Go Back   MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Reply
 
Thread Tools Search this Thread Display Modes
Old Aug 14, 2008, 10:57 AM   #1
Umbre
macrumors newbie
 
Join Date: Jul 2008
Client can't log to Open Directory master

Hi,

I'm setting up a new network and followed the doc to do so as i'm not a specialist.

What I have and which (apparently) works is :

Server1
an internal DNS service - verified with changeip
a DHCP service

Server2
Open Directory master - with kerberos running, authentified binding not activated
afp - share point partaged with automount and group authorisation given

Server3
afp - share point partaged with automount and group authorisation given

In WGM I created two test users,
"U1" member of "grouptest" with home folders located on server2
"U2" member of "grouptest2" with home folders located on server3

I manually created the groups folders. First thing to note, the users home folder did not get created after I clicked the "create start" button in WGM. I suspected it is because I miswrote the path for the home folder in WGM, although I tried to copy the exemple given. E.g. I wrote : afp://FQDN/Hard disk name/folder name.

Client configuration
Regarding client config, I entered server2 FQDN in directory utilitary, it states the server responds normally. I was not able to bind, however, and I ignore if its necessary.

The problem
When I try to log using the client's login window, neither test user (u1,u2) succeed. I get an error message I cannot enter for the moment because an error occured.
On server2, the kerberos app shows it does not give any tickets.

I'd be grateful for any thoughts as I am not seeing which direction to follow.
Umbre is offline   0 Reply With Quote
Old Aug 15, 2008, 10:23 AM   #2
crackpip
macrumors regular
 
Join Date: Jul 2002
I am not an expert at this, but I've been testing it out on a small network at home, including OpenDirectory authentication across multiple machines with networked home directories and portable home directories.

The first thing is that when setting up the automount, you need to make sure it is enabled for guest access.

If you use a different drive or partition for home directories under Leopard, the share point URL will be afp://FQDN/Users, but the full path will be in the /Network/Servers directory under the path: '/Network/Servers/FQDN/Volumes/Drive-Name/path-to-users'.

When creating users, of course, make sure they are being added to the LDAP directory, not the local database.

Using Directory.app, you need to at least have the clients set-up to look at the server for authentication. If I remember correctly, you should be able to log on and see your home directory from the client at this point. For Kerberos to work, I think you have to bind the clients to the server. Then create a computer group with the clients and server in it. Finally, you need to add user records to the Kerberos database in OpenDirectory using Server Admin.

I just moved and haven't had time to reset all of the clients, so the last part is a bit fuzzy. I did have most of this working, however.

crackpip
crackpip is offline   0 Reply With Quote
Old Aug 16, 2008, 06:17 AM   #3
Umbre
Thread Starter
macrumors newbie
 
Join Date: Jul 2008
At first, thank you for your useful input.
Quote:
Originally Posted by crackpip View Post
The first thing is that when setting up the automount, you need to make sure it is enabled for guest access.

If you use a different drive or partition for home directories under Leopard, the share point URL will be afp://FQDN/Users, but the full path will be in the /Network/Servers directory under the path: '/Network/Servers/FQDN/Volumes/Drive-Name/path-to-users'.crackpip
Yes I found this out yesterday by trying random attempts.

Quote:
Originally Posted by crackpip View Post
When creating users, of course, make sure they are being added to the LDAP directory, not the local database.

Using Directory.app, you need to at least have the clients set-up to look at the server for authentication. If I remember correctly, you should be able to log on and see your home directory from the client at this point. For Kerberos to work, I think you have to bind the clients to the server.crackpip
Up to that point it's ok.

Quote:
Originally Posted by crackpip View Post
Then create a computer group with the clients and server in it. Finally, you need to add user records to the Kerberos database in OpenDirectory using Server Admin.crackpip
Would care to precise what to use for those two points ? For the second one you mentionned server admin but I dont see where we can add user records. Are you refering to the share points authorisations ?

I am now able to log perfectly with users whose home directory is located on the OD master, but when logging with a user whose home directory is located on another afp server, it enters but says the home directory is unreachable or has been moved. I did enter the paths the same way than I did for the main server. I'll double-check everything.
Umbre is offline   0 Reply With Quote
Old Aug 16, 2008, 06:38 AM   #4
Umbre
Thread Starter
macrumors newbie
 
Join Date: Jul 2008
OK every test user works now. I simply dishared sharepoints and reshared them.

To sum up the problem was solved by writing correctly the paths for home directories and by adding other afp servers to the kerberos realm.

Amazing how we get better answers here than on the apple forums

Thank you and greetings !
Umbre is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
/etc/master.passwd: No such file or directory... headrogue Mac Basics and Help 5 Feb 8, 2014 03:07 PM
Do I want open directory dimme Mac OS X Server, Xserve, and Networking 3 Jul 14, 2013 08:33 PM
Unable to log in to user account after Directory save change haydeschuch OS X 10.8 Mountain Lion 0 Jul 9, 2013 02:09 AM
Deleting Open Directory Master ewoh24 Mac OS X Server, Xserve, and Networking 2 Jul 1, 2013 07:46 AM

Forum Jump

All times are GMT -5. The time now is 06:19 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC