Workgroup Manager Won't Authenticate Anymore

Similar Messages

• Workgroup Manager won't create home directories; no error message

  This is quite frustrating. For the past 3 years or so I have used the same procedure to add new users to my LDAP directory:
  1) In Workgroup Manager, click the New User button
  2) Assign name and password under the basic tab
  3) Assign group memberships under the Groups tab
  4) Under the Home tab, select the right place (nfs://my.server.org/Volumes/Users), click Create Home Now
  5) Click Save
  Suddenly, when I try to do this yesterday, workgroup manager won't create home directories anymore. I could probably do it manually, but I'm not sure how to get all the right skeleton setup in there. But my main question is, why doesn't this work anymore? Why can't I at least get an error message instead of being silently ignored?
  I share admin duties with other people, so it's possible someone installed an update recently; all I can really say is that I'm running Leopard Server 10.5.8 right now, and can find out whatever else is relevant.
  Any ideas?
  Thanks!
  ~Ben

  Thanks for the pointer to createhomedir - that did indeed do the trick. (How on earth do people find these little nuggets).
  I hesitate to mark this as solved however - it's a functioning workaround, but does nothing to explain why on earth the GUI suddenly stopped functioning.
  But in the (likely) event that that question never gets answered, thanks again for letting me get on with working!

• OSX server workgroup manager Won't allow me to add a group because it thinks there is already one

  OSX server workgroup manager Won't allow me to add a group because it thinks there is already one. Anyone can help with solution.

  Worked it out all I had to do was put workgroup manager into local and delete group/s

• Workgroup Manager won't show available volumes/folders to setup share point

  Server 10.4.11: open Workgroup Manager and select the Sharing panel.
  Clicking the "Share Points" tab displays my current share points as expected.
  But clicking the "All" tab shows a +completely blank window+: no volumes or folders at all!
  (The button at the bottom to mount or unmount a remote NFS volume appears, but I've never used it and I don't know what good it might be.)
  Accessing the server with the 10.5 version of Workgroup Manger from a Leopard client gives the same behavior.

  Never mind. Rebooted the machine and it's back to normal. Go figure.

• Server admin not seeing directory users from workgroup manager

  I am setting up a new Xserve with Snow Leopard (get 'em while we can). We have eight other XServes running Leopard or Snow Leopard server. On those machines we have set up file sharing over AFP. The machines are connected to our Active Directory server and our users authenticate using their domain passwords. All of our other servers were setup in Leopard and were upgraded to Snow Leopard. We have not had any issues authenticating to those boxes.
  This is the first one that we have actually setup new-out-of-the-box in Snow Leopard. I can set Workgroup Manager up to connect to our AD, and can see and search my domain users and groups in Workgroup Manager. When I try to set up my File Shares in Server Admin, none of my domain users show up-only local accounts.
  What have I missed? In Leopard, when I connected to the domain, the users immediately became available in Server Admin. Not so in SL, at least on this box.
  Help?

  Hi
  The first thing to check is if you've bound the Server to the AD Domain. The second thing is if the /Active Directory/All Domains is in the Search Policy. If you don't do either of these WorkGroup Manager won't display anything coming from the AD Schema.
  In 10.6 Apple moved the Directory Utility from where it used to be in /Applications/Utilities and made it part of the Accounts Preferences Pane. Perhaps it's this change that's confusing you? I would not advise doing this but it's also possible you used the Server Setup Assistant to do most of the configuration? If you did maybe something went wrong at that stage (won't be the first time) and you need to manually bind the Server instead?
  As ever make sure this server is using the same NTP Server as the others.
  Tony

• Workgroup Manager "Unreachable host" at login

  Hi, I have a problem where Workgroup Manager won't let you authenticate to your server. Happens both locally on the server and remote.
  Using View Directories in Server-menu "Com+D" gets you in, and here you are able to "unlock" your directories, i.e. authenticate in both local and LDAP domain.
  A restart usually fixes this, sometimes it takes two or three. Has anyone else seen this, or have a solution to the problem.
  Regards
  Patrik Jerneheim

