Workgroup Manager

Similar Messages

• Can not locate Workgroup Manager; possibly not installed?

  Here's the story:
  I'm trying to get my new camera software installed and one of the steps is to launch Image capture.
  Image capture gives me an error saying: "No Image Capture Device connected."
  Apple says to fix this I need to open Workgroup Manager (in /Applications/Server/) and change some preferences.
  But, I can not find Workgroup Manager for the life of me. I used spotlight with no luck. I also don't have a folder in Applications titled Server. This worries me and makes me wonder if the program could have been deleted or not installed at all?
  Any suggestions on how to find WgM would be welcome.

  Whoa... somebody got confused someplace... I wouldn't guess you are running OSX Server on a MacBook, but the oSX CXlient instead, so no idea how Apple came up wih that solution.
  You likely should not have a Server folder there, nor the APP they speak of.
  What kind of Camera exactly, and how does it connect?

• Disabling Keyboard Shortcuts for LDAP Accounts -Workgroup Manager...

  I work in a school and all our students are on LDAP accounts. Recently some of the kids realized that hitting Ctrl-Opt-CMD-8 inverts the screen display. You wouldn't believe the amount of havoc this has created at school, especially when they do it to a kid’s account that doesn't know how to fix it.
  Keyboard and Mouse are NOT one of the items under preferences for either groups or accounts in Workgroup Manager. Does anyone know if there is a way around this, or an alternate way of getting rid of the keyboard shortcuts for Universal Access, for either groups or accounts?
  Thanks
    Mac OS X (10.4.6)  

  Within the Workgroup Manager pane for Preferences, there is an option to manage Universal access. Within that section, there is a tab for 'Options'. You will want to change that management to 'Always' and leave the box for 'Allow Universal Access Shortcuts' UNchecked. This will, in effect, disable the usage of the shortcuts for a User or a selected Group account.
  Hope this helps out!!
  www.Admin660.com

• I am using 10.6.8 and I cannot get an Imac to appear in workgroup manager, the mac is bound to both AD and OD. I have removed the bindings, rebuilt the mac and also removed it from bot system but still it does not appear in OD in work group manager.

  I have a mac which is connected to a network and is bound to both OD and AD with no issues on my server when I try to manage it through Workgroup manager it does not appear.
  I have unbound it , removed it from both systems completely and even rebuilt it but it still does not appear in WGM.

  If your server is 10.6 and your client is 10.7 you'll have to add it manually to WGM
  via mac address.  10.7 clients don"t automatically appear in 10.6 server wgm

• Cannot login with a account created with workgroup manager on local box

  Hi my name is richard and i recentgly acqquired from one of ,y friends a macbook pro with leopard 10.5.7 and I downloaded the server tools to it because workgroup manager gives me more control over user creation and the like.there are three issues that i am facing right now:
  1) I create an account for a user "VERONICA MARS" short name vmars with a password of apple. when I try to login using that account the login window just sits there and shakes its head at me like no no no wrong cridentials.
  2) using the same account vmars i try to reset her password using wgm and it says that it cannot reset the password.
  3) when i try to create the account it tells me that the home directory cannot be created.
  oh and heres a bonus one:
  most of the time in wgm it takes forever to get from one tab to the next and ill have to do a force quit to restore my mkac back to normal.
  if anyone can help with these issues please respond
  thanks in advanced
  richard johnson
  mac fan for life

  Please let us know the username of the account that is giving you trouble.

