If Users Can’t Log In with Accounts in a Shared Directory Domain

Users can’t log in using accounts in a shared directory domain if the server hosting the directory isn’t accessible. A server can become inaccessible due to a problem with the network, the server software, or the server hardware.

Problems with the server hardware or software affect users trying to log in to Mac OS X computers and users trying to log in to the Windows domain of a Mac OS X Server primary domain controller (PDC). Network problems can affect some users but not others, depending on where the network problem is.

Users with mobile user accounts can still log in to the Mac OS X computers they used previously. Users affected by these problems can log in using a local user account defined on the computer, such as the user account created during setup after installing Mac OS X.

If Users Can’t Access Their Home Folders

Make sure users can access the share point where their home folders are located, and make sure they can access their home folders. Users need Read access to the share point and Read & Write access to home folders.

If Users Can’t Change Their Passwords

Users who have accounts in the server’s LDAP directory with a crypt password can’t change passwords after logging in.

These users can change passwords if you use the Advanced pane to change their accounts’ User Password Type setting to Open Directory. When you make this change, you must also enter a new password. Then you should instruct users to log in using this new password and change it in the Accounts pane of System Preferences.

If Users Can’t Authenticate Using Single Sign-On or Kerberos

There are several ways to remedy Kerberos authentication failures. You can find these solutions, as well as a full description of how to reconfigure a server’s computer record for single sign-on and Kerberos authentication, in Open Directory Administration.

Problems with a Primary or Backup Domain Controller

Problems with a primary domain controller (PDC) or backup domain controller (BDC) can have several causes.

If a Windows User Can’t Log in to the Windows Domain

Verify the following:

ÂMake sure the user account has a password type of Open Directory.

ÂMake sure the workstation has joined the Windows domain of Mac OS X Server.

Chapter 11 Solving Problems

245

Page 244 Page 246
Page 245
Image 245
Apple 10.5 Leapard manual Problems with a Primary or Backup Domain Controller, If Users Can’t Access Their Home Folders
Page 244 Page 246
Top Page Image Contents