get info" it shows read & write permissions. Two of the computers were running 10.4, two were running 10.5. Everything worked properly until upgrading to snow leopard. Some files let me copy, move, delete. Others either just hang up or we get a "no permission" error. Also getting a "pdf is in use" error, even when the file/folder doesn't contain a pdf. We had our IT rep check the server who said everything is in working order. They don't represent macs any longer but feel that it's a mac problem. I would have to agree since this problem only started after the upgrade, and the one machine that was not upgraded (still running 10.5.8) is not dealing with these problems.
  Lastly, I would install 10.5 back on all of the computers if I could, but the leopard disk that came with one of the computers wouldn't work with the 2 machines running 10.4 and I didn't see it available at the apple store. I'll buy it if it's still available, but why wouldn't the disks that I have work?
  Thanks for any help

• Change user account in snow leopard server??

  Trying to change a user account picture in snow leopard server. Have couple computers that are on snow leopard and it uses the the network server that has all the login in. I can't change the user icon within system prefernces. Please help me!

  There are server user accounts and computer user accounts. System Preferences is for creating and managing computer user accounts. Server Preferences and Workgroup Manager are for creating and managing server user accounts. If you created the account in System Preferences, you won't be able to manage it with Server Preferences or Workgroup Manager.

• Kadmin can't change dsimport'ed passwords in Snow Leopard Server

  Hello, World.
  I am attempting to manage user accounts in Open Directory from a non-Mac system. After a good deal of investigation on Leopard Server, I wound up ssh'ing to our Open Directory server to create new accounts with 'dsimport', and then to manage later changes to the account through LDAP (for non-password data) and through Kerberos with kadmin, on the theory that kadmind was supposed to propagate the encrypted plain text passwords into Password Service for all of P.S.'s hashing needs.
  This worked great in Leopard Server, but under Snow Leopard Server, any attempt to change a user's password via kadmin fails with
  'change_password: KDC policy rejects request while changing password for <principal name>'
  At the same time, the system log (/var/log/system.log) shows
  Nov 2 17:53:46 od1 sandboxd[76028]: mkpassdb(76026) deny file-read-data /usr/sbin/mkpassdb
  Nov 2 17:53:46 od1 sandboxd[76028]: mkpassdb(76027) deny process-exec /usr/bin/ldapsearch
  However, if I create a principal directly with kadmin, kadmin does allow me to change the password for the principal I just created.
  Use modprinc to remove attributes (REQUIRESPREAUTH DISALLOW_SVR) from the dsimport'ed principals doesn't affect anything in any positive manner, though the principals I create manually in kadmin do lack these attributes.
  So, does anyone know what the story is, here? Is there no supported API that I can use from a Solaris/Linux server to fully manage accounts under Open Directory?