• Unable to authenticate with diradmin in Workgroup Manager

  This has happened before, and I have no idea how it got fixed - too many independent variables...
  Anyway, I cannot authenticate the OD with diradmin even while using Workgroup Manager directly on the server.
  The setup:
  SLS 10.6.8
  Split-brained DNS
       Both public and private FQDNs are the same (myserver.mydomain.com). External DNS maps machine record to my static public IP address. Using an AirPort Extreme router, port fowarding services that I want open to the server. The router provides DHCP via NAT to the local network, with a fixed private IP assigned to the server. The server is running DNS with the same zones, machine records, services and aliases that the public IP DNS has, except mapped to the fixed private IP. DNS checks out with changeip, etc.
       The server is an OD master. Yesterday I exported it, demoted it, and restored it. All services (mail, web, etc.) seem to work fine (although I admit to not using Kerberos on AFP due to another issue).
       I have a wildcard certificate that is generated by GoDaddy (*.<mydomain>.com) which seems to work fine with the hosted websites.
  This is what the password service error log says when I try to log in with diradmin in Workgroup Manager:
  Jan 10 2012 14:01:32    AUTH2: {0x4bbe71ca6b8b45670000000200000002, diradmin} DHX authentication succeeded.
  Jan 10 2012 14:01:32    KERBEROS-LOGIN-CHECK: user {0x4bbe71ca6b8b45670000000200000002, diradmin} is in good standing.
  Jan 10 2012 14:01:32    KERBEROS-LOGIN-CHECK: user {0x4bbe71ca6b8b45670000000200000002, diradmin} authentication succeeded.
  Looks good to me. But I still get the "Information Not Valid for This Server" followed by stuff about invalid login ID or password.
  I did notice in the LDAP log:
  Jan 10 14:13:12 <myserver> slapd[52283]: SASL [conn=18] Failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Key table entry not found)
  And at the last bootup in the directory service error log:
  2012-01-10 08:52:03 EST - T[0x00007FFF7027ACC0] - DNSServiceProcessResult returned -65563
  The other thing I notice when I log into the library in Workgroup Manager FROM THE SERVER, even if I use the FQDN <myserver>.<mydomain>.com that Workgroup Manager says (in the title bar of the window) <myserver>.local.
  I have googled the various errors and messages, and I get folks with all sorts of variations ("change the binding options", etc.) none of which either applied or worked.
  Help?

  Continuing on my quest... I found this Technical note from Apple about re-kerberizing:
  http://support.apple.com/kb/HT3655
  Interestingly, in step 3 where it says to remove realm information from kdc.conf, there wasn't any of my realm information. Argh!
  So I completed all of the steps and executed the slapconfig command. This resulted in:
  bash-3.2# slapconfig -kerberize -f --allow_local_realm diradmin <MYREALM>
  diradmin's Password:
  Could not resolve hostname <MYDOMAIN>
  Skipping Kerberos configuration
  Sounds like a dreaded DNS problem. It had been working correctly, but changeip -checkhostname confirmed a problem. Turns out that there were EXTERNAL DNS servers in the Network preferences in System Preferences as well as on the router. With my Split-brained DNS this caused problems (thank you again MrHoffman). So I changed them both to my DNS server INTERNAL IP address and added the external ones to the Forwarder IP Address in DNS. Now checkhostname -changeip returns a favorable result.
  So after rebooting ran the slapconfig command again and got the same result. Argh. Cleared DNS caches. Still nothing.
  So I tried nslookup.
  nslookup <mydomain>
  Server:                    10.0.8.2
  Address:          10.0.8.2#53
  ** server can't find <mydomain>: SERVFAIL
  Where 10.0.8.2 is the fixed INTERNAL IP address.
  However, nslookup on using the fixed IP address yields:
  bash-3.2# nslookup 10.0.8.2
  Server:                    10.0.8.2
  Address:          10.0.8.2#53
  2.8.0.10.in-addr.arpa          name = <mydomain>.
  Scratching head here... changeip -checkhostname works, nslookup on the IP address works, but nslookup on the host name fails.

• Open Directory - Unable to login Workgroup Manager

  I am unable to login to Workgroup Manager with my diradmin account.
  I know the password is correct.
  This is on Mac OS X Lion 10.7.2
  Everything was working fine last night, but then it stopped functioning.  I am able to see all the users, but they are greyed out.  When I try to login, I get "The login information is not valid for this server" 
  The LDAP log shows a bunch of the same errors that it did not show before.
  slapd[76]: SASL Failure: GSSAPI Error: Miscellaneous failure.
  Please advise.  Thank you.
  Samson

  Try logging in to Workgroup Manager using the local admin account not the diradmin account. If this works, then try accessing the /LDAPv3/127.0.0.1 choice using the diradmin account.

