A Mac OS X Lion 10.7.5 is running the Services:
- Firewall
- Open Directory
The role of the "Open Directory" service is "Open Directory master".
After a restart the machine is no longer able to login at the graphical console (LoginWindow). The Login Windows displays "Network accounts are unavailable" briefly after boot. The Open Directory users can be remotely accessed using "Workgroup Manager" running on another Mac in the same LAN.
Normally the users were visible at login window, now the only user visible is "Other…".
We tried to login at "Other…" with both a local user (uid=501) and an OD user (uid=1025) at the graphical login window. Neither succeed. We enabled the root user with "$ sudo dscl . -create /Users/root NFSHomeDirectory /var/root
" and "$ sudo passwd root
". Logging in as user 'root' also fails at the graphical loginwindow. Only user ">console
" login does succeed as well as SSH logins.
How to fix graphical login at "Login Window" for local and OD users?
Best Answer
It's possible that the server has service ACLs enabled for the Login Window. If you can connect to the server using Server Admin (from another Mac on the LAN - as you have with WGM), you may be able examine those settings. Here's an article that details enabling that setting for Mail (applies to Login Window as well.)
Go into Server Admin -> servername.local ... Select the "Access" tab at the top of the window, and confirm that you are not managing service access for the "Login Window" section. If you are ("Allow only users and groups below"), you can potentially correct the list of users that have access in that window, or choose to "Allow all users and groups".
Also - Apple does not recommend logging into network user accounts directly on the server (at the Login Window.)