New Users Don't Appear In Login Screen (ldapv3)

Yubs

Registered
Hi There,

I'm running Mac OS X 10.3 with a main server running LDAPv3 for authentication. The users login in to any of our Macs and have network accounts on the server.

My networked systems are configured to look for the LDAP server. A list of available logins are displayed on the login screen and function properly.

My problem is that we recently added 2 new users, and they are NOT showing up on the login screen. If they select the "Other" option and enter their full login, that works, but for some reason their accounts refuse to display like the others.

Also, I recently fixed the spelling of an account that DID display, but the OLD spelling remains in the login screen, but won't authenticate (Makes sense that it doesn't since the account has been renamed, but why isn't the spelling updated?). Going in through "Other" and using the updated name DOES work.

Does anyone know why the login screen isn't getting the updated logins and how I can fix it? Is there some cached list of login names used for the login screen that isn't being updated?

Your help is much appreciated!

Josh
 

ElDiabloConCaca

U.S.D.A. Prime
Strange! I know that the daily/weekly/monthly cron scripts "flush" certain lookup tables -- perhaps running those scripts on the client machines may help.
 

Yubs

Registered
Thanks for the idea... unfortunately, that doesn't seem to fix it

Got anything else?
 

Go3iverson

Registered
Well, the preferences for loginWindow are stored in Library/Preferences/com.apple.loginwindow.plist. You 'could' try making a backup copy of that file on one machine and deleting it out of that location. In theory, that should cause OS X to generate a new plist on boot...in theory.

I *have not* tested this, so proceed with caution and make sure to backup the plist file before the dreaded rm of death! :)
 

Yubs

Registered
Thanks, I think we're getting warmer!

There was a copy of the loginwindow.plist file in the local admin account /Users/admin (with nothing in it but a string entry) and a copy locally in (root) /Library/Preferences which contained the list of login names that gets displayed (improperly) at login.

I figured the root version was the one to play with, but I'm curious why every user also has a copy of this file? Even the networked accounts have versions of it in their home directories.

After making a backup of the file, I deleted it and did a reboot. I'm not sure how long it takes for the machine to query the server for the LDAP user info, but no accounts were displayed (except the local admin).

I logged in as the local admin, and the file was indeed recreated, but was basically empty (the only info was the last user to login).

As an experiment, I restored the original file and then edited it by hand. Sure enough, the changes took effect immediately.

SO... now I have a few questions.:

1) What generates the com.apple.loginwindow.plist file in the first place?
2) When/How do the network machines get this info from the server? Does the server create the file, and then it is downloaded to the nodes, or does each node create its own file based on a query of the LDAP info?

I guess those are kinda of the same question.

My hunch is that there is something wrong with the server and that its not updating the list, but I'm not sure how this process works.

Thanks for the ideas, keep 'em coming, they're helping!

Josh
 

Go3iverson

Registered
Ok, so the idea quasi worked... :)

Here's one more, which again, do on a test machine only!

Clear out the MCX cache in NetInfo. You can define policy in Workgroup Manager that states how often your MCX data should be populated to your clients. You might also, since its listed in NetInfo, be able to open up NetInfo on a client machine and delete out the mcx_cache attribute file. The client should then request a new set of mcx data upon next login.
 

Yubs

Registered
Thanks for all your help Go3iverson and ElDiabloConCaca.

In the end, I did a restore to a previous image of the server, and things picked up from there. I really wish I knew what was causing the problem, but sometimes when things start going your way, its best to just move on.

Thanks again!
 
Top