Users Cannot login to Network Accounts
Hello,
I have a newly built server, Mountain Lion, but am having issues with my users logging in; an error is received. I have not made the server Live Because of this issue of course. The Users Home folders are on a different external Hard Drive attached directly to the Server. I am able to see the the hard drive and its a shared drive. I received no errors (sudo changeip -checkhostname) showed success. No mThe computers are joined in the Network Server Account, and
But here is the kicker, If i create a user using the Local Home Folder, and not changing it to the external hard drive I am able to login.
Has anyone had this issue? If so, what was your resolution, how were you able to fix this issue with the login issue?
Any Assistance with this, would be great!
Thanks
B
an error is received.
umm... including the error message might have been useful...
In either case, you don't state whether you've explicitly shared the external drive as a home directory repository.
If your users home directories on on this external drive, then you need to share that external drive (typically via AFP) so that the client systems/workstations can connect to the share as part of the login process.
Have you verified that the drive is shared, and that the AFP service is running? Can you manually mount the sharepoint from a remote system on the LAN?
Similar Messages
-
Cannot login to network account (leopard client and server)
Up until now, I have used local accounts on my leopard server. I want to start experimenting with OD prior to implementing. I created a new user account in the /LDAPv3/127.0.0.1 domain, and have bound my leopard client to the server using directory utility. On the login screen, "Network Accounts Available" has a green button to the left of it. When I try and login to the server account, the login window just shakes. At first, I could enter the password and then it would prompt me for a new password. Trying to enter a new password would not allow me to login. I went back to server admin and disabled the "require new password" setting, (as well as the other good security policies)...
I have also reset the password in WGM, and made sure to disable all the security stuff there too...
Lastly, I have deleted the server in directory utility, rebooted, then added it back in, and rebooted again...
I still cannot login to the server account, the login screen just shakes
Does anyone have an idea of what settings and or logs I can check to try and narrow down what is going on?
Thanks in advance....to close out the thread, I have working dns on my network, but I did not have dns enabled on my server. I enabled the dns service and entered just the info for my server, then assigned my server and client to use the server's ip addy as the primary dns server. Next, I created the home directory.
Once both steps were done, I was able to log in from my client to my server based account...
FYI-I found a document on afp548.com called "leopard server: advanced setup, rsync backup and automated reporting" that walks you right thru the process...Here is the link, it's a very useful doc....
http://www.afp548.com/filemgmt_data/files/Leopard%20Server%20Quickstart%20Guide. pdf
thanks again boomboom_uk and woVi, your suggestions were spot on.... -
Cannot login with Network account.
Hi,
I am an experimented Mac user, but quite new with Snow Leopard Server.
I've just purchased the brand new MacMini Server.
I have configured my server with the name server.local and installed OpenDirectory as Master.
I wanted to try the network login, so I created a Test1 account in Open Directory. Then from my iMac I joined my server.local through System Preferences/Accounts/Options/... then I log off and try to use the newly created account test1.... I asked the system to change the password from first loggin... which works, but then I receive a message saying that I cannot log in for the moment... I tried everything but I just can't use the network account.
Any hints?
Cheers.You should avoid .local at all costs when configuring an OS X Server.
.local is reserved for zeroconfig/Bonjour, and will cause conflicts.
There's an excellent tutorial for new users here
http://www.wazmac.com/serversnetwork/fileservers/osxserver_setup/osxserver106setup.htm
Jeff -
Cannot login into network accounts when there is no network connectivity
Hey guys
quick question here if anyone can help.
What has been done: backuped user's home folder, binded the mac to AD, logged in as the user's AD name, copied everything from the backup into the new user's home folder, users can work flawlessly.
What is wrong is when they leave the office, after a few hours they cannot login anymore to their AD username. Is there something i missed?
The network accounts do not appear in system preferences.
ThanksOn your client machine login screen, type in ">console" (without quotes) in the username field and hit enter. Try and login with your network account username and password. What error messages do you get in console?
