OS X Server :: Authenticating NT Domain Users?
Nov 30, 2006
I'm running server 10.4.8, how do I authenticate NT domain users on this? I tried to set the server to be a Backup Domain Controller, but then it wants Open Directory to be in replica mode. The problem there is that it needs an Open Directory server to replicate.
View 6 Replies
ADVERTISEMENT
May 7, 2012
Over the weekend the VPN just stopped authenticating. When I tried again and watched the console logs, this is what I get.Â
5/7/12 3:10:37.273 PM racoon: Connecting.
5/7/12 3:10:37.273 PM racoon: IPSec Phase1 started (Initiated by peer).
5/7/12 3:10:37.274 PM racoon: IKE Packet: receive success. (Responder, Main-Mode message 1).
5/7/12 3:10:37.274 PM racoon: IKE Packet: transmit success. (Responder, Main-Mode message 2).
5/7/12 3:10:37.631 PM racoon: IKE Packet: receive success. (Responder, Main-Mode message 3).
[Code]...
View 1 Replies
View Related
Feb 13, 2012
Today when we started trying to add users to our server (we use it only for afp access at this time), we noticed that new users belonging to a group "storage" were unable to login from client machines via afp (clients both 10.7.2 and 10.6.8). Â
When we tried editing the users accounts to change which groups they belonged to, it would appear in workgroup (and server preferences) that the changes would take but there was still no access.Â
As a test case, we modified an existing user who had no issues logging in to belong to a diffenent group and have different sharepoint access. The changes looked good in workgroup and server prefs, but when the user logged in, he was only able to acces his old sharepoint and not the new one (and since his permissions to the old were removed, he shouldn't have access to that sharepoint).Â
Also, for some reason users cannot be deleted within workgroup manager any more. The login used was the diradmin account.
Info:
Mac mini, Mac OS X (10.6.8)
View 2 Replies
View Related
Dec 21, 2006
on setting up an OD master to accept kerberos from a AD domain and I can't get AFP to work.
What I've done:
1. Bind OD Master to AD
2. Destroyed the OD Kerberos realm
3. Ran sudo dsconfigad -enableSSO
When I log into a client that is bond to both AD and OD and try to access a SMB share on the AD side it works. When I try to access a SMB share on the OD master it work. When I try to access a AFP share on the OD Master it fails with the error " The user Authentication Method required by this server can't be found". Now I think this error is because I'm forcing Kerberos authentication, if I change AFP setting to any method authentication I get promoted with the AFP login window, I enter my AD account information and I'm able to mount the share.
View 3 Replies
View Related
Jun 23, 2012
I've just set up DNS on Lion Server and whereas previously I could connect to a system on my network by the hostname (e.g. via ssh), using the Lion Server DNS requires the fully-qualified name. Is this by design? I've checked all my settings and it all seems to be correct. Â
View 2 Replies
View Related
Jan 30, 2010
I have just done a little design on iweb 09 on my new imac 27" and have uploaded it to my hosting. Its succesfully uploaded but the problem is thisIf my web address was say www.macs4u.co.uk the website. When i type that in now it goes to www.macs4u.co.uk/www.macs4u.co.uk/welcome.html and shows that site i just uploadedWhy cant i just have it uploaded to my server so when i type in www.macs4u.co.uk it stays as that and show the website??
View 1 Replies
View Related
Apr 11, 2012
I have not set up ssl before so i have a very basic question. I would like to support my Mac Lion server based email with a basic SSL cert that was provided with my domain name.Â
When setting up the certificate would i set the dNSName to  domainname.com or to server.domainname.comÂ
My mail server host name is set to server.domainname.com so i would assume this is the correct one, but emails are addressed to name@domainname.com so
I want to be sure i am setting this correctly before i generate the csr
View 1 Replies
View Related
Apr 13, 2012
I've registered a domain and it works wine when anyone enters www.mydomain.com. However when I type the domain name without 'www', I get the following:Network Error (tcp_error) A communication error occurred: "Operation timed out" The Web Server may be down, too busy, or experiencing other problems preventing it from responding to requests. You may wish to try again at a later time. For assistance, contact the IS Support Center. Â
Info:
 iMac G5 PPC,  Mini Server,  MBP  TV, Mac OS X (10.6.4), iPad2, iPhone, AppleTV
View 1 Replies
View Related
May 16, 2012
Here again dealing with how OS X deals with .local domains I think.Was previously bound and all was working fine. Have just updated to 10.7.4 When trying to login using the "Other User" the button stays red and says Network accounts unavailable. I can ping domain server by name and IP.Permissions have been rebuilt.