• Home Directories can't be deleted in Workgroup Manager

  I set up a Home Directory at the ROOT level of my server to test it. I was successful so I "thought" I knew what I was doing.
  I needed the Directories to be in my XRaid as that's where the "room" is and I expect to have 15-20 Home Directories.
  So I deleted the User folders at the ROOT level and unshared them in Server Admin (prob the WRONG order).
  Now the path to the deleted Directories still shows up in Workgroup Manager and the little "negative" sign is grayed out. I see no other way to delete it.
  Now I'm stuck as it appears that any time I try to create a new Home Directory, it "saves" quietly but the user folder it creates is only 44k (although it includes all the Home folders). When I attempt a Log-In I get an error:
  "You are unable to log in to the user account "jeff" at this time. Logging in to the account failed because an error occurred. The home folder for the user account is located on an AFP or SMB server....."
  I tried exporting all my Users, deleting then and importing them... same issue.
  Any other ideas??
  Thanks

  Hi
  When you install OSX Server by default it creates and shares Users, Groups and Public. This has been the case ever since 10.2 came out. Leopard Server continues this 'tradition'. If you delete any of these default folders after first unsharing them, the server will complain mightily as well as giving you problems.
  If you want require a sharepoint for your users networked home folders to reside elsewhere simply unshare those default folders and create similar folders wherever you want them (an XServe RAID for example), share these and continue doing what you need to do.
  Whenever I have had to attend a site where the local admin has deleted these folders more often than not it has required a rebuild - drastic I know. I have had some limited success by stopping all the services and unfortunately this would also mean demotion to Standalone for your OD Master and recreating the default folders (name them the same) at the root level of your server's boot drive. You can do it using the finder or terminal:
  sudo mkdir /Users
  Then restart the server. If on successful login the icon on the Users folder comes back then you should be OK.
  Hope this helps, Tony

• Problem with home directories NOT in Users and Workgroup manager

  I am setting up a Leopard server (10.5.3) with the users directories in /h1. This is mounted as /Volumes/h1.
  It is exported under AFP as /h1.
  When I try to get Workgroup manager to create a home directory, I can enter the home directory as:
  afp://quattro.innocon.com/h1
  path is 'user'
  Full path is:
  /Network/Servers/quattro.innocon.com/Volumes/h1
  However, when I try to log in as this this user, it says that the directory /Network/Servers/quattro.innocon.com/h1/username does not exist.
  I cannot seem to figure out why the 'Volumes' part of the full path is being lost.
  Any ideas on how to get this right?

  have you checked to see if /Network/Servers/quattro.innocon.com exists?
  I'm having ALOT of issues with automount not picking up on the mount-maps set by Open Directory.. If anyone has any solutions on this it would be great.

• Can't log in as a user created in Workgroup Manager

  I am a little confused about users created in Workgroup Manager.
  I have created an account with all the proper permissions to log in etc. Their home directory is listed as afp://home/Users (home is the name of the server). The directory for the user I am trying to log in as doesn't exist yet.
  When I try to log into the server "home" with this newly created user, I get the vibrating window that indicates the log in failed.
  I am used to windows and AD where I would create a user in AD and then use something like \\domain\user to log in to the machine as that user. If i wanted to create a local user on that machine, I could do that too and then log in as \\machine\user to get the local user.
  Are Workgroup Manager created users like AD users? Can I use them to log into any machine on the network hooked up to the SL server machine? In this case I want to log into the SL Server machine with this user.
  Thanks for any insight
  Greg

  There is only one root user, so saying "a root user" doesn't make sense. What you mean is an admin user, and it looks like your account has somehow manage to lose its admin privileges.
  Follow the instructions in I lost my admin user and you should get them back.
  Note that in this User Tip, 'youruser' is a placeholder. You are supposed to substitute the short name of your account wherever it appears.

• Authenticating Workgroup Manager to Active Directory.