Taylor -
One iMac cannot login to network accounts
We have a small network with Lion (10.7.5) Server running on a Mac Pro and a variety of 8 iMacs and Mac minis that use the server for file sharing and network accounts. The client Macs are running a mix of Mountain Lion (10.8) and Mavericks (10.9). They have all 'joined' the 'Network Account Server' using the 'Login Options' section of the Users & Groups preference pane. And, except for one iMac, all the clients can log into network (or mobile) accounts from the server -- both ones that have previously been logged into on that machine and ones that haven't. However, one of the iMacs will not log into a network account. There are a few local accounts and logging into them is no problem. But every time we try to log into a network account on this iMac, the login dialogue just does the 'invalid login' shake. It seems not to check the login credentials with the server.
As far as I can tell, this iMac is set up the same as all the others. It is certainly joined the Network Account Server and there is a green dot by the server name in the Users & Groups preference pane. I have removed and re-added the server from there a few times, and I've even reinstalled Mavericks on this iMac (it is running 10.9.2). I haven't been able to find anything that has helped to solve this problem. Does anyone know why one iMac would refuse to use the network logins from the server when the others work? Or what I can do to gain further information?
Many thanks.On your client machine login screen, type in ">console" (without quotes) in the username field and hit enter. Try and login with your network account username and password. What error messages do you get in console?
Taylor -
Cannot login to network accounts from client computer
Hi. I'm setting up my first OS X Server setup for home use...I'm not creating a very complicated setup, but I've been working through the setup one step at a time.
Right now, I'm just running the DNS, File Sharing, and Open Directory services. I setup a couple of Network User accounts, and I wanted to try using one of the accounts to log in to a Mac client (running Mountain Lion) on the network. When the machine first comes up, I get a message that says 'Network Accounts Unavailable,' and if I try to log in, I get the error message saying 'You are unable to log in to the user account "xxxxx" at this time. Logging in to the account failed because an error occurred.'
If I stop and restart the Open Directory service, I get the following messages in the Open Directory Log:
2013-02-15 09:11:01.017801 EST - Unregistered node with name '/LDAPv3/127.0.0.1'
2013-02-15 09:16:19.139744 EST - Registered subnode with name '/LDAPv3/127.0.0.1'
Not sure if this is the source of the problem, but these are the only messages that are coming up if I turn the Open Directory off and then on again.
If anyone has any experience with this, or any suggestions, I'd greatly appreciate it!
Thanks!
If it helps:
Running OS X Mountain Lion (10.8.2) with Server (v2.2.1)
Client Machine is a VMWare Fusion VM Running Mountain Lion (10.8.2)On your client machine login screen, type in ">console" (without quotes) in the username field and hit enter. Try and login with your network account username and password. What error messages do you get in console?
Taylor -
My account Cannot login and say account restricted...
My account Cannot login and say account restricted ! i Never make payment
and my history payment ( You haven't purchased anything yet. ) !!!
what it's doing ?
My Skype ID : [Removed for privacy]Well if you were born and raised here in the US or Moved to US and got citizenship you should have a Social Security Card many businesses Like Verizon, or Credit Cards companies require having a S.S.C and require giving at least the Last 4 of the Card to Verify who you are + they'll probably ask a few other security credentials..
I'd say for now getting what you had is not going to be easy at least until you get and established S.S.C. and or if you can prove any other Information Verizon may ask you for..
Hope that Helps Good Luck b33 -
Network users cannot log in to account on server
Here's the situation.
1) X-Server running 10.6
2) Workstation running 10.5 or 10.4
3) Created user accounts using WGM (from a machine other than the server)
4) Bound workstation to server ('green-light' and message Network Accounts Available - shows up on workstation.
5) When test account user name and password are entered, password shakes - we get the message 'Cannot log in due to an error'.
