Open Directory authentication issues

[jasrdunn]

Hi, eveyone. I've been trying to set up an Open Directory server for a small network, sharing user info via LDAP. I'm stumped on what seems to be an authentication issue. Each of the clients is set to use my server as an Open Directory server, and I can log into them as any user just fine, except it refuses to remember any changes to preferences that I make, and I can't open address book or Safari. It just tells me there was an error opening them. However, I do have full read/write support to the remote home directory. I'm suspecting it may have to do with my NOT running the DNS service on the server. I'm trying to avoid that extra complication unless absolutely necessary. However, the more I read, it seems that this is a must to have the password server function properly.
I would appreciate any tips on this. Or maybe some clues for further debugging.
thanks,
Jason

 

[Go3iverson]

For an OD server to function properly, you need to have DNS.

When you say 'remote home directory' do you mean that the user's Library, etc are actually on the server and not local?

 

[jasrdunn]

I see. I was afraid of that.
All the user home directories are on the server. The only user info local to the client is the root login and a generic user login.

 

[Go3iverson]

Ok, so your not forcing local home creation or anything of that nature? Meaning, when a client logs out, they leave nothing behind?

 

[jasrdunn]

That's right. There should be no trace on the client machine of any of the User's data

 

[jasrdunn]

Another thing..
In the workgroup manager, if I try to set a user's password type to "open directory," it tells me I have to set up the password server first. However, if I go the the "Open directory" submenu of Server Admin, it tells me the Password server is running. Is this a bug? Or do I need to do additional setup somewhere?
BTW I have the DNS server running now.

 

[Kees Buijs]

Another thing..
In the workgroup manager, if I try to set a user's password type to "open directory," it tells me I have to set up the password server first. However, if I go the the "Open directory" submenu of Server Admin, it tells me the Password server is running. Is this a bug? Or do I need to do additional setup somewhere?
BTW I have the DNS server running now.

I had the same problem and solved it by reinstalling os x (i could not find any reference to the password server on the internet).

Check if the HOME directory on the server is created, as this is not always the case and in that case there is no place to save your preferences. A flaw in this server software.

Goodluck, Kees

 

[Go3iverson]

Well, if you don't have anything invested in the password server, you could blow it away and create a new password database.

First, maybe check to see if any authentication methods are available to it...

NeST -getprotocols

That'll show acceptable authentication methods, which may help you get a better idea of what's going on.

Check out man mkpassdb to get info on how to manipulate the password database.

Also, check out man PasswordService to find out about the Password Server daemon. Also, check the ApplePasswordServer.Error.log file to see if it has any specific error messages about your Password Server.