  Dear all,
  I've searched the forums and Internet and tried various things that could help my situation but I'm still having issues.
  I am running 10.4.11 server 10.4.11 client machines. All machines and server are connected to Active Directory via the built in AD plugin.
  Logging on to a client machine with an AD login works fine, no issues.
  System image deployment over the network from the Xserve work fine.
  The I have is implementing managed preferences from Workgroup Manager. When I open it, it will show me all of the users and groups. It says:
  *Viewing directory: /Active Directory/All domains. Not authenticated*
  When I click the padlock to authenticate, and enter my domain admin username and password, it says:
  *The login information is not valid for this server.*
  My login works as it allows me  to add machines to the domain.
  More info available as needed. If anyone can assist, thanks in advance.
  Regards,
  M.

  Hi
  Viewing directory: /Active Directory/All domains. Not authenticated
  When you bound the server to the Active Directory Realm what user name and password did you use? It will be this name and password that you will need to authenticate to the Active Directory node. This name and password should be the one that already exists on the AD that has authority for that server. Its also the name and password that should be used when binding mac clients to the AD node using the Active Directory plugin in Directory Access.
  This name and password can be the same as the one created for promoting your server to OD Master (diradmin). Its a good idea to create this account on the AD first (make it authoratative for the AD) before promotion and client binding.
  If you want to augment the AD with OSX Server managed preferences (MCX) then create a group within the /LDAPv3/127.0.0.1 node (assuming you have promoted the server to OD Master and disabled sso). Have two windows open in WGM (better done from a client). One window will show you the AD node and the other the OD node. Drag users or groups from the AD node into the newly created group in the OD node.
  Apologies if you already know this, Tony

• Error -14135 Creating New User In Workgroup Manager

  Hello,
  I'm running 10.5.8 on a Mac Server, and until today have had no issues adding new users with a preset I've created in Workgroup Manager. Today, I've received the message:
  Got unexpected error
  Error of type eDSRecordAlreadyExists (-14135) on line 1268 of SourceCache/WorkgroupManager/WorkgroupManager-361.2.1/PMMUGMainView.mm
  This error appears before I'm even able to enter any information.
  I would appreciate any suggestions! Right now I'm running Disk Utility and repairing permissions. I haven't found any other ideas online.
  Thank you!

  Following is the text from Note for Custom Password Validation logic:
  Customers who wish to use their own password validation logic may do
    so by writing their own Java classes that implement the
    oracle.apps.fnd.security.PasswordValidation Java interface.  The
    interface requires 3 methods to be implemented:
    1) public boolean validate(String user, String password)
      - This method takes a username and password, and then returns true
    or false, indicating whether the user's password is valid or invalid,
    respectively.
    2) public String getErrorStackMessageName()
      - This method returns the name of the message to display when the
    user's password is deemed invalid (i.e., the validate() method returns
    false).
    3) public String getErrorStackApplicationName()
      - This method returns the application shortname for the
    aforementioned error message.
    After writing the Java class to perform customized password
    validation, the customer must then set the value of the profile option
    SIGNON_PASSWORD_CUSTOM to be the full name of the class.  If, for
    example, the name of the Java class is
    oracle.apps.fnd.security.AppsPasswordValidation, then the value of the
    SIGNON_PASSWORD_CUSTOM profile option must be
    oracle.apps.fnd.security.AppsPasswordValidation.  Note that AOL/J
    will attempt to load this class dynamically.  Hence it is necessary to
    make the class accessible by AOL/J.  This means that in Forms, the
    class must first be loaded into the database using the loadjava
    command.
  You will need to apply the following patches for 11.5.1:
     1344802
     1363919
     1472974
     1351004
     1377615
  You will need to apply the following patches for 11.5.2:
     1377615

• Can no longer change or Edit in Workgroup Manager

  I just moved and I was migrating my files to another computer and domain. No I can no longer authenticate to my workgroup manager to change anything.
  Here is what I did.
  Moved across the country
  Carbon Copied my 10.4 Server from my G5 tower to a G5 XSERVE
  Upgraded to 10.5.
  When I thought everything was OK changed my Cable modem IP to me.
  Now I cannot change or add anyone in Workgroup Manager.
  Help

