beautypg.com

Users can’t log in or authenticate – Apple Mac OS X Server (version 10.2.3 or later) User Manual

Page 211

background image

Users and Groups

211

m You can make other users Password Server administrators after setting up a Password

Server. Make sure they have an account in the directory domain associated with the
Password Server. Make them domain administrators for the directory domain, and make
sure their passwords are validated using the Password Server.

A Password Server User Can’t Authenticate in NetInfo Manager

To make changes using NetInfo Manager, you must authenticate with a user account that has
a basic password.

Users Can’t Log In or Authenticate

Try these techniques to determine whether the source of the authentication problem is
configuration or the password itself:

m Reset the password to a known value, then determine whether there is still a problem. Try

using a 7-bit ASCII password, which is supported by most clients.

m If a Password Server is being used for the user and it is not set up to support the

authentication protocol needed by the user’s client, you can use Open Directory Assistant
to enable additional Password Server protocols. You may need to reset the user’s
password after changing the Password Server configuration.

m Basic authentication does not support many authentication protocols. To increase the

possibility that a user’s client applications will be supported, use the Password Server or
suggest that the user try a different application.

m For Kerberos troubleshooting tips, see “Kerberos Users Can’t Authenticate” on page 212.

m If a Password Server or non-Apple directory server used for password validation is not

available, reset the user’s password to use a server that is available.

m Make sure that the password contains characters supported by the authentication

protocol. Leading, embedded, and trailing spaces as well as special characters (for
example, Option-8) are not supported by some protocols. For example, leading spaces
work over POP or AFP, but not over IMAP.

m Make sure that the keyboard being used by the user supports the characters necessary for

authentication.

m Make sure the client software encodes the password so that it is recognized correctly. For

example, Password Server recognizes UTF-8 encoded strings, which may not be sent by
some clients.

m Make sure that the client being used by the user supports the password length. For

example, LAN Manager supports only 14-character passwords, so passwords longer than
14 characters would cause an authentication failure even though Mac OS X Server’s
Windows service supports longer passwords.

m If an AFP client prior to version 3.8.3 fails to authenticate, use Authentication Manager for

these older clients.

LL0395.Book Page 211 Wednesday, November 20, 2002 11:44 AM

See also other documents in the category Apple Software: