Network login issue

C

cfriedel

Registered
Hi all. Got a strange issue with a client computer that logs into a MACOSX server. A couple of days ago a user was logged into their machine using their open directory login (The user is OD and their profile is on the server) and the power went out. The power loss was extended so the server went down also. When the power came back on, the user could not login to their machine, but could log into any other machine on the network. Any other network or local user could log into the machine and get their things without problems. I am thinking this may be some kind of local lock file or something, but am not sure where to look. Again, the netuser who went down hangs when they try to login to their machine, but can log into other machines and other people who use their machine can login just fine. Any suggestions? Thanks in advance.

Cliff Friedel
 
cfriedel said:
Hi all. Got a strange issue with a client computer that logs into a MACOSX server. A couple of days ago a user was logged into their machine using their open directory login (The user is OD and their profile is on the server) and the power went out. The power loss was extended so the server went down also. When the power came back on, the user could not login to their machine, but could log into any other machine on the network. Any other network or local user could log into the machine and get their things without problems. I am thinking this may be some kind of local lock file or something, but am not sure where to look. Again, the netuser who went down hangs when they try to login to their machine, but can log into other machines and other people who use their machine can login just fine. Any suggestions? Thanks in advance.

Cliff Friedel
Click to expand...

Do you get a message with the reason why login failed ?

I have the experience that when rebooting my server, sometimes the passwords for some users get damaged.


Good luck, Kees
 
No, unfortunately it is just the beach ball of death. It seems to happen right after spotlight starts. At that point the user just hangs. Again though, any other user on that machine is good or that user on any other machine is ok. I have tried building them a new network profile and that hasn't seemed to fix it. I am thinking there is a local lock or something on that machine. Is there anywhere where they document the LDAP login process in detail? Checked the net but couldn't find anything so far. If I don't find something soon I am going to have to give Apple a call =(. Thanks for the help so far.

Cliff
 
Reboot the machine into single user mode by holding down Command and S

Once the machine has booted into the terminal - type "fsck -fy" and hit enter. Let the file system check run through and repair anything. Once that has completed, type "reboot" and see if you can log in.

I get this all the time on my networks and that fixes it - to the extent that I have begun distributing a standard checklist that includes doing that prior to calling for me - saves both my time, and the staff's if they can fix it - rather then waiting till whenever I am available.
 
on the server, open Console.app and watch system.log. Then try to log in on the client with the account. Hopefully there will be some illuminating errors scrolling past as the login happens (or doesn't.)
 
Caledai said:
Reboot the machine into single user mode by holding down Command and S

Once the machine has booted into the terminal - type "fsck -fy" and hit enter. Let the file system check run through and repair anything. Once that has completed, type "reboot" and see if you can log in.

I get this all the time on my networks and that fixes it - to the extent that I have begun distributing a standard checklist that includes doing that prior to calling for me - saves both my time, and the staff's if they can fix it - rather then waiting till whenever I am available.
Click to expand...

Tried this and it did not work. Is there anything else you could suggest? Again, I think this is a lock or maybe a broken file on the particular client as it is one user on one computer. Thanks for all the help thus far.

Cliff
 
decoherence said:
on the server, open Console.app and watch system.log. Then try to log in on the client with the account. Hopefully there will be some illuminating errors scrolling past as the login happens (or doesn't.)
Click to expand...

Will try this early next week and see if I can post a log. Thanks.

Cliff
 
cfriedel said:
Will try this early next week and see if I can post a log. Thanks.

Cliff
Click to expand...

No problem. Actually, you should watch /var/log/system.log on the client as you'll probably get a better log. I had a long day.

You can do this with ssh. Activate Remote Login on the client, then ssh in to it from another computer. Then type

sudo tail -f /var/log/system.log

and watch as the user logs in.

good luck
 
Ok, went back to client to take a look at the problem I described above and voila! it was gone. When I asked the resident technicians if they changed anything, the only thing they could think of was that the server had been restarted. This seemed to fix 2 out of 3 machines. Then later, I had to restart the server for something else and the third started working. Not sure what is going on here, but it seems like there is a file lock of some kind (maybe in /tmp?) and it goes away on reboot. When I check the server's system.log, I am finding nothing that indicates hang ups or anything else. Only real error I get in fact is a lookupd termination that immediately restarts and then is ok.

I guess what bothers me about this is the total randomness of the whole thing. All 3 machines had the 1 user lockout symptoms (ie 1 user could not login to that particular machine), a reboot fixed 2, and then another fixed the third. Why would that be? Note: I tried rebooting the clients several times to no effect, only when the server rebooted did it seem to change anything. I am not sure if my logic is misguided or we are missing something information wise (I only go to this location now and then), but something doesn't add up. Sorry I couldn't be more specific, but I figured I would drop the info I had in here and see if anyone could come up with anything. Thanks for all of your help so far.

Cliff
 
yeah, that sounds like my xserve. i swear i'm gonna put linux on that thing one day.

re: user lockouts, have you tried deleting the /Library/Caches on the clients, rebooting and seeing if they can log in?

also, check /var/log/system.log on the clients, too
 
Depends on what you're doing. If you have some flavor of Network home, such as a Portable home, the AFP server uses an exclusive lock on the AFP volume to prevent other connections overwriting data or causing corruption. If you bounce your machine off the network, it may stay locked, but usually you'd be alerted of this upon login and given the option to reset it. It can also be done manually.

Also, if you really want to know what goes on during a login, it looks something like this:

1. User types in username and password
2. Username is passed to a directory service function that does a query for that user account
3. Different plugins are searched and decided on (Netinfo, LDAP, etc)
4. Record name is found - the query then requests the attributes needed for a successful login (ex - record name, password type, real name, NFS home directory, shell, UID, primary group ID, etc)
5. Password authority is contacted - usually finding the ApplePasswordServer and Kerberos information (in OD)
6. The Password Server is queried for supported authentication methods
7. PasswordServer plugin attempts to authenticate the user
8. etc, etc....

Michael
 
You must log in or register to reply here.
Back
Top