What gives???!!!???If the error you're getting is 'You are unable to log in to the user account "suchandso" at this time. Logging in to the account failed because an error occurred', that usually indicates that there was a problem mounting the user's home folder. My standard approach to narrowing down where errors like this are coming from is to test the critical parts of a network login (user info lookup, authentication, and home directory mount) by hand and watch for informative errors:
Log in as a local user on a client computer, and open the Terminal utility.
Run the command "id suchandso" (where "suchandso" is the short name of a network user). It should reply with something like "uid=1025(suchandso), gid=20(staff)," etc. If it instead replies with "id: suchandso: no such user", you either have the wrong username or the client is having trouble looking up user info on the server over LDAP. (Note: if this isn't working, you generally don't get as far as the error message, just a shake of the login window.)
Get a network authentication ticket with the command "kinit suchandso" (enter the user's password when prompted). If this works, it'll just come back with another shell prompt. If something goes wrong, you'll generally get an informative error message about what the problem is (e.g. if it says "Kerberos Login Failed: Clock skew too big", that means the client's clock is too far out of sync with the server's and one or both of them needs to be corrected).
Now, use the Finder's Connect to Server (Command-K) feature to try to connect to the server; enter the server's full domain name in the Server Address field. You should not be prompted for a name and password (Kerberos authentication should be automatic after the "kinit" command; if not, something's wrong with the file service's Kerberos setup). You should get a "Select the volumes to mount" dialog including the Users folder (or whatever folder your user homes are under). Note that the user's actual home folder will also be listed, but that's not what you want; select the Users volume instead. If the Users folder isn't listed, or you get an error trying to mount it, troubleshoot that.
If none of that shows any problem, you've got something more obscure going wrong. A couple of random things to try:
Enable guest access to the Users folder (shouldn't be necessary, but I've seen reports that it sometimes avoids trouble).
Make sure the user's home folder settings are configured correctly: use WGM to switch the user's home folder to "(None)", save, then set it back and save again. -
Can't Login With Network Account After Upgrade To Yosemite Server 4
I've been putting off this troubleshooting for a while now, and after trying everything I could find, decided to post.
- After upgrading my server to Yosemite with Server 4, and my MacBook to Yosemite, I can no longer login with any network accounts.
- I was on clean installs of Mavericks before the upgrade.
- I'm using SSL for the OD, with a GoDaddy cert, the same one that was working on Mavericks.
- I've tried removing the laptop's binding using the Users and Groups preferences dialog, which does not remove the laptop's entry from Open Directory, so I manually deleted the record on the server.
- I then choose to Join again, and it looks as though everything goes through, but I still cannot login with a network account. Also, when rejoining, it does not create a binding on the server.
- If I use the Directory Utility->Services->LDAPv3, and add it that way, entering the FQDN and checking Encrypt..., Use for auth and Use for contacts, it asks me for the directory admin username and password, and does in fact create the binding on the server, but I still cannot login. What's strange about that method, is that it forces the use of the IP address of the server, rather than the FQDN, like I entered it, which would of course have problems, because the certificate's common name is the server's FQDN. It does not allow me to change from using the IP address, graying out that field.
- I've also tried destroying the OD and restoring from archive to no avail.
It looks like many users have hit dead ends with this, with some having success by completely formatting and setting up a new iteration of the server, but I will not be doing that. However, I'll be happy to try any other suggestions.
Thanks for your time,
-- MikeOkay, I've finally resolved the issue, thanks to the Apple Enterprise tech support team. I'm thinking they wouldn't mind if I share this information, but I can't guarantee that this will work on your system or, worse yet, degrade your system further. However, that's fairly unlikely, just make sure you have plenty of backups before you begin any troubleshooting session.
