Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Command-Line

211

212

213

214

215

216

217

218

219

220

Chapter 10 Solving Open Directory Problems 213

If a User Can’t Authenticate for VPN Service

Users whose accounts are stored on a server with Mac OS X Server v10.2 can’t

authenticate to VPN service provided by Mac OS X Server v10.3–10.6. VPN service

requires the MS-CHAPv2 authentication method, which isn’t supported in Mac OS X

Server v10.2.

To enable aected users to log in, move their user accounts to a server with Mac OS X

Server v10.3–10.6. Alternatively, upgrade the older server to Mac OS X Server v10.6 or later.

If You Can’t Change a User’s Password Type to Open Directory

To change a user’s password type to Open Directory authentication, you must be an

administrator of the directory domain where the user’s record resides. In addition, your

user account must be congured for Open Directory authentication.

The user account specied when the Open Directory master was set up (using

Server Assistant or the Open Directory service settings in Server Admin) has an

Open Directory password. You can use this account to set up other user accounts as

directory domain administrators with Open Directory passwords.

If Users Relying on a Password Server Can’t Log In

If your network has a server with Mac OS X Server v10.2, it can be congured to get

authentication from an Open Directory password server hosted by another server.

If the password server’s computer becomes disconnected from your network, for

example because you unplug the cable from the computer’s Ethernet port, users

whose passwords are validated using the password server can’t log in because the IP

address isn’t accessible.

Users can log in to Mac OS X Server if you reconnect the password server’s computer to

the network. Alternatively, while the password server’s computer is oine, users can log

in with user accounts whose password type is crypt password or shadow password.

If Users Can’t Log In with Accounts in a Shared Directory Domain

Users can’t log in using accounts in a shared directory domain if the server hosting the

directory isn’t accessible. A server can become inaccessible due to a problem with the

network, the server software, or the server hardware.

Problems with the server hardware or software aect users trying to log in to

Mac OS X computers and users trying to log in to the Windows domain of a Mac OS X

Server PDC. Network problems can aect some users but not others, depending on

where the network problem is.

Users with mobile user accounts can still log in to Mac OS X computers they used

previously, and users aected by these problems can log in by using a local user

account dened on the computer, such as the user account created during setup after

installing Mac OS X.