  There are a number of things that could be going on, so I will start with easy ones.
  -- Are you authenticated to the directory server? You can authenticate to the local machine and that has tripped me up before.
  -- If you have replicas in place for OD, you may want to make sure that everyone is seeing the correct server and that the directory information is syncing properly to the other servers.
  -- Are you having issues binding computers to the OD at all?
  -- lf you use the Web Service, can you authenticate with the users that you have?
  -- Do you use any port mapping and is 548 open for AFP sharing on your network?
  -- Are you sharing to the correct folders on your storage or has the storage been moved or modified?
  These are the steps that I have taken that have helped. My apologies if you have already gone there.
  Good Luck.

• Can I use Workgroup Manager with a 10.4 server and a 10.6 admin station?

  I just upgraded my admin station from 10.5.x to 10.6.8.  Now my Workgroup Manager won't work.  I'm assuming it's because of the new operating system.  I keep getting an error message about ememory allocation.  My server is still running 10.4.11.  What can I do besides getting a new server to make this situation work?  I really need to control what programs that my students can access and I'm very frustrated right now.  Thanks for any help you can give me.

  Hello, I think it always been version specific, & is no longer even included...
  http://support.apple.com/kb/HT5308
  But as mentioned there, some older versions are available, but I think you'll have to figure a way to run your version on the older OS.

• Workgroup Manager shortcoming

  I don't understand why workgroup manager won't let you disable dashboard as an approved application. I saw both solutions for disabling it. The first one is a terminal command, which 1. Has to be done locally (I work at a school district, and logging onto 50+ machines at a time to do a terminal command is an unacceptable practice) and 2. Something like this needs to be integrated in a GUI in the first place, apple should have thought of this. The second solution only disables widgets, not the appearing of the dashboard itself.
  Meh....that's all I have to say to you....meh....

  Apple is listening...
  However, this is a case where ARD (Apple Remote Desktop) is often used...its (one of many reasons) why Apple sells it. It's pretty nice to be able to send a command to hundreds (if not thousands) of macs simultaneously.
  -jeremy

• Unable to authenticate with diradmin in Workgroup Manager

  This has happened before, and I have no idea how it got fixed - too many independent variables...
  Anyway, I cannot authenticate the OD with diradmin even while using Workgroup Manager directly on the server.
  The setup:
  SLS 10.6.8
  Split-brained DNS
       Both public and private FQDNs are the same (myserver.mydomain.com). External DNS maps machine record to my static public IP address. Using an AirPort Extreme router, port fowarding services that I want open to the server. The router provides DHCP via NAT to the local network, with a fixed private IP assigned to the server. The server is running DNS with the same zones, machine records, services and aliases that the public IP DNS has, except mapped to the fixed private IP. DNS checks out with changeip, etc.
       The server is an OD master. Yesterday I exported it, demoted it, and restored it. All services (mail, web, etc.) seem to work fine (although I admit to not using Kerberos on AFP due to another issue).
       I have a wildcard certificate that is generated by GoDaddy (*.<mydomain>.com) which seems to work fine with the hosted websites.
  This is what the password service error log says when I try to log in with diradmin in Workgroup Manager:
  Jan 10 2012 14:01:32    AUTH2: {0x4bbe71ca6b8b45670000000200000002, diradmin} DHX authentication succeeded.
  Jan 10 2012 14:01:32    KERBEROS-LOGIN-CHECK: user {0x4bbe71ca6b8b45670000000200000002, diradmin} is in good standing.
  Jan 10 2012 14:01:32    KERBEROS-LOGIN-CHECK: user {0x4bbe71ca6b8b45670000000200000002, diradmin} authentication succeeded.
  Looks good to me. But I still get the "Information Not Valid for This Server" followed by stuff about invalid login ID or password.
  I did notice in the LDAP log:
  Jan 10 14:13:12 <myserver> slapd[52283]: SASL [conn=18] Failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Key table entry not found)
  And at the last bootup in the directory service error log:
  2012-01-10 08:52:03 EST - T[0x00007FFF7027ACC0] - DNSServiceProcessResult returned -65563
  The other thing I notice when I log into the library in Workgroup Manager FROM THE SERVER, even if I use the FQDN <myserver>.<mydomain>.com that Workgroup Manager says (in the title bar of the window) <myserver>.local.
  I have googled the various errors and messages, and I get folks with all sorts of variations ("change the binding options", etc.) none of which either applied or worked.
  Help?

