Login to OS X Server User Account from Local Computer
Solution 1
If the server and client time is out of sync by 5 minutes or more the client will not be able to sign in. If this is the case change the time on the client machine to match the server's time
Solution 2
I can't give you a solution, but I can give you some troubleshooting steps to help narrow down where the problem's coming from. First, I'm assuming the client & server are both on the same private network, right? Otherwise, this is going to be a lot more complicated. Anyway, here are the standard steps I'd follow in a situation like this:
- On the server, is Bob's account listed as a Local Account, or a Local Network Account? Only network accounts will be available on other computers.
- Still on the server, open the Terminal utility, and run the command
host server.network.private
; it should give the server's IP address. If it doesn't, your server's DNS is messed up. - Still on the server, run the command
host
on the server's IP address (e.g.host 192.168.1.5
); if should give the server's name ("server.network.private"). Again, if it doesn't, DNS is messed up. - On the client, open System Preferences -> Users & Groups pane -> Login Options -> click the Network Account Server: ... Edit button. Check the status indicator; if it's anything other than green, there should be a message to the right with an indication of what's wrong.
- Repeat steps 2 and 3 on the client; if either one doesn't give the right result (but it worked on the server), your client is not using your server's DNS.
- If all of the above worked, run the command
id bob
(or whatever bob's account name is) on the client. It should give a bunch of id numbers and group names. If it says "id: bob: no such user", your client is failing to look up users on the server (for some reason other than DNS), probably something to do with the LDAP protocol connection to the server. - On the client, run the command
su bob
, and enter Bob's password. If it works, it'll switch you into Bob's account (you'll have a different terminal prompt), and you should immediately switch back with the commandexit
. If it doesn't work (but step 6 did), there's some problem with the password service. Take a look in the Password Service Server Log on the server for more information. (Optional, if you're using Kerberos) On the client, run the command
kinit bob
, and enter Bob's password (note that it's critical to use the correct account name, not Bob's "Full Name" or an alias; theid
command in step 6 will have printed the account name. If this succeeds, it won't print anything; if it fails, it'll print some sort of error message.OS X Server's Open Directory service actually provides two mostly-independent authentication services, the password server and the Kerberos server (called the KDC). You might or might not need Kerberos, and it doesn't always get set up. If it's not running, it's not really necessary, but if it is running and failing it'll cause trouble, which makes interpreting Kerberos failures tricky.
BTW, on the server side, the Kerberos KDC doesn't have its own log. If you want to see what it's doing, you have to look at the System log, and filter for entries thad contain "kdc".
Brod Wilkinson
Updated on September 18, 2022Comments
-
Brod Wilkinson almost 2 years
I have OS X Server installed on a mac mini. I've created several User accounts, one of which is
Account Name: Bob
Password: abc123
From the Mac Mini's login screen I can choose "Server" (main account) "Bob" (Bobs account) and "Other..." OS X Server Accounts, from "Other..." if I input Bobs credentials it will log me in.
I also have a macbook air, I would like to be able to select from the Login Screen "Other..." input Bobs credentials and have it login to Bobs account, or any other User Account for that matter.
My Server is setup as private with the server address: server.network.private
Following some googled instructions as well as apples very own instructions I have:
Setup an Open Directory with Username: diradmin Password: abc123
Then on the macbook air gone into
System Preferences > Users & Groups > Login Options
and clicked
Join
next to Network Account Server, input my server (server.network.private) with diradmin credentials and its connected. Great.I've also ticked
Allow Network Users to Login and Login Window
and selected All Users.I was assuming this would allow my macbook air to login to the "Bob" account by selecting "Other..." from the login window although there is no "Other..." option.
I then setup a VPN, basic credentials, logged into it on the macbook air and still not much has changed. I am able to share screens with the "Bob" account form my macbook air by logging in by clicking
Share Screen...
from the Finder underShared > Network Server
and then clickingLogin In
but this obviously requires the macbook air to already be logged into an account before it can share screens which is not suitable.Is there any way to simply login to the OS X Server User Account from the macbook air's login screen via the "Other..." like it does on the mac mini's login screen?
Thanks in advance.
Operating System: OS X 10.9 Mavericks
OS X Server: Version 3
-
Jesper Grann Laursen over 10 yearsI had same problem, and all works beside step 7. But after reading this page, wikispaces.psu.edu/display/clcmaclinuxwikipublic/…, I found out with kinit that the client machine was using wrong hostname. After reboot of the server and the client, it worked again.
-
Gordon Davisson over 10 years@Lauer: Interesting; I'm not sure why a Kerberos problem would interfere with password-server-based authentication... I'll add a Kerberos check step just in case.