244
ÂIf the user’s account resides in a directory domain that is not available, create a user account in a directory domain that is available.
ÂMake sure the client software encodes the password so it is recognized correctly. For example, Open Directory recognizes
ÂMake sure the user’s current application and operating system support the user’s password length. For example, Windows applications that use the LAN Manager authentication method support only
ÂIf you disabled authentication methods for Open Directory or shadow passwords (such as APOP or LAN Manager) the user’s applications can’t authenticate using the disabled methods.
After enabling or disabling Open Directory Password Server or shadow password authentication methods, you might need to reset the user’s password.
For information about enabling and disabling authentication methods, see Open Directory Administration.
ÂFor Kerberos troubleshooting tips, see “If Users Can’t Authenticate Using Single Sign- On or Kerberos” on page 245.
ÂIf a Mac OS
ÂMac OS v8.6 computers should use AppleShare Client v3.8.8.
ÂMac OS
ÂMac OS
If Users Relying on a Password Server Can’t Log In
If your network has a server with Mac OS X Server v10.2, it could receive authentication from an Open Directory Password Server hosted by another server. If the Password Server’s computer disconnects from your
Users can log in to Mac OS X Server if you reconnect the Password Server’s computer to the network. Alternately, while the Password Server’s computer is offline, users can log in with user accounts whose password type is crypt or shadow password.
Chapter 11 Solving Problems