  Continuing on my quest... I found this Technical note from Apple about re-kerberizing:
  http://support.apple.com/kb/HT3655
  Interestingly, in step 3 where it says to remove realm information from kdc.conf, there wasn't any of my realm information. Argh!
  So I completed all of the steps and executed the slapconfig command. This resulted in:
  bash-3.2# slapconfig -kerberize -f --allow_local_realm diradmin <MYREALM>
  diradmin's Password:
  Could not resolve hostname <MYDOMAIN>
  Skipping Kerberos configuration
  Sounds like a dreaded DNS problem. It had been working correctly, but changeip -checkhostname confirmed a problem. Turns out that there were EXTERNAL DNS servers in the Network preferences in System Preferences as well as on the router. With my Split-brained DNS this caused problems (thank you again MrHoffman). So I changed them both to my DNS server INTERNAL IP address and added the external ones to the Forwarder IP Address in DNS. Now checkhostname -changeip returns a favorable result.
  So after rebooting ran the slapconfig command again and got the same result. Argh. Cleared DNS caches. Still nothing.
  So I tried nslookup.
  nslookup <mydomain>
  Server:                    10.0.8.2
  Address:          10.0.8.2#53
  ** server can't find <mydomain>: SERVFAIL
  Where 10.0.8.2 is the fixed INTERNAL IP address.
  However, nslookup on using the fixed IP address yields:
  bash-3.2# nslookup 10.0.8.2
  Server:                    10.0.8.2
  Address:          10.0.8.2#53
  2.8.0.10.in-addr.arpa          name = <mydomain>.
  Scratching head here... changeip -checkhostname works, nslookup on the IP address works, but nslookup on the host name fails.

• Firefox won't start, profile manager won't start, but firefox.exe shows in processes list (task manager)

  Firefox will not start, even though it is listed in my processes in task manager. Can't get profile manager to start either.
  I have tried the following to no avail:
  - try to start FF in Safe Mode, doesn't load
  - started Windows Vista in Safe Mode, FF still does not load
  - turned off Kaspersky AV, FF still does not load
  - uninstalled FF, cleaned out user/####/AppData/Mozilla/Firefox folder, as well as ProgramFiles/Mozilla/Firefox folder, and cleaned our Registry manually from all references to Firefox. Downloaded FF 3.6.3, installed. still does not load
  - whatever i seem to do, does not fix the problem. When I try to start Firefox, no window appears. I can see the process starting in my task manager. I can "end process" and try to start the program again by double-clicking program icon. Process starts in task manager, but no app window appears.
  I am frustrated and have just wasted 2+hours of my night trying to get this to work. Downloaded Google Chrome, unless there is a fix for FF (which I would prefer to use), i will have to switch to Chrome.
  I can't pinpoint when this trouble started, but may have been after a recent Windows Update. I already did a System Restore to a restore point about 5 days ago (the oldest one available to me, and I believe that was before the FF trouble started). This has not helped either.
  I have run a full virus scan with Kaspersky and a Full scan with Windows Defender. Nothing came up.
  Anyone else been able to find a solution to this?
  == This happened ==
  Every time Firefox opened
  == Less than a week ago ==
  == User Agent ==
  Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.86 Safari/533.4

  I found a way to make it work somehow but not really fixing the error... one day when I got really pissed off because FF just won't open, I clicked the icon and killed the enter button, then multiple FF windows appeared. I tried to open it with just a single hit of the enter or double clicking but it won't work anymore, but repeatedly clicking the enter button (mine works with just 3 hits, sometimes 6) seem to open it. And until now, I have no technical explanation for this.

