0

I have a Mountain Lion server and two Mountain Lion clients. I have two network users. From one of the clients I can log on using either of these two accounts, from the other I cannot log using neither of these two accounts. So it is not a user account problem. The authentication seems to go through correct, judging from logs, but then it fails with the message from the subject of this post, with further remark that the login failed because an error has occurred no details on error. Both client Macs are bound to open directory in the same way. DNS works fine on both clients. Where should I go on server searching for error? Thanks

zsmagol
  • 19
  • 1
  • 1
  • 4
  • Can you post some log snippets? – Tom O'Connor Apr 21 '13 at 21:36
  • sure I can, but which logs do you want? The logs are chatty, so far I was able only to catch the part which is showing that the authentication is OK, because if I put a wrong password, I can clearly say that authentication fails, but other then that I found nothing. Which log should contain net logon info, do you have any particular? – zsmagol Apr 22 '13 at 10:01
  • I suspect anything ldap related is probably the most useful. – Tom O'Connor Apr 22 '13 at 11:59

3 Answers3

1

In my experience, this error message generally means there was a problem mounting the user's network home folder. Since it's happening for all user accounts on one client computer, my first thought is to check its clock -- if it's more than 5 minutes out of sync with the server, Kerberos authentication (incl. for mounting the home folder) will fail.

If that's not it, try manually mounting the home folder on the problematic client, and see if it works: log in as a local user, then get a Kerberos ticket (either with /System/Library/CoreServicesTicket Viewer.app, or kinit someusername at the command line), then try to mount the folder from the Finder (use Go menu > Connect to Server, then enter the server's URL). Doing this manually tends to give much more informative error messages and/or failure modes.

Gordon Davisson
  • 11,216
  • 4
  • 28
  • 33
  • After checking all the server logs and finding nothing, I checked the client logs, and: 22/4/13 9:13:01 NetAuthSysAgent[20445]: CFPreferences: user home directory for user kCFPreferencesCurrentUser at /Network/Servers/sandramini.private/Volumes/DataBackedUp/NetUserFolder/macme is unavailable. User domains will be volatile. But the folder is there, and if I log on using ssh, then it works togo:02-04 zmagyar$ ssh -l macme sandramini.private Password: sandramini:~ macme$ pwd /Network/Servers/sandramini.private/Volumes/DataBackedUp/NetUserFolder/macme So why does it say it cannot find it? – zsmagol Apr 22 '13 at 20:09
  • I can also mount the same path using afp with credentials for that user, here is the mount command output: //macme@SandraMini._afpovertcp._tcp.local/DataBackedUp on /Volumes/DataBackedUp (afpfs, nodev, nosuid, mounted by zmagyar) //macme@SandraMini._afpovertcp._tcp.local/NetUserFolder on /Volumes/NetUserFolder (afpfs, nodev, nosuid, mounted by zmagyar), any idea what to check next? Thanks – zsmagol Apr 22 '13 at 20:14
  • Is there a local folder at /Network/Servers/sandramini.private/Volumes/DataBackedUp/NetUserFolder/macme? If so, that'll interfere with mounting the network home at that location. I'd check /Network/Servers for local subfolders, move anything you find to some other folder, then reboot and let the folder get autopopulated. Also, it looks like you have both /Volumes/DataBackedUp/NetUserFolder and /Volumes/DataBackedUp shared from the server -- only NetUserFolder is needed for network homes, and it's possible that having DataBackedUp shared as well is complicating things. – Gordon Davisson Apr 22 '13 at 22:03
1

It was Little Snitch :-( I found the solution here https://discussions.apple.com/thread/4676595?start=0&tstart=0 First I put LS into silent mode, allowing all connections, but did not help. Then I disabled it completely and login worked. Then at the new user login it reported that there were connections attempts during logon, I examined these, set them to permanent enabled LS and it works fine. Here are the rules appearing on the net logon account: NethAuthSysAgent allow outgoing connection to domain domainname (where the domain name is the domain you are logging into) NethAuthSysAgent allow outgoing connection to ipaddress (where the ipaddress is the address of your OS X server, hosting the OD I guess) opendirectoryd allow outgoing connection to ipaddress (where the ipaddress is the address of your OS X server, hosting the OD I guess) I hope this helps some one out there

zsmagol
  • 19
  • 1
  • 1
  • 4
0

Try the single user mode: Command + S

Boot to single user mode by holding "⌘" and "s" while turning on from power off. mount read/write by typing in terminal: /sbin/mount -uw / move /Users//Library/Preferences/com.apple.spaces.plist somewhere else (replace with your actual username) reboot You even get back the open windows as you left them before the problem.

Here is the original link of this post Alexandru Molodoi http://solvecomputerissues.ideacity.ro/2014/11/cannot-login-on-mac-osx-mavericks.html

Zorro
  • 1
  • P.S. Move /Users//Library/Preferences/com.apple.spaces.plist to other location like desktop... you can use Time Machine to reverse your mac if you messed things up. – Zorro Nov 01 '15 at 07:43