  Exactly the same thing happened to me with two sites I managed after having upgraded the server to 10.5. One site I know the root password and can authenticate to Workgroup Manager using that, all other admin accounts don't work. The other nearly all accounts were broken so I had to use passwd and get the users to change their password before they could log into client machines. I can't get administrative access to Workgroup Manager.
  The interesting thing in both these cases is that the password server logs show the authentication as having succeeded, however Workgroup Manager says the authentication has failed.
  Jan 23 2008 10:22:35 AUTH2: {0x00000000000000000000000000000001, diradmin} DHX authentication succeeded.
  Here's hoping that 10.5.2 fixes these problems.

• Can't add a new user or group in Workgroup Manager

  Here's the error:
  Error of type eDSRecordNotFound (-14136) on line 1268 of /SourceCache/WorkgroupManager/WorkgroupManager-361.2.1/PMMUGMainView.mm

  I suspect there is an issue going on with Open Directory. I also have a nagging issue with Address Book Server. All my users except one can use it without issue. That one user keeps having an authentication problem when trying to connect to their server-based address book (although they have no issue with log in). Rebooting the OD Server flushes the issue away just like the user account issue. After a week or so, the problems re-appear. I've gone through the logs but they're pretty cryptic. In relation to the Address Book Issue when it last appeared a few days ago, at that time, I also was trying to delete a user account I no longer needed through Workgroup Manager. It predictably failed. After rebooting the OD server, both problems magically disappeared. Suddenly the problematic Address Book Server account was working AND I could delete the user account. ... all very odd.

• How do I get system users/groups to appear in the Workgroup Manager list?

  When I open the Workgroup Manager and select the Users tab, it only shows users set up in the Workgroup Manager -- same when I browse Groups. But, I also have a couple system users/groups set up not in the workgroup manager, but through the OS's System Preference interface for Users.
  Is there a way to automatically have System users appear in the Workgroup list?
  I also can't add users to System groups, since the groups also won't appear in the Workgroup Manager (like adding a user to the group Admin or Staff -- default system groups).
  I'd just like the option to "show System users and groups" somewhere.
  Thanks.
  Patrick

  Hi
  If I understand your post correctly then launch WorkGroup Manager and select Preferences from the WorkGroup Manager Menu. Enable the Show "All Records" tab and inspector option and click OK. In the Users/Groups/Computer tab you should now see the addition of another icon - it looks like a bullseye. Select this and under the filter field selecting 'AccessControls' will show you a long list. Scroll down and select Users. Now go back to the Users tab and you should see all users visible and invisible. You’ll see the same thing for Groups.
  You will see different Users and Groups depending which directory node you are in. In the LDAP node you should only see Directory and System Administrator as well as VPN MPPE Key Access User in addition to any user you have created within that node. In the local Net Info node you should see users such as Amavisd User, Clamav User, Cyrus IMAP User etc. You’ll also see UIDs and GUIDs amongst a wealth of other information if you select a user or group and select the Inspector tab.
  You can modify record attribute and values as well as adding your own. You can even use WGM in the same way you would use Net Info Manager locally if you wish.
  Tony

• Odd Workgroup Manager behavior

  I did a search but didn't have any luck finding info... I work in an academic environment and run a couple of Mac servers. On one, we have multiple port/IPs set up... The IPs are in ascending order. (Note that the school's central computing group maintains all DNS configs and assigns IPs; I am not running my own DNS setup.)
  server.school.edu
  www.server.school.edu
  service1.server.school.edu
  service2.server.school.edu
  When I bring up workgroup manager, I log in as diradmin at server.school.edu, but Workgroup Manager instantly changes the directory display to service1.server.school.edu. And it forces me to create all home directories at afp://service1.server.school.edu.
  Any idea why? Is there a file somewhere I can edit to fix this?
  Thanks in advance to anybody with wisdom to share here.

  You could try to add server.school.edu to your /etc/hosts file. Another alternative is to change the order of the A-records in the DNS so that server.school.edu is listed before the others. If these options don't work, you can always change the url for the home directory manually in WGM.