[Anonymous]

did you get this issue resolved? I get a similar error. Looks like port 2000
has to be set for telnet access, but that is not security issue. Posted on
Apple discussions, but no replies there either.

[Anonymous]

I’m really surprised that there aren’t any thoughts or answers to this yet.

[Anonymous]

it’s worth noting that allowing guest access to a home share that will actually be used as a home share is a little brain dead, from a security perspective. Students are smart.

[Anonymous]

policies are not currently applied to admin users at all in 10.4.

[Anonymous]

Did you find a solution…I’m having the same problem!

Thanks for any help!

🙂

[Anonymous]

This may help:

typedef enum PWDisableReasonCode {

        kPWDisabledNotSet = 0,

        kPWDisabledByAdmin = 1,

        kPWDisabledExpired = 2,

        kPWDisabledInactive = 3,

        kPWDisabledTooManyFailedLogins = 4

} PWDisableReasonCode;

[Anonymous]

We had to strip out the passphrase to make the cert work with Tiger Server.

[Anonymous]

pam_auth and kerb is a horrible hack.

Use the built in mod_gssapi.

-m

[Anonymous]

Override the “Never” setting by holding down the option key at login. It’s much easier than deleting a file.

[Anonymous]

If all else fails, archive your local account, then delete the whole thing and create it after a network login. You can then restore any missing files from your archived copy.

[Anonymous]

Adding Full Path ~/. to Background Sync worked for me.

[Anonymous]

Okay, so I’ll answer my own question. It turns out I was incorrectly specifying the location for my home directories. I changed it from “afp://xserve.domain.com/Volumes/X-RAID/Users” (which, btw, is what DID work under Jaguar server) to “afp://xxx.xxx.xxx.xxx/Users/” and, voila, it’s now working as advertised! Home directories are automatically created by WGM in the correct location (on my X-RAID) and users can authenticate and log into their accounts configured with portable home directories.

[Anonymous]

Bump. I’m having the same problem. Tiger Server 10.4.2 with Users’ home folders on a Fibre Channel attached X-RAID.

Location of home directories is: “afp://xserve.domain.com/Volumes/X-RAID/Users”. Using WGM “Create Home Now” button and command line “sudo createhomedir -u usershortname” do not generate a home folder. All users are in LDAP directory. Logging onto the server via AFP DOES NOT create the home directory, but user is able to logon and access shares corresponding to his/her access privs.

Any help would be greatly appreciated.

[Anonymous]

Joel, when you refer to the DS debug logs what are you talking about?
I used:
"sudo killall -USR1 DirectoryService"
[then]
"tail -f /Library/Logs/DirectoryService/DirectoryService.debug.log | grep ADPlug"

I am game to try packet traces to see what is happening, but I have no clue what would be best and what I would be looking for.

I found the following link on Apples site:

"http://developer.apple.com/qa/qa2001/qa1176.html"

…which recommends using one of the following. Since the first is expensive I will probably use tcpdump…

EtherPeek, Ethereal, FrameSeer, Interarchy, NetMinder, tcpdump (included with all versions of Mac OS X)

So what exactly will I be looking for here? Will it be a clearly labled "ERROR" or something more subtle?

You mention common issues at this stage include very locked down security policies on the domain controller. This is a good possibility do I have to turn off digital signing like when setting up SMB shares?

As far as Time issues, I take it to mean that I need to make sure all clocks are in sync with the DC so that kerberos is happy.

~still looking/

[Anonymous]

steve, i am getting the same thing, it goes through all steps and stop at step 4 which is where i see "[email protected]@my.domain.net"

kerberos seems to authenticate correctly then it just fails sometimes telling me i don’t have the rights. I am the domain admin. I do have the rights. I also tried manually adding the computer name then just binding with the same name.

in addition i have done some of the other suggestions on afp for steering my machine more directly to dns including adding the dns server to my list, modifying rendezvous (bonjour), shutting off rendezvous, as well as editing my hosts file. nothing works. I am beginning to think it doesn’t work.

i have also done several reformats, clean installs, panther, tiger. same deal. i am pretty close to recommending that we blow off the server purchases we are looking at.

if you find a solution or get it to work can you please post the solution here. i will give it another couple of weeks then I am going to fold up.

thanks!

[Author]

Posts