I have an XServe running Snow Leopard Server (10.6.2). It has some local administrator accounts on it and it is also an OpenDirectory master.
I noticed earlier today that I was not able to login with local administrator credentials via a VNC connection. However, I was able to login with a directory account. Once logged in, I could escalate privileges to perform any privileged operation with local administrator account credentials.
Even after a reboot I was unable to login with my local credentials. So I opened Directory Utility and modified the Search Policy tab to be Automatic. When I did so, I noticed it removed the LDAP directory from the search policy, so I applied my changes and logged out.
As you may surmise by now, I can't log in any more- with either my directory credentials (because I removed them: OOPS!) or with my local credentials (because they still aren't working).
So my question is two-fold:
- How do I log in to this server now with no credentials that seem to work? Is there a configuration file I can change if I can mount this machine's disk? Maybe in single user mode?
- How do I get the search policy working like it should be all along? (I.e., check local user accounts, then directory accounts). This had previously worked, but like I said, seemed to stop working for no apparent reason.
Found out that I couldn't use dscl in single user mode, or via the root account in a >console login. I'm not exactly sure why, but I did realize that the plists that dscl manipulates still had the right data except for one little value.
This thread pointed me in the right direction. I need to set the value of the Search Policy key to INT 3 (meaning Custom Search Policy) instead of INT 1 (the value I had set meaning Automatic):
Can you do a password recovery on the Xserv in the same way you can on a standard mac?
eg:
boot up from the install CD and go through a couple of pages until you see the standard menu bar at the top of the screen.
From the Utilities Menu, select "Reset Password".
This doesn't really help with your directory problem, but it should get you back into the machine :)