So I was told to perform the following instructions, which I did, line for line. The part about closing Server.app seems a given, but I'm not sure why they want you to open Server.app at the the end (maybe taken out of context from some other instructions?). I did it anyway, but you should be able to begin testing, on a client workstation, right after rekerberizing is complete. I did, however, need to reboot my client, login as local admin, and then binding would proceed, and network users are able to login again. The engineer also let me know to expect an error, something like the following: "2015-03-11 21:58:38 +0000 Error synchronizing removal of attribute draft-krbPrincipalACL from record 72519e4c-7ac7-15e4-bd42-10adb1944cbc: 77013 result: 16 No such attribute" - this is apparently normal, and did in fact happen in my experience.
So here's the fix:
- Quit Server.app (don’t just close the window)
- On the Open Directory Server, execute these Terminal commands:
- sudo mkdir /var/db/openldap/migration/
- sudo touch /var/db/openldap/migration/.rekerberize
- sudo slapconfig -firstboot
- Open Server.app
And that's it. I did nothing else on my OD server, just logged out. Immediately tried binding on my MacBook client, it failed, I rebooted, tried again, it worked quickly, and I'm able to login with network user accounts again. -
Cant login multiple network accounts on the same client?
Setup:
I have created a simple Lion Server on a new i7 Mac Mini. I have configured Open Directory in Master mode and have setup 4 user accounts. I have enabled the File Sharing service and checked the "Make available for home directories" option on the "Users" file share. I have configured each of the 4 user accounts to use this location as the home folder. I have connected my client machines (all OSX Lion) to the Network Account Server.
Problem:
I can log one user into the client machine, but when using "Fast User Switching" and logging on as the second user I get the following error:
"You are unable to log in to the user account "guestaccount" at this time. Loggin to the account failed because an error occured"
In the console if I search for that user account the related error message is:
11-07-31 12:30:54.993 PM authorizationhost: ERROR | -[HomeDirMounter mountNetworkHomeWithURL:attributes:dirPath:username:] | PremountHomeDirectoryWithAuthentication( url=afp://inntaserver01.local/Users, homedir=/Network/Servers/inntaserver01.local/Users/guestaccount, name=guestaccount ) returned 16
Any thoughts as to why the Home Folder "mounter" failed in this scenario?Historically you have never been allowed to use Fast User Switching to log in multiple network logins on the same client machine. This certainly applied with Tiger, Leopard, and Snow Leopard. I have not yet personally tried this with Lion.
I believe that the underlying reason for this not being allowed is down to how AFP volumes are mounted. The AFP mount becomes 'owned' by the user that triggers the login. With a network login the first user becomes the owner and this means subsequent attempted network logins are denied access to that share and hence cannot access their home directories.
With Tiger, Leopard, and Snow Leopard servers, one could configure network home directories to be shared via NFS instead of AFP. NFS gets treated a lot different in terms of mounting, and is done more at a system level than a user level. While again I have not personally tried Fast User Switching with NFS shared home directories, this approach is specifically recommended by the authors of AquaConnect (a Macintosh Terminal Server solution) in order to allow multiple logins on the same Terminal Server. This seems to be for the same underlying reason. Using NFS does certainly work for use with AquaConnect and also works for the competing iRAPP Terminal Server product as well.
Unfortunately, Lion Server while it can be made to run an NFS server, will not let you configure using NFS for sharing home directories. I have actually reported this as a 'bug' in Lion server.
Neither the authors of AquaConnect or iRAPP have actually tested this scenario with Lion server yet, but AquaConnect do plan to investigate it. It could make it considerably more difficult to use their products.
So in summary, using NFS to share network home directories in theory would avoid the problem and can be done with a Tiger/Leopard/Snow Leopard server, but cannot be done with a Lion server. It is possible however to mix Lion with older server versions. This might for some people be a possible workaround.