Have rebound. Had a problem at first unbinding inside the Open Directory Utility as it said it could not connect with the domain and an unused account would be left if a forced unbind was done. Tried again by using the minus button instead of the Unbind button and it worked without any message.
So then binded to the domain and all looked good. Green button next to Network Account Server in the Users and Groups.
Info:iMac (27-inch Mid 2011), Mac OS X (10.7.3), VM Ware with XP Pro
View 2 Replies
View Related
Dec 19, 2008
How To Connect Mac Os X 10 5 5 To Windows Server 2003 Domain
View 2 Replies
View Related
Mar 10, 2012
Normally, you can create a DNS record that points to the zone itself, e.g.:Â
@Â Â 10800 IN AÂ Â Â 196.197.200.201Â
How do you accomplish that on a Mac OSX Lion Server? The DNS requires you to enter a hostname and it does not accept "@" as the hostname as it normally appears in the zone file. (manually modifying the host file does not work - I tried that ;-) )Â
Info:
Mac mini, Mac OS X (10.7.3)
View 1 Replies
View Related
Mar 17, 2012
I recently purchased a new MacBook pro with Mac OS X, I updated the OS to the latest release which is 10.7.3. I need to join (bind) a MS Windows server 2008 Domain, but when I try to bind I get below error:
Unable to add server.
The daemon encountered an error processing request (10002)
I searched the internet for a solution; most suggestions refer to sync the clock with the domain clock as Kerberos protocol is unable to authenticate. I cannot find a option to sync the clock with the domain clock, how I do that?
[code]...
Info:MacBookPro, Mac OS X (10.7.3)
View 8 Replies
View Related
Apr 2, 2007
I have updated some of my client machines to 10.4.9. My servers are still 10.3.9. My OD server is also 10.3.9. When my clients log on to the Tiger client machine (mobile users with local home directories) I can't view the loggin items pane in the "system preferences." The "loggin itmes" pane stalls and does not show the items listed. The user accounts seem to work fine and all managed preferences (live default website, several afp volumes logged in, and special dock configurations all seem to work fine. This has happen on all my Tiger client machines and to all OD users. It's weird. Also, all the manged preferences are on the groups the users belong to, not on the user records.
View 1 Replies
View Related
Aug 19, 2010
I looked for a introduction forum but couldn't see one so hello guys and gals. Great forum you've got here..Right my issue is as follows.I have a new iMac Pro on snow leopard 10.6.4 and it is linked to a Windows SBS server 2007 but i don't think i've done it properly.When i switch the machine on all i get on boot up is 1 local user Sometimes i can leave it and it will offer me the 'Other' option which i can then login to the server But most times it doesn't to that... I have to logon as that local user and then unbind the windows domain and rebind it then when i logoff it shows me the 'Other' user Also another thing thats annoying is it doesn't map anything automatically i have had to create a alias icon on my desktop to go to my server space and it can take up to a minute to connect to the server..
View 3 Replies
View Related
Feb 14, 2012
I have been unable to find any references on how to best automate certain "tasks" in Lion so that I can do the following:Â
create predefined DNS names based upon the clients domain name
create predefnined web address based upon the just created DNSÂ
For example.... We have the customer "Sammy's Flower Garden" and his domain is "sammysflowergarden.com". At the command line, I would type:
$ clientsetup sammysflowergarden.com This would then create a base folder structure (this part has already been written)ClientDomains    -    S         -    sammysflowergarden.com              -    production              -    staging              -    archive              -    design                   -    template    Â
[code]....
From what I have read, alot of modifications outside of the Lion serveradmin tooling can result in some rather unusual if not nasty behaviour. If this is true, then I would assume that I could not just write out to a file in /var/named/ and have it automaticly picked up by the server? The same for the apache instance? I still want to be able to use the GUI interface when needed. Â
View 2 Replies
View Related
Mar 23, 2012
I have MAC OS X 10.7.3 After joined to Windows Domain 2008 R2 and reboot system - i have not items, where is i must enter domain credentials.But, if i login as local user, and logoff - i have item for entering domain credentials.Why this item not show me after restart? How i can fixed it?