  I have a Similar issue, Details below. the summary is that Using the Snow Leopard GUI interface I created 17 users with a generic low security Password. then transferred and converted some mail files to the server. Once the mail was working properly, I changed the passwords to a slightly more secure password, and set it so my users would have to change their password to a more secure password at log in.
  Even after these password changes it is very easy to get other user's ticket information, if you know the original low Security Password with
  kinit <other user name>
  Details and demonstration.
  oursvr:krb5kdc root# kpasswd someuser
  Please enter the old password for [email protected]:
  Please enter the new password for [email protected]:
  Verifying, please re-enter the new password for
  [email protected] again:
  Server error
  Unknown error code: 2802413321
  KDC policy rejects request Unknown error code: 2802413326
  Please enter the old password for [email protected]:
  oursvr:krb5kdc root# kadmin.local
  Authenticating as principal root/[email protected] with password.
  kadmin.local: cpw [email protected]
  Enter password for principal "[email protected]":
  Re-enter password for principal "[email protected]":
  ambiguous user name.
  change_password: KDC policy rejects request while changing password for
  "[email protected]".
  kadmin.local: q
  oursvr:krb5kdc root# kinit someuser/admin
  Please enter the password for someuser/[email protected]:
  oursvr:krb5kdc root# klist
  Kerberos 5 ticket cache: 'API:Initial default ccache'
  Default principal: someuser/[email protected]
  Valid Starting Expires Service Principal
  12/21/09 12:00:53 12/21/09 22:00:53
  krbtgt/[email protected]
  renew until 12/28/09 12:00:53
  oursvr:krb5kdc root# kadmin
  Authenticating as principal someuser/[email protected] with password.
  Password for someuser/[email protected]:
  kadmin: cpw someuser
  Enter password for principal "someuser":
  Re-enter password for principal "someuser":
  change_password: Unknown error code: 2529638924 while changing password
  for "[email protected]".
  oursvr:krb5kdc root# kdestroy
  oursvr:krb5kdc root# kinit otheruser
  Please enter the password for [email protected]:
  oursvr:krb5kdc root# klist
  Kerberos 5 ticket cache: 'API:Initial default ccache'
  Default principal: [email protected]
  Valid Starting Expires Service Principal
  12/21/09 12:07:55 12/21/09 22:07:50
  krbtgt/[email protected]
  renew until 12/28/09 12:07:55
  CONFIGURATION
  =============
  Contents of /var/db/krb5kdc/kadm5.acl:
  ## This file autogenerated by KDCSetup ##
  */[email protected] * *
  [email protected] * *
  ADDITIONAL INFORMATION
  ======================
  (1) Using 'passwd' to change the password does not change the Kerberos
  password.
  (2) Using "dscl /LDAPv3/127.0.0.1 -passwd Users/someuser" does not change
  the Kerberos password.
  (3)
  (4) From /var/log/system.log:
  Dec 21 11:57:01 oursvr edu.mit.Kerberos.kadmind[79131]: ambiguous user name.
  Dec 21 11:57:01 oursvr sandboxd[82190]: mkpassdb(82189) deny file-read-data
  /usr/sbin/mkpassdb
  (5) From /var/log/krb5kdc/kadmin.log:
  Dec 21 12:02:36 oursvr.sub.dom.tld kadmind[79131](Notice): Request:
  kadm5chpassprincipal, [email protected], KDC policy rejects
  request, client=someuser/[email protected],
  service=kadmin/[email protected], addr=VVV.WWW.YYY.ZZ
  Dec 21 12:02:36 oursvr.sub.dom.tld kadmind[79131](Notice): Request:
  kadm5chpassprincipal, [email protected], KDC policy rejects
  request, client=someuser/[email protected],
  service=kadmin/[email protected], addr=VVV.WWW.YYY.ZZ
  (6) From /var/log/krb5kdc/ldc.log:
  Dec 21 11:56:51 oursvr.sub.dom.tld krb5kdc[62](info): AS_REQ (7 etypes {18
  17 16 23 1 3 2}) VVV.WWW.YYY.ZZ: NEEDED_PREAUTH:
  [email protected] for kadmin/[email protected],
  Additional pre-authentication required
  Dec 21 11:56:51 oursvr.sub.dom.tld krb5kdc[62](info): AS_REQ (7 etypes {18
  17 16 23 1 3 2}) VVV.WWW.YYY.ZZ: NEEDED_PREAUTH:
  [email protected] for kadmin/[email protected],
  Additional pre-authentication required
  Dec 21 11:56:51 oursvr.sub.dom.tld krb5kdc[62](info): AS_REQ (7 etypes {18
  17 16 23 1 3 2}) VVV.WWW.YYY.ZZ: ISSUE: authtime 1261414611, etypes
  {rep=18 tkt=16 ses=18}, [email protected] for
  kadmin/[email protected]
  Dec 21 11:56:51 oursvr.sub.dom.tld krb5kdc[62](info): AS_REQ (7 etypes {18
  17 16 23 1 3 2}) VVV.WWW.YYY.ZZ: ISSUE: authtime 1261414611, etypes
  {rep=18 tkt=16 ses=18}, [email protected] for
  kadmin/[email protected]
  (7) mkpassdb -dump 0x4b2bf32f30c3d4860000001e0000001e
  slot 0030: 0x4b2bf32f30c3d4860000001e0000001e someuser 12/21/2009
  12:28:17 PM
  Last password change: 12/21/2009 11:00:36 AM
  Last login: 12/21/2009 12:28:17 PM
  Failed login count: 0
  Disable reason: none
  Hash-only bit: 0
  Last Transaction ID: 2052
  Transaction requires kerberos: 1
  Record is dead: 0
  Record is not to be replicated: 0
  Access Features:
  isDisabled=0 isAdminUser=0 newPasswordRequired=0 usingHistory=0
  canModifyPasswordforSelf=1 usingExpirationDate=0 usingHardExpirationDate=0
  requiresAlpha=0 requiresNumeric=0 expirationDateGMT=18446744073709551615
  hardExpireDateGMT=18446744073709551615 maxMinutesUntilChangePassword=0
  maxMinutesUntilDisabled=0 maxMinutesOfNonUse=0 maxFailedLoginAttempts=0
  minChars=0 maxChars=0 passwordCannotBeName=0 requiresMixedCase=0
  requiresSymbol=0 notGuessablePattern=0 isSessionKeyAgent=0
  isComputerAccount=0 adminClass=0 adminNoChangePasswords=0
  adminNoSetPolicies=0 adminNoCreate=0 adminNoDelete=0 adminNoClearState=0
  adminNoPromoteAdmins=0
  Group(s) for Administration: unrestricted
  digest 0: method: *cmusaslsecretSMBNT
  digest length: 16
  digest: D6B093421FDF17380F0B695721F0F26A
  digest 1: method: *cmusaslsecretSMBLM
  digest length: 16
  digest: 5C957C596B14237409A48A7AC23C7AB2
  digest 2: method: *cmusaslsecretDIGEST
  digest length: 16
  digest: 8E9181A5F7697D7FB83BF2DA430CBB70
  digest 3: method: *cmusaslsecretCRAM-M
  digest length: 32
  digest:
  A08E4B9266A4B8676DEFA8584758F9013D29A479D81EE4E41D857D5A5CA4FA71
  digest 4: method: KerberosRealmName
  digest: OUR.KRB5.RLM
  digest 5: method: KerberosPrincName
  digest: someuser
  digest 6: method: *cmusaslsecretPPS
  digest length: 24
  digest: A5AC9D1843D42ED4AF39EFB4AB91E536F733FB2580978860
  digest 7: <empty>
  digest 8: <empty>
  digest 9: <empty>
  slot checksum: 7DAA85870308B253D5A9294483A4B0EF
  (8) dscl /LDAPv3/127.0.0.1 -read Users/someuser | grep -A 2 authAuthority
  dsAttrTypeNative:authAuthority:
  ;ApplePasswordServer;0x4b2bf32f30c3d4860000001e0000001e,1024 35
  14773688809506996593092824880872774590718495204127440029375223520574013330136617 78685429961896612181406054801454823310071429734609519569726042321602422714273008 59946509691313082062885828226653436410277560435615063784052163315144051817774743 254036483144235604939879290290235050919364398951613699884041179183857
  [email protected]:VVV.WWW.YYY.ZZ
  ;Kerberosv5;0x4b2bf32f30c3d4860000001e0000001e;[email protected];OUR.KRB5.R LM;1024
  35
  14773688809506996593092824880872774590718495204127440029375223520574013330136617 78685429961896612181406054801454823310071429734609519569726042321602422714273008 59946509691313082062885828226653436410277560435615063784052163315144051817774743 254036483144235604939879290290235050919364398951613699884041179183857
  [email protected]:VVV.WWW.YYY.ZZ