• Authenticating Workgroup Manager to Active Directory.

  Dear all,
  I've searched the forums and Internet and tried various things that could help my situation but I'm still having issues.
  I am running 10.4.11 server 10.4.11 client machines. All machines and server are connected to Active Directory via the built in AD plugin.
  Logging on to a client machine with an AD login works fine, no issues.
  System image deployment over the network from the Xserve work fine.
  The I have is implementing managed preferences from Workgroup Manager. When I open it, it will show me all of the users and groups. It says:
  *Viewing directory: /Active Directory/All domains. Not authenticated*
  When I click the padlock to authenticate, and enter my domain admin username and password, it says:
  *The login information is not valid for this server.*
  My login works as it allows me  to add machines to the domain.
  More info available as needed. If anyone can assist, thanks in advance.
  Regards,
  M.

  Hi
  Viewing directory: /Active Directory/All domains. Not authenticated
  When you bound the server to the Active Directory Realm what user name and password did you use? It will be this name and password that you will need to authenticate to the Active Directory node. This name and password should be the one that already exists on the AD that has authority for that server. Its also the name and password that should be used when binding mac clients to the AD node using the Active Directory plugin in Directory Access.
  This name and password can be the same as the one created for promoting your server to OD Master (diradmin). Its a good idea to create this account on the AD first (make it authoratative for the AD) before promotion and client binding.
  If you want to augment the AD with OSX Server managed preferences (MCX) then create a group within the /LDAPv3/127.0.0.1 node (assuming you have promoted the server to OD Master and disabled sso). Have two windows open in WGM (better done from a client). One window will show you the AD node and the other the OD node. Drag users or groups from the AD node into the newly created group in the OD node.
  Apologies if you already know this, Tony

• Can no longer change or Edit in Workgroup Manager

  I just moved and I was migrating my files to another computer and domain. No I can no longer authenticate to my workgroup manager to change anything.
  Here is what I did.
  Moved across the country
  Carbon Copied my 10.4 Server from my G5 tower to a G5 XSERVE
  Upgraded to 10.5.
  When I thought everything was OK changed my Cable modem IP to me.
  Now I cannot change or add anyone in Workgroup Manager.
  Help

  Exactly the same thing happened to me with two sites I managed after having upgraded the server to 10.5. One site I know the root password and can authenticate to Workgroup Manager using that, all other admin accounts don't work. The other nearly all accounts were broken so I had to use passwd and get the users to change their password before they could log into client machines. I can't get administrative access to Workgroup Manager.
  The interesting thing in both these cases is that the password server logs show the authentication as having succeeded, however Workgroup Manager says the authentication has failed.
  Jan 23 2008 10:22:35 AUTH2: {0x00000000000000000000000000000001, diradmin} DHX authentication succeeded.
  Here's hoping that 10.5.2 fixes these problems.

• How do I get system users/groups to appear in the Workgroup Manager list?

  When I open the Workgroup Manager and select the Users tab, it only shows users set up in the Workgroup Manager -- same when I browse Groups. But, I also have a couple system users/groups set up not in the workgroup manager, but through the OS's System Preference interface for Users.
  Is there a way to automatically have System users appear in the Workgroup list?
  I also can't add users to System groups, since the groups also won't appear in the Workgroup Manager (like adding a user to the group Admin or Staff -- default system groups).
  I'd just like the option to "show System users and groups" somewhere.
  Thanks.
  Patrick