Info:
Mac OS X (10.7.3)
View 1 Replies
View Related
Mar 23, 2012
I'm trying to setup a Lion Server as an internet server - not as a web server - I need access to a different port. When I use the Server UI to go to Web, I can select to edit my domain name but then in the edit window, the Domain Name field is blank, and I can't change anything such as the port, SSL Cert, etc. As best I can tell, I have the DNS setup but I'm not sure I've done it correctly. I can add a second domain name and can edit the details for that. I'd hoped I could delete the first one or swap them but no luck. I can't access the domain name from outside the LAN but it may have just not propagated yet. I can access the IP address and do see the default home page.
View 8 Replies
View Related
Nov 14, 2009
we have a mac server running and have a windows based (XP) machine logging on to the domain. is there a way to enable offline files on the mac server so that a copy is saved on the windows machine and when the user relogs on to the domain the files get syncd?
View 4 Replies
View Related
Mar 15, 2012
i've setted up my mini server as "server.domain.private"because i don't want it to be published on the internet by default, i want to have control on wich webapp is published.my main goal is to have a new Vhosts wich is serving only the webapps i need to be running and ,why not, hosting multiple VhostS enabling just some (or one) webapps each [url]). in other words: i want control on what is published where and how in order to publish Profile Manager i did: - created a new virtual host on the web service called "server.public-domain.com"- enabled the webapp on that Vhost from terminal as found in: [url] using this command "webappctl start [url]"- restarted the whole server but this seems not to work as expected.. should it ??? after some dirty work on the apache config (copy/paste from the original vHost of some "proxypass" and "balancemembers" and "include" regarding devicemngmt) i got it to ask me for password when browsed from the outside world, BUT after login it will redirect my browser to "server.domain.private" wich is obviously not working from outside.Â
Info:
Lion Server, Mac OS X (10.7.3), profile manager / ical server / ios
View 1 Replies
View Related
Feb 19, 2012
I have a server in our DMZ that connects to Active Directory LDAP server (non-ssl over 389) but no objects actually show up in the directory editor. I get a green light in my Network Account Server, but queries against LDAP return no results. My end goal is to be able to dictate to Profile Manager what LDAP groups are allowed to enroll devices. I tested on our internal network on a test server and get the same results. Anyone have any luck connecting a Lion Server to LDAP and actually being able to view and utilize users and groups?
Info:
Mac mini, Mac OS X (10.7.3), Server
View 1 Replies
View Related
Feb 2, 2012
I have a Mac Pro that is running OD to create users. My problem is that the users that I have to give macs to, need rights on their machines to install programs because of all of the development software that these individuals need. I don't want them to be able to make a local user so that they cant unbind these machines from the OD server.
They still need access to terminal. I don't want them to be able to boot into the recovery partition or terminal to get super user rights (thus changing passwords or adding/deleting users). I have restricted their rights to access "Users & Groups" through OD Policies but that's about all I have done.
Info:
Mac Pro, Mac OS X (10.7.2), Server
View 1 Replies
View Related
May 10, 2012
I bought a Mac Mini Server yesterday and set it up successfully (Set OD, etc). Everything was working great until I went back and tried to create new users via the server app. As of now, it gives me the error "SEUserErrorDomain error1" and tells me that it cannot create the user. Even though it says that, it will still show up in the user list with the "blue globe" (that I believe is from OD?) but disappear the moment I drill into it and try to save anything. Workgroup Manager will allow me to create the user, but it does not show up in the user list in the server app so I cannot enable certain services for the user (i.e. assign folders for share point, etc). Â
P.S. Apple tech support had me reinstall the 10.7.4 combo update - no help. They also had me use disk utility to repair permissions - no help. P.S.S. On a side note, I did install Samba 3 on the server via mac port to try and help with LDAP auth (I ended up going with pGina for my windows users), but I have no clue how to uninstall it.
Info:
Mac OS X (10.7.4), Mac OSX Lion Server
View 4 Replies
View Related
Mar 15, 2012
Im running a golden triangle setup.. a very basic and simple one..
-OD Master running 10.7.3
-clients running 10.7.3 as well..
-AD running windows 2008 server.
