[bugugly]

Server Admin->Server.local->Settings->Access->Services

Select the service you are trying to connect to on the left, then “Allow all users and groups” and click save.

When you see the groups icon disappear from the left of the service, try connecting on that service again as the user that would not previously authenticate.

I could not get a user to authenticate on AFP even though the logs showed success in Kerberos authentication for that user.

Then I found this pane, opened up AFP to all, and those same user credentials got me right in.

From that point I can go back and review users/groups to see why that particular user could not access that particular service, shut down the wide open access, and try again.

Probably most already know all this. I didn’t. Hopefully this will save someone like me a little scratching around.

[bugugly]

In my case I think this happened after I created the first ACL directory authentication.

I could still access the server using screen sharing with a given name/pw, but directory browsing access was buggered up. I could authenticate a couple of accounts I had created post ACL, but no accounts created prior. At least it seemed like that was the difference.

I did not try to go back and repeat, so it could just be my wild imagination.

But definitely a reboot and my server worked again.

slapd[38]: <= bdb_substring_candidates: (authAuthority) index_param failed (18) was the error message I googled to get here. Thanks for the suggestion, it used to be SOP with the former server OS. Then a few years without reboots except post-updates in 10.3.9 had me spoiled.

[Author]

Posts