I am doing a few tests with OS X Server before I have to do a deploy in a few months. I have configured Open Directory, and created a few users. I've configured Directory Utility on a 10.5 client, but the login authentication doesn't work the way I would expect. I would expect I could user a username/password from any user created in Open Directory and be able to log into the client. Instead, it appears I need to create a local user, which you then sync with a directory user using Directory Utility.
Alternatively, if I add an Active Directory config to the client, I can use any AD user, as I would expect.
Am I hoping for the impossible, or is something likely wrong with the configuration?
It sounds more likely something may be wrong with your configuration - how did you add the Open Directory server in Directory Utility as what you want is precisely how it is supposed to work.
Additionally, before too much else double check your DNS as DNS will cause all sorts of issues with Open Directory.
For instructions you can check the docs: Open Directory Admin PDF, specifically: page 118 quoted:
Here is something you can do to check where things are at on the client.
Open up a Terminal, and run
dscl. It allows you to access the directory services from the command line, and when run with no options, it is interactive (and feels rather like navigating a filesystem heirarchy, complete with tab completion.)Your listing will probably include:
Now, let us see what directories you are bound to through LDAP (which includes OpenDirectory, as it uses OpenLDAP):
You should see an IP address corresponding to the Open Directory Master/Replica you are bound to. If there is nothing here, you aren't bound to anything.
You should see a bunch of directories. If you get nothing, you either aren't bound, the server isn't responding, or there is a network problem.
You should see a list of your users. To get details info on one of them:
or, for less spew, you can specify which parameters you are interested, like so:
or, to see info on all of the users, try:
Lastly, you can query the search path (searched for users to authenticate) and the contacts path (users who show up in Directory.app and Address Book.app), by doing, respectively:
Did this indicate anything regarding the binding status of your client?
One other things to try is:
ssh username@localhost
This will let you test if authentication is working. (ssh needs to be enabled first. System Preferences -> Sharing -> Remote Login).
It should work without any problems; just create an OD master on the Server, create you home share and the users and on the clients, use Directoy Utility to point to your OD server under the directory servers tab.
Then go to advanced settings: In the Services Tab, LDAPv3 must be activated, and under Search Policy/Authentication, your OD server must also be listed. If it is not, it should be appear if you click the Plus button.
After that, restart and you should be able to authenticate with your OD users (to avoid confusion, you shouldn't have any local user with the name as the corresponding OD user.
Yeah, I recall adding home directories and then all of a sudden I no longer had a shaking screen when trying to authenticate against Open Directory! Thanks for reminding me.