OD Master is bound to AD and i can see all the AD users and groups..the problem im facing is i cannot add AD users to OD groups under workgroup manager eveytime i add an AD user to the OD group, it shows as "NOT FOUND" and it shows aa weird ID "0433BF34-"
View 2 Replies
View Related
May 3, 2012
We have an exiting network of approximately 50 Macs running anything from Lion to Leopard. Obviously there are existing local accounts on these machines.What I'd like to do is to administer these users and machines through Lion Server so that I can use the existing user information for all of the services provided by Lion Server, but to do so without altering the way the end user operates and without any data loss.I am having difficulty finding any information on this, but surely someone has installed Open Directory into an existing Mac network.
Info:
Mac Pro, Mac OS X (10.7.3), Server
View 2 Replies
View Related
Jun 20, 2012
I'm trying to make it so that my students have the ability to log onto our iMacs (all running Lion) through our Mac Mini Server (also Lion). I recently had to go through drastic changes in order to simply create a directory administrator, yet it still persists. The active directory isn't binded onto the server yet. When I try to bind the my Active Directory with the Mac Mini, I get the following popup after logging in as the Directory Admin:Â
View 2 Replies
View Related
Jun 25, 2012
I have (3) 10.7.4 servers, one is the master and the other two are replicas (192.168.123.127 and 192.168.123.129) When i add new users thru server.app or workgroup, no users are showing up on the replicas in the log of the server i get this error many times per minute:
[code]...
Info:Mac OS X (10.7.4)
View 2 Replies
View Related
Jun 29, 2012
Why can't I move files without getting the message that it needs to authenticate? Just upgraded to new iMac with Lion 10.7.4.Â
Info:
iMac, Mac OS X (10.7.4)
View 2 Replies
View Related
Dec 5, 2014
I have a 2010 Mac Pro. I recently had to replace the hard drive, and so installed a fresh new copy of Yosemite from a USB stick. No problems whatsoever, except one: when I click the padlock anywhere in System Preferences to make changes, the words "Authenticating" appear and that's it. It never authenticates. It never prompts me for a password. It just sits there.Â
I tried a few things, including Keychain First Aid. No problems found. I tried erasing the contents of a system folder, per another thread that I'm having trouble relocating. Nada.Â
Info:
Mac Pro, OS X Yosemite (10.10.1)
View 9 Replies
View Related
Feb 23, 2012
I have two Lion 10.7.3 servers joined to my company's AD. These servers provide SMB/AFP file services to users. They have been working successfully until a week ago when a change in AD was made. Now Windows (7 or XP, doesn't matter) clients cannot connect to the server using the DNS name, only the IP address. Mac OS X clients are not affected by this, i.e. they can use the DNS name fine. All clients are on AD too. What I observe from a Windows 7 client is, I open Windows Explorer, type \xserver in the address bar, hit enter, & it denies my connection immediately. If I do the same thing with the IP address (\10.0.1.10), it lets me in immediately.
For Windows clients, I have tried both the short DNS name as well as the FQDN, & neither work. The DNS name on the server itself is fine, verified by "changeip -checkhostname". Whatever changed in AD caused the Lion servers to start doing this because they both started exhibiting this behavior at the same time. The only info I've been able to get regarding what changed in AD from the domain admins was "We changed the UPN fromuser@domain.example.com to Firstname.Lastname@example.com", in other words, to their email address. In the system logs, here's an attempt to connect from a Windows client using the short DNS name:
Feb 20 09:24:39 xserver rpcsvchost[32619]: sandbox_init: com.apple.msrpc.netlogon.sb succeeded
Feb 20 09:24:39 xserver sandboxd[32620] ([32619]): rpcsvchost(32619) deny file-read-metadata /Library/Managed Preferences
Feb 20 09:24:39 xserver sandboxd[32620] ([32619]): rpcsvchost(32619) deny file-read-metadata /private/var/root
Feb 20 09:24:39: --- last message repeated 3 times ---
[Log] .....
Why only the DNS name doesn't work.
Info:
Xserve, Mac OS X (10.7.3)
View 1 Replies
View Related
Mar 5, 2012
i have linked up my AD environment to my Lion server. I have all my users populated perfectly and i have added a few email address values for users. When i try and login via webmail to my account it will not login. When i look in the logs it shows that its trying to authenticate to the local server and not the AD server for the user. how i can fix this so that it uses my AD credentials and such for email also?
Info:
Mac mini, Mac OS X (10.7.3)
View 1 Replies
View Related