Filter
Top Products
Chapter 11 Solving Problems 245
If Users Can’t Log In with Accounts in a Shared Directory Domain
Users can’t log in using accounts in a shared directory domain if the server hosting the
directory isn’t accessible. A server can become inaccessible due to a problem with the
network, the server software, or the server hardware.
Problems with the server hardware or software affect users trying to log in to Mac OS X
computers and users trying to log in to the Windows domain of a Mac OS X Server
primary domain controller (PDC). Network problems can affect some users but not
others, depending on where the network problem is.
Users with mobile user accounts can still log in to the Mac OS X computers they used
previously. Users affected by these problems can log in using a local user account
defined on the computer, such as the user account created during setup after installing
Mac OS X.
If Users Can’t Access Their Home Folders
Make sure users can access the share point where their home folders are located, and
make sure they can access their home folders. Users need Read access to the share
point and Read & Write access to home folders.
If Users Can’t Change Their Passwords
Users who have accounts in the server’s LDAP directory with a crypt password can’t
change passwords after logging in.
These users can change passwords if you use the Advanced pane to change their
accounts’ User Password Type setting to Open Directory. When you make this change,
you must also enter a new password. Then you should instruct users to log in using this
new password and change it in the Accounts pane of System Preferences.
If Users Can’t Authenticate Using Single Sign-On or Kerberos
There are several ways to remedy Kerberos authentication failures. You can find these
solutions, as well as a full description of how to reconfigure a server’s computer record
for single sign-on and Kerberos authentication, in Open Directory Administration.
Problems with a Primary or Backup Domain Controller
Problems with a primary domain controller (PDC) or backup domain controller (BDC)
can have several causes.
If a Windows User Can’t Log in to the Windows Domain
Verify the following:
 Make sure the user account has a password type of Open Directory.
 Make sure the workstation has joined the Windows domain of Mac OS X Server.