Lion Server Open Directory Logon Problems

Discussion in 'Mac OS X Server, Xserve, and Networking' started by stuart.mccollum, Jan 16, 2012.

  1. stuart.mccollum macrumors member

    Aug 13, 2008
    Hi Guys,
    I recently got myself a Mac Mini and installed Lion Server to have a play about. I seem to be having an issue with logging onto the server using an Open Directory account. Each time I try and logon it says I can't because an error has occurred. ***PLEASE NOTE*** This is a VM version of Lion running on Parallels and connected via ethernet.

    I also cannot Bind my iMac to the server. i am using the same username and password that I use to administer the server but nothing works. I have also tried the diradmin account and it doesn't works either.

    My Setup
    Mac Mini Server - 2.3 i5 and 8GB RAM connected via Gig ethernet
    27"iMac - 2.8 i5 with 8GB of RAM running Lion and a VM of Lion

    Hope this makes sense guys.

    Thanks in advance
  2. mdzwarts, Jan 16, 2012
    Last edited: Jan 16, 2012

    mdzwarts macrumors newbie

    Jun 8, 2010
    You need to select and create the user "home" folder for the users you defined, using workgroup manager.
    Also, make sure that you choose the "bridge" mode on the parallels VM settings, so the 2 systems can easier find each other in the same IP range
  3. stuart.mccollum thread starter macrumors member

    Aug 13, 2008
    I have set a home directory to the Users folder on the server via afp. It it still doesn't work. I tried multiple locations including a new one that I created, I have also ensured read and write access within the server admin application for the folder.

    Would it be the type of connection i.e. afp or smb?
  4. mdzwarts macrumors newbie

    Jun 8, 2010
    It is best to try it step by step. Ideally, you try to logon to the server directly with the user you created, using screen sharing. If that works, then configure the iMac and other machines to log in. For starters, try to use a local profile folder instead of afp. This circumvents any issues you may have with dns or network. Leave share point url and path to home folder blank, and enter /Users/<username> in full path.
    Loggin in remotely on the iMac should initiate a local folder to be made in /Users on the local machine. Be careful on identical local and domain users, this might be the reason that you can't login. The directory owner might just not be correct. This is why you should always use the "Create home now" button instead of creating it in finder or terminal.

    Also take a look at the system logs using "Console" on the server. This will give you some info on where it might go wrong.
  5. stuart.mccollum thread starter macrumors member

    Aug 13, 2008
    Really appreciate your support mate, I will give these a go and see wh happens
  6. stuart.mccollum thread starter macrumors member

    Aug 13, 2008
    Apologies but i just wanted to confirm a local profile will allow me to logon to any machine and carry my preferences with me?

    My understanding of local was that it only stays on the machine you login to and doesn't follow you?
  7. stuart.mccollum thread starter macrumors member

    Aug 13, 2008
    I can logon onto my Virtual machine using a newly created account but the same account will not let me Bind my physical iMac to the server? It comes up with the same information every time, "Authentication Failed"?

    This is really strange.
  8. mdzwarts macrumors newbie

    Jun 8, 2010
    Hi Stuart.

    Default domain accounts do not have the rights to add a computer to the domain or act as diradmin. You need to grant full rights to your new user in workgroup manager.

    So, the ability to log in locally is a good thing. Next is to add the imac and bind it. You can use the "diradmin" account to do so, or if you have succesfully granted the appropriate rights to your new domain user, you can use that one.

    Best thing to do now, is to remove the imac ldap settings by removing it when bound/half bound. Then start the binding from the top. First go to Settings and choose accounts. Unlock the settings for login, and choose join network. Enter your server ip or servername(make sure your imac can access it via dns! by trying the following command in terminal. "ping servername") Then if it succeeds click the ldap settings and verify it was bound, if not you can select and tryto do so.

    Please give it a try, And see how far you can get.

    Kind regards


    That is correct. In this case the folders wont carryover, but it will create your user folder locally on each machine capable of joining the network. Next step if this works is to set an afp location for the user, and use that single one on the server. Best to keep this untill later on when you can log onto the imac with a network account.
  9. stuart.mccollum, Jan 21, 2012
    Last edited: Jan 21, 2012

    stuart.mccollum thread starter macrumors member

    Aug 13, 2008
    Apologies for only replying now, I have tried everything you have suggested with no luck. I have included a screenshot of my issue below.

    I am tempted to format both my iMac and my Mac Mini and start fresh to see if that fixes it but then again a part of me is saying stick at it, its better to know what the issue is.

    I think the problem might lie within the DNS settings. When I open Server Admin on my server the hostname under the Network Detail is mms.private but my VM machine is connected to mms.local? I have tried both of these when trying to bind and the local address gives the below error and the .private address is not visible?

    I also installed Lion Server on my iMac before I got my Mac Mini and I am wondering if that might be an issue.


  10. mdzwarts macrumors newbie

    Jun 8, 2010
    There is no need in reformatting, that is just a windows thing :D. You can change your hostname to reflect .local if you need to, but I believe it will always be accessible at .local regardless of hostname. I have multiple servers set also, this is no issue, but keep in mind that you are best off, using only one domain (open directory master).

    To check your network:
    - On the server, open terminal, and enter "ifconfig". Check the IP address with en0 or en1 and write it down.
    - On the iMac, open terminal, and enter "ifconfig". Check the IP address with en0 or en1 and write it down.

    Now, both registered ip-addresses should at least be in the same ip range. Usually this is either 10.0.x.x or 192.168.x.x. but both should begin with the same values.

    On each individual box, using terminal, try to "ping the ip-adresses of each other. This will show you if the machines can reach each other.

    Next, You should also look into the mini server, to see if you have activated the firewall. This might be blocking your options to communicate.

    I guess an option for you would be to let it rest for a couple of days, and in the mean time do some reading from

    Maybe this will clear things up for you a little.

    Attached Files:

  11. stuart.mccollum thread starter macrumors member

    Aug 13, 2008
    I really appreciate your support on this issue.

    I can ping both machines from each other as well as pinging their dns names.

    Really strange issue but I will give that article a good reading and see if it can give me any pointers.
  12. stuart.mccollum thread starter macrumors member

    Aug 13, 2008
    Wrecking my head all day about this, my eyes are square from reading about it so much but it seemed that the issue was with authenticated binding?

    Once I disabled this I was able to bind without authentication which leads me to believe that the issue lies somewhere with my user account. I will setup another VM machine and work on that but for now I want to play around with account settings and roaming profiles with roaming home folders.

    Thanks again for all your support.

  13. mdzwarts macrumors newbie

    Jun 8, 2010
    Hi Stuart, how are you progressing with your setup?
  14. stuart.mccollum thread starter macrumors member

    Aug 13, 2008
    Managed to get my mac and virtual Lion machine bonded to the server after reading through a lot of online tutorials and trying different things.

    Got Open Directory up and running with no big issues. Some small issues but it seems a lot of others are experiencing e same issues and it looks like it won't be fixed until Apple release and update, but they are not serious so I can live with it.

    I am now playing around with Profile manager and I am also really keen to get VPN up and running, currently reading more into it as I have never set it up before, so any pointers or walk throughs you can share will be much appreciated.

    Thanks again for all your support, I really appreciate it.

Share This Page