XServe won't let me log in

Question

After a power-failure, my Xserve won't let me log in on the login screen. I can still SSH into the box and access its other services, but the login box just shakes when I write either a local username and password or an ldap based username and password (this server is the LDAP server). Any suggestions on how I can go about solving this problem?

Cheers

Nik

I've booted with a boot CD and reset the passwords for root and myself, but still the login window just shakes when I try to log on — niklassaers, Mar 31 '10 at 07:27
With no solution found, I'm reformatting and going for the time machine backup — niklassaers, Mar 31 '10 at 08:12

Spiff · Accepted Answer · 2010-04-02T19:01:24.977

1

Could the power failure be a red herring? Were you messing with Service ACLs recently? You could have disallowed all users from using the GUI with a Service ACL.

Edit:
If you can SSH in, you can add yourself back into the loginwindow access group, by doing something like this:

sudo dseditgroup -o edit -a $USER -t user com.apple.access_loginwindow

That is, you're using sudo to use superuser powers to run dseditgroup to edit your DirectoryServices groups. The operation is an edit, you're adding user $USER (whoever you SSH'd in as), the record type is user, and the group to add it to is com.apple.access_loginwindow.

After that, once you've got GUI access again, I'd recommend using the Server Admin tool in the GUI to review and edit your Service ACLs (SACLs). The methods provided to edit SACLs from the command-line leave a lot to be desired.

edited Apr 02 '10 at 19:01

answered Mar 31 '10 at 10:38

Spiff

2,496
16
17

I didn't, but I guess we won't know as I had the disks formatted. All I've got left is the Time Machine backup. But I'm suspecting you might be right, that there's been something else going on. For people coming by this questions later, could you suggest how to remove such a disallowing via command line via SSH? – niklassaers Apr 02 '10 at 18:40
Okay, I've updated my Answer. – Spiff Apr 02 '10 at 19:01

score 0 · Answer 2 · answered Mar 31 '10 at 06:37

0

Can you login as the root user? If so, login as root and launch ServerAdmin and check the OpenDirectory status. Is OpenLDAP running? What about the password server?

Also, can you use ServerAdmin or Workgroup Manager to administer the server from another Mac?

Also, what version of MacOS X Server are you using?

answered Mar 31 '10 at 06:37

tegbains

1,956
12
27

When I SSH in, I can "sudo zsh" to root. I cannot log in as root from the login screen, at least not with the passwords used for this server. Can I run ServerAdmin from the command line? I'm not too familiar with OpenLDAP, does it have a separate password server? If so, what's its name so I can poke around for its logs? I'm running Snow Leopard 10.6.2 Thank you so much for your time Nik – niklassaers Mar 31 '10 at 06:40

score 0 · Answer 3 · answered Aug 23 '10 at 23:56

0

Another option is to try >console in the user field which will then give you a console screen to login as and then run the dseditgroup command above.

answered Aug 23 '10 at 23:56

XServe won't let me log in

3 Answers3