  Hi
  If I understand your post correctly then launch WorkGroup Manager and select Preferences from the WorkGroup Manager Menu. Enable the Show "All Records" tab and inspector option and click OK. In the Users/Groups/Computer tab you should now see the addition of another icon - it looks like a bullseye. Select this and under the filter field selecting 'AccessControls' will show you a long list. Scroll down and select Users. Now go back to the Users tab and you should see all users visible and invisible. You’ll see the same thing for Groups.
  You will see different Users and Groups depending which directory node you are in. In the LDAP node you should only see Directory and System Administrator as well as VPN MPPE Key Access User in addition to any user you have created within that node. In the local Net Info node you should see users such as Amavisd User, Clamav User, Cyrus IMAP User etc. You’ll also see UIDs and GUIDs amongst a wealth of other information if you select a user or group and select the Inspector tab.
  You can modify record attribute and values as well as adding your own. You can even use WGM in the same way you would use Net Info Manager locally if you wish.
  Tony

• HT1338 XSERVE 10.6.8 is running very slow, and Workgroup Manager is not responding

  XSERVE 10.6.8 is running very slow, and Workgroup Manager is not responding. There is no more updates to download.

  munish khanna wrote:
  1. upgrade to lion, which should over write previous software and the reasons for it being slow.
  No, you don't want to upgrade over a buggy system, Lion has issues of it's own that will only complicate matters, plus Lion is slower than Snow Leopard.
  Learn all the pitfalls before you upgrade to Lion, like all your Rosetta/older programs will no longer work and more.
  Leave Lion for a new hardware purchase is my advice, it's still got plenty of security and other issues.
  For your performance, your likely better off replacing the hard drive with a 7,200 RPM model and maxing the RAM, download the free MacTracker to find out your specs, and OtherWorld Computing is good for videos, tools and parts.
  http://eshop.macsales.com/installvideos/
  2. Format the hard disc and reinstall snow leopard.
  That will work, provided your data is off the machine first.
  Now how do i reinstall snow leopard as it was an online purchased upgrade from leopard.
  The 10.6 Snow Leopard disk that you upgraded 10.5 Leopard from actually has the full OS X 10.6 on it.
  All you have to do is stick the disk in and hold the c key down while booting, use Disk Utility to erase the entire drive, quit and install 10.6.
  Of course your not going to get the free iLife that came with the 10.5 grey disks, see if you can first install 10.5 with the same methods, then setup with the same user name as before, then upgrade to 10.6
  I think Apple nulled booting off the 10.5 disks, but it won't hurt to try.
  Another method would be to install 10.6 fresh by itself, then use the program called Pacifist to extract iLife from the 10.5 disks.
  http://www.charlessoft.com/
  Read here for plenty of how to's
  https://discussions.apple.com/message/16276201#16276201

• 10.6.8 Server - workgroup manager not authenticated

  I have 10.6.8 Server that has suddenly stopped accepting the dradmin password when using Workgroup Manager.  Workgroup Manager connects, but in not authenticated mode.  When I click the lock icon and am prompted for the ID & Password it is rejected.  I know with 100% certainty I am using the correct administrator ID and password.  I am running Workgroup Manager directly on the server computer.  I'm able to log on to the computer as the local administrator. Server Admin works fine with no authentication issues.
  I have not applied the 10.6.8 Supplemental update, but wonder if that might be helpful.
  It is very concerning to be locked out of my own server. Any suggestions why this is happening and how to reslove it? 
  Thank you,
  -Joe

  The logs revealed that dradmin was actually authenticating successfully, but for some reason Workgroup Manager was still in unauthenticated mode.  I installed 10.6.8 Supplemental update and found no improvement.
  All users have portable home directories and everything with Open Directory was functioning properly.  DNS and Kerberos were confirmed to be working properly.  Several restarts and shutdown/startups were performed and I never was able to get Workgroup Manager to authenticate.  So after a few hours troubleshooting last weekend I decided to restore the server to a disk image that was created 20 days earlier.  I elected to do this this because I needed to get it resolved on the weekend to minimize the chance of downtime during business hours.  The only thing on the boot drive is the server OS an everything else is stored on an external RAID so it was fairly simple for me to restore then get everything current again.
  I kept an image of the server with the problem so I can restore it to a standby server to experiment with any possible fixes that I may come across in the future.  As of now I don't know why it happened nor how to fix it without restoring.