• After updating to snow leopard  and trying to delete mackeeper flash player will no longer work. Can anyone help me?

  After updating to snow leopard and trying to delete mackeeper, Flash player is being blocked and will not allow me to view utubes. Can anyone help?

  Here are instructions for eradicating MacKeeper - you may need to re-install it to uninstall it fully:
  http://applehelpwriter.com/2011/09/21/how-to-uninstall-mackeeper-malware/
  Regarding Flash - there are many reports on here that v13.x isn't working for a lot of people. distractme in the following thread posted instructions on how to install the previous version, which should work whilst Adobe work on a fix:
  https://discussions.apple.com/message/25430408#25430408

• Can i install bootcamp on mac mini snow leopard server 2010

  hello,there are 2 harddisks on a mac mini server 2010 (snow leopard server.)i want to use the other hdd for installing Windows home server 2011 x64 .
  but there is no bootcamp on the server.(do i have to download it?)
  how can i do this,or do i have to use parallels desktop.
  i have also a mac mini and a macbook pro and an alienware and a clevo laptop so i want the 2 servers seperate(and the mac-server on all the time)

  You would need to install SL (non sever) on you Mac Mini Server.
  You may be able to install the nonsever version on your 2nd HDD
       -Partition you 2nd HDD to the max BootCamp Partition
       -Install Windows Home Server on the BootCamp Partition (don't know of Windows Server is supported)
  So you would have:
  hdd1 - SnowLeopard Server
  hdd2 - SnowLeopard (non-server) + Bootcamp Partition
  Scenario 2:
  If you don't have a need for SL Server SW, then wipe out the system and put only the regular SL (non sever) on disk 1. Partition Disk2 for Bootcamp only.
  hdd1- SL (non-sever)
  hdd2 - Bootcamp
  I really don't know if you can copy the Bootcamp app onto SL Server OS to create a Bootcamp partition.

• Where can I find info on how to install and run Snow Leopard Server as virtual machine inside Mountain Lion

  Where can I find info on how to install and run Snow Leopard Server as virtual machine inside Mountain Lion

  Here is the short answer:
  Installing Snow Leopard Server into Parallels 10 for DUMMIES:
  http://forums.macrumors.com/showpost.php?p=17285039&postcount=564

• Can't Star iChat Service after update to Snow Leopard Server

  We had installed Mac OS X Server on a Mac Pro, and we had the iChat Service working in the organization; but when we update to the Snow Leopard Server we can't start the iChat service again. In the Server Admin app, on the iChat node in the Overview I have this:
  iChat Service is: Stopped
  Start time: not available
  Domain: not available
  Client connections: not available
  With the update if I choose the iChat service node, I can't see the Start iChat button.
  Can somebody help?
  Thanks a lot.

  Please try here http://discussions.apple.com/forum.jspa?forumID=1352
  OS X Server Snow Leopard > Chat and other items.
  8:40 PM Monday; January 4, 2010
  Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"