Login to OS X Server User Account from Local Computer

macos login remote osx-server
7,854

Solution 1

If the server and client time is out of sync by 5 minutes or more the client will not be able to sign in. If this is the case change the time on the client machine to match the server's time

Solution 2

I can't give you a solution, but I can give you some troubleshooting steps to help narrow down where the problem's coming from. First, I'm assuming the client & server are both on the same private network, right? Otherwise, this is going to be a lot more complicated. Anyway, here are the standard steps I'd follow in a situation like this:

  1. On the server, is Bob's account listed as a Local Account, or a Local Network Account? Only network accounts will be available on other computers.
  2. Still on the server, open the Terminal utility, and run the command host server.network.private; it should give the server's IP address. If it doesn't, your server's DNS is messed up.
  3. Still on the server, run the command host on the server's IP address (e.g. host 192.168.1.5); if should give the server's name ("server.network.private"). Again, if it doesn't, DNS is messed up.
  4. On the client, open System Preferences -> Users & Groups pane -> Login Options -> click the Network Account Server: ... Edit button. Check the status indicator; if it's anything other than green, there should be a message to the right with an indication of what's wrong.
  5. Repeat steps 2 and 3 on the client; if either one doesn't give the right result (but it worked on the server), your client is not using your server's DNS.
  6. If all of the above worked, run the command id bob (or whatever bob's account name is) on the client. It should give a bunch of id numbers and group names. If it says "id: bob: no such user", your client is failing to look up users on the server (for some reason other than DNS), probably something to do with the LDAP protocol connection to the server.
  7. On the client, run the command su bob, and enter Bob's password. If it works, it'll switch you into Bob's account (you'll have a different terminal prompt), and you should immediately switch back with the command exit. If it doesn't work (but step 6 did), there's some problem with the password service. Take a look in the Password Service Server Log on the server for more information.

  8. (Optional, if you're using Kerberos) On the client, run the command kinit bob, and enter Bob's password (note that it's critical to use the correct account name, not Bob's "Full Name" or an alias; the id command in step 6 will have printed the account name. If this succeeds, it won't print anything; if it fails, it'll print some sort of error message.

    OS X Server's Open Directory service actually provides two mostly-independent authentication services, the password server and the Kerberos server (called the KDC). You might or might not need Kerberos, and it doesn't always get set up. If it's not running, it's not really necessary, but if it is running and failing it'll cause trouble, which makes interpreting Kerberos failures tricky.

    BTW, on the server side, the Kerberos KDC doesn't have its own log. If you want to see what it's doing, you have to look at the System log, and filter for entries thad contain "kdc".

Share:
7,854
Brod Wilkinson
Author by

Brod Wilkinson

Updated on September 18, 2022

Comments

  • Brod Wilkinson
    Brod Wilkinson almost 2 years

    I have OS X Server installed on a mac mini. I've created several User accounts, one of which is

    Account Name: Bob

    Password: abc123

    From the Mac Mini's login screen I can choose "Server" (main account) "Bob" (Bobs account) and "Other..." OS X Server Accounts, from "Other..." if I input Bobs credentials it will log me in.

    I also have a macbook air, I would like to be able to select from the Login Screen "Other..." input Bobs credentials and have it login to Bobs account, or any other User Account for that matter.

    My Server is setup as private with the server address: server.network.private

    Following some googled instructions as well as apples very own instructions I have:

    Setup an Open Directory with Username: diradmin Password: abc123

    Then on the macbook air gone into

    System Preferences > Users & Groups > Login Options

    and clicked Join next to Network Account Server, input my server (server.network.private) with diradmin credentials and its connected. Great.

    I've also ticked Allow Network Users to Login and Login Window and selected All Users.

    I was assuming this would allow my macbook air to login to the "Bob" account by selecting "Other..." from the login window although there is no "Other..." option.

    I then setup a VPN, basic credentials, logged into it on the macbook air and still not much has changed. I am able to share screens with the "Bob" account form my macbook air by logging in by clicking Share Screen... from the Finder under Shared > Network Server and then clicking Login In but this obviously requires the macbook air to already be logged into an account before it can share screens which is not suitable.

    Is there any way to simply login to the OS X Server User Account from the macbook air's login screen via the "Other..." like it does on the mac mini's login screen?

    Thanks in advance.

    Operating System: OS X 10.9 Mavericks

    OS X Server: Version 3

  • Jesper Grann Laursen
    Jesper Grann Laursen over 10 years
    I had same problem, and all works beside step 7. But after reading this page, wikispaces.psu.edu/display/clcmaclinuxwikipublic/…, I found out with kinit that the client machine was using wrong hostname. After reboot of the server and the client, it worked again.
  • Gordon Davisson
    Gordon Davisson over 10 years
    @Lauer: Interesting; I'm not sure why a Kerberos problem would interfere with password-server-based authentication... I'll add a Kerberos check step just in case.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Is there any way to connect to Windows PowerShell from the terminal?
How to delete the sign in history of Messenger:Mac
How to find logs of Remote Management and Remote Login on my Mac?
Remote cold boot Mac
OSX 10.8.2 Wiki Server file and database locations?
How to remove OS X 10.6 Server on Mac Mini and install OS X 10.6
Why does mac iterm and iterm2 not source .bashrc or .bash_profile?
How do I Log on as Administrator using Remote Desktop?
Setting a user's home directory on Mac OS X (Server) from the command line
How can I stop a network drive from mounting on startup - Mac OS X 10.6.2