I am now fully up, just to reiterate my painful steps, and with some of the trivial details to help the less experienced:
- Image the server using Carbon Copy Cloner. (I used the version 3.4.7, the last free version, which seems to be still running OK with Mavericks.)
- Using .local set-up. My external domain name is used only in VPN, mail and websites settings.
- Using a DNS set-up manually created while “show all records” is in effect. (Any other way relying on Apple’s automatic scripts seems to screw it up.) Primary zone “local”, and each machine is listed as with their names under local. Except nameservers that are listed as x.local under the local zone. Looking for “only some clients” with “forwarding server” 10.0.1.1, my airport extreme router. The server and all of the clients are in the DNS.
- Server uses 127.0.0.1 as it own DNS followed by my airport extreme router at 10.0.1.1, followed by 188.8.131.52, and 184.108.40.206, DNS servers from google. [This is set-up in the network panel of System Preferences on the server.]
- Clients substitute the 10.0.1.x (my server) in place of 127.0.0.1 in the DNS, otherwise the same. All clients use my DNS services. [This is set-up in the network panel of System Preferences on the client.]
- Confirm reverse lookup works per Apple’s directions. Server and the clients.
- Once all of the steps above are complete, blow away your Open Directory, and reset it from scratch. (What a pain in the derrière.) Set users, groups and file sharing up.
- [Optional] Bring trust certificates from profiles to clients using http://10.0.1.x/mydevices, so you don’t have to confirm every time when you join.
- [May or may not be needed] Delete and rejoin the network account server on all clients.
- Make sure all Little Snitch installations in clients and the server have been removed.
- Server is 3.0.1, but this was also working before once I removed Little Snitch.
I hope this helps.
Network Users Cannot Login – Server 3.0 – Take 6
©2013 EthnoSync.com. All Rights Reserved.