You can’t assign server administrator privileges, Disconnecting the password server computer, Users can’t access their home directories – Apple Mac OS X Server (version 10.2.3 or later) User Manual

212

Chapter 3

You Can’t Assign Server Administrator Privileges

In order to assign server administrator privileges to a user for a particular server, first log in
to that server in Workgroup Manager.

Disconnecting the Password Server Computer

When you remove the Password Server’s computer from a network by removing the cable
from its network interface card (NIC), users whose passwords are validated using the
Password Server can’t log in because its IP address isn’t accessible.

Users can log in to Mac OS X Server if you plug the Password Server’s computer in to an
isolated hub to bring the NIC back up. Alternatively, users can log in as users whose
password validation strategy is basic.

Users Can’t Access Their Home Directories

Make sure that users have access to the share point in which their home directories are
located and to their home directories. Users need Read access to the share point and Read &
Write access to their home directories.

Mac OS X User in Shared NetInfo Domain Can’t Log In

This problem occurs when a user tries to log in to a Mac OS X computer using an account in
a shared NetInfo domain, but the server hosting the domain isn’t accessible. The user can log
in to the Mac OS X computer by using the local user account created automatically when he
or she set up the computer to use a NetInfo account. The user name is “administrator”
(short name is “admin”) and the password is the NetInfo password.

Kerberos Users Can’t Authenticate

When a user or service that uses Kerberos experiences authentication failures, try these
techniques:

m Kerberos behavior is based on encrypted time stamps. If there’s more than 5 minutes

difference between the KDC, client, and service computers, authentication may fail. Make
sure that the clocks for all computers are synchronized using a network time server.

m If Kerberos is being used, make sure that Kerberos authentication is enabled for the

service in question.

m If a Kerberos server used for password validation is not available, reset the user’s

password to use a server that is available.

m Make sure that the server providing the Kerberized service has access to directory

domains containing accounts for users who are authenticated using Kerberos. One way to
do this is to use a shared directory domain on the KDC server that hosts user records that
correspond to all the user principals.

LL0395.Book Page 212 Wednesday, November 20, 2002 11:44 AM