PS. A bonus side-effect of using NFS shared home directories was that this allowed badly written software like Adobe's applications which are otherwise notorious for having major issues with network logins and home directories to work without errors. As an example Adobe Acrobat Pro introduced a bug in version 7.0 which prevented it being able to print-to-PDF (one of the major reasons to buy Acrobat Pro). It tooks two years for them to eventually fix this in Acrobat Pro 8.1 (I know because I spent that two years nagging them to fix it and was a beta tester). Unfortunately they then reintroduced the bug in Acrobat Pro 9.0. Fortunately I discovered this side-effect got round the issue although a clunkier workaround was also possible for Snow Leopard clients by redirecting certain folder paths. -
OS X Server 10.6.4 - newly created user cannot login to server
As title.
Just turn on the mac mini server (mid-2010) and do some initial setup. It can access the internet. However, all users that I have created cannot log into the server! Only the one (admin account) that created during the 1st time server setup can login to the server. Anyone know why and what I have not setup properly?
New user during login take a while and no error message popup. The login window just acts like it can login but within a second, the login window "shaking" and prompt for me to login again. Watch below youtube video for more detail.
http://www.youtube.com/watch?v=K7wV3rVJK9c
Here are some information hope can help...
1. My mac mini server connect behind a router.
2. No special setting for the DNS / Open directory. Just use the system default.
3. When open "Server Admin", it shown "mac.local" at the upper left hand side.
Message was edited by: rayzine2rayzine2
After the Server Setup Assistant has finished and by default the Service Access Control Lists (SACLs) denies access to everyone apart from the default admin account. It does this when SSH is enabled. It's one of the options at the bottom of the dialog box you used to create the default administrator account. To turn this off launch Server Admin, select the Server name in the sidebar > Access.
You should be configuring client workstations to allow network users to log in to rather than the server. Read the documentation:
http://support.apple.com/manuals/#serversandenterprisesoftware
Tony -
Cannot login to any accounts anymore...
I have my latest MacBook Pro for over 2 years on one user account. Every time I boot up I just enter my password and get started. Today, however, I received a login with my computer name and nothing in the user or password fields. I have tried every combination I can think of and nothing works.
I have a system disk from the purchase, but it's damaged. I used another system disk (10.4) from my prior macbook, and booted. Tried to change account password but doesn't see my HD, only the startup disk (my current os is 10.5). I does see the HD and allow disk utility, etc.
Very frustrated I cannot login at all even though I know my admin/master password (not sure what the login or short name was though).
I am contemplating re-installing the OS back to 10.4 but obviously fear losing my apps/data, etc.
Please offer suggestions!HI,
Go to /Library/Preferences and move the com.apple.loginwindow.plist file to the Trash. Restart your MacBook. If the login window is still a problem....
I have a system disk from the purchase, but it's damaged. I used another system disk (10.4) from my prior macbook, and booted.
The disc(s) that come with your Mac(s) are machine specific meaning one won't work on another.
You can run Disk Utility by booting in Safe Mode You can Verify the startup disk in Safe Mode, but not repair it. You need the install disc that came with the Mac you are having problems with to do this.
What is Safe Mode
Carolyn -
Cannot login with a account created with workgroup manager on local box
Hi my name is richard and i recentgly acqquired from one of ,y friends a macbook pro with leopard 10.5.7 and I downloaded the server tools to it because workgroup manager gives me more control over user creation and the like.there are three issues that i am facing right now:
1) I create an account for a user "VERONICA MARS" short name vmars with a password of apple. when I try to login using that account the login window just sits there and shakes its head at me like no no no wrong cridentials.
2) using the same account vmars i try to reset her password using wgm and it says that it cannot reset the password.
3) when i try to create the account it tells me that the home directory cannot be created.
oh and heres a bonus one:
most of the time in wgm it takes forever to get from one tab to the next and ill have to do a force quit to restore my mkac back to normal.
if anyone can help with these issues please respond
thanks in advanced
richard johnson
mac fan for lifePlease let us know the username of the account that is giving you trouble.
-
Some Users cannot login via Lync 2013 windows client
Hi,
I have a Lync 2013 FrontEnd server, DB server and Edge Server.
Since last noon we are facing a mysterious issue. Its as below.
( I have just entered into Lync administration)
User A and User B, both were able to login to lync till yesteday noon on their individual PC, any PC or mobile (windows, android, mac) with any version of Lync client, inside and outside the organization.
Last noon User A reported that he is facing an issue that whenever he logs in to lync 2013 client he is automatically logged off in 2 to 3 seconds. Then again logs in automatically and again loggs off in 2-3 seconds. and thats all is happening again and
again. The message he is is getting after he is logged off is "The connection to the server was lost
. Reconnecting. Current calls may continue, but with reduced functionality".
But at the same time he was able to login from other computer and his mobile device. At the same time, User B is not facing any issue on his machine.
Then User A tried to login from the User B's computer and there also he faced same issue. Then i asked User B to login on computer of User A and what i see is User B is able to login on User A's computer.
What is concluded from the observation is, User A cannot login from lync client 2013 from any computer inside and outside of my network and can login from any other client/version/platform inside or outside of my network.
What i checked for is Client Version Policy of User A and User B, but both are same (Automatic). Below is my client version policy and i am using client version 15.0.4605.1000
In Sing In Logs. (By Right click on system tray icon of lync) i got below information.
Error-1
In Windows 8, event viewer i am getting only Event ID 1 or 12 which says, "
The description for Event ID 12 from source Lync cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Lync
Thanks, Rishi Pandit.The issue has been resolved by removing an entry from "Trusted Application Server". This application server was being used for Polycom VC infrastructure integration with Lync.
As per Task 4 section in
Polycom and Lync Integration Documentation we have to use below-
http://support.polycom.com/global/documents/support/strategic_partner_solutions/Polycom_UC_Microsoft_Deployment_W8.pdf
Use the New-CsStaticRoute command to set up a static route for the RealPresence
Collaboration Server system.
$route = New-CsStaticRoute -TLSRoute -destination rmx.corp.local
-port 5061 -matchuri sipdomain.com -usedefaultcertificate $true
where rmx.corp.local is the FQDN of the RealPresence Collaboration Server SIP signaling
domain and sipdomain.com is the name of the Trusted Application Pool you created.
but this was wrong.
we used sip.domain.com and issue got resolved. Polycom forgot one (.) dot between sip and domain.com which ruined us.
Thanks.
Thanks, Rishi Pandit. -
User cannot login to Analytics 11g
I used the Weblogic administrative account to create my own user name and password in the security realm. I can use my user name and password to connect to the Enterprise Manager, but I cannot login to Analytics. I keep getting the error message "Unable to sign in. An invalid User Name or Password was entered."
Why would I not be able to log in to Analytics when I can log in to EM and Console?
Thanks,
KenWe were unable to determine why this occurred. Our solution, ultimately, was to shutdown the BI and WebLogic servers and restart the machine. When the processes restarted, all was well. It has not reoccurred.
Ken
Maybe you are looking for
-
How to create a specific value in applescript
Hello guys, My question goes as follows: i want to create a value that is : 2001-12-01 --script on-- set days1 to 01 set months to 12 set years1 to 2001 set specialvalue to years1 & "-" & months1 & "-" & days1 --specialvalue should be 2001-12-01
-
My apple ID wont accept any cards as payment, so cant buy or update any apps, any help?
My apple ID wont accept any cards as payment, so cant buy or update any apps, any help?
-
White square when using Falsh 7.0.14.0
I use an old program about d-day and the last months of the second world war. There are maps, newspaper reports, photos and also videos on. On the DVD disc is Flash player version 7 included. On my PC is, of course, the latest version of Flash Player
-
Hello guys, I try to install Arch linux on my new laptop but pacstrap fails and returns the following error: Netcfg and netctl are in conflict. How the hell on earth I remove netcfg ? Is there a way to switch off community repo or to skip that packag
-
Does Anyone Make A Leather iPad mini Smart Cover (Not a Case)
I'm looking for a leather smart cover for the iPad mini (not a case that also covers the back). Does anyone make one?