ccs-calendarserver Ventura Authentication Issue — Request for Pointers
I just migrated my server to Ventura, including a still-going-strong instance of ccs-calendarserver with APNS. All went smoothly, except for the issue that ccs-calendarserver is under Ventura is rejecting authentication to local accounts. I am confident that this is a new issue with macOS Ventura authentication and the ccs-calendarserver code base because all other authentications (a mail server with dovecot+postfix, etc.) work as previously under macOS 12. I’d appreciate any pointers to troubleshoot or fix this issue: Code lines that handle local account authentication in https://github.com/apple/ccs-calendarserver Changes in Ventura security requirements, e.g. I may have to change to TLS settings in the nginx proxy than handles calls to ccs-calendarserver: https://github.com/macports/macports-ports/blob/master/net/calendar-contacts... Where to find the macOS-level authentication error logs Thanks much!
This issue is the disappearance of OpenDirectory because macOS Server is gone. Any advice on how to reconfigure using local authentication with the local directory, hopefully using the same principals? I have exports and backups of everything.
2023-01-01T12:08:36-0500 [directoryproxy] [twext.who.opendirectory._service.DirectoryRecord#error] Digest auth for user ‘username' failed with code 5100 (Error Domain=com.apple.OpenDirectory Code=5100 "Could not verify credentials because directory server does not support the requested authentication method." UserInfo={NSLocalizedDescription=Could not verify credentials because directory server does not support the requested authentication method., NSLocalizedFailureReason=Could not verify credentials because directory server does not support the requested authentication method.});
I see that authentication in calendarserver.plist is reconfigurable:
<!-- Directory service
A directory service provides information about principals (eg. users, groups, locations and resources) to the server.
A variety of directory services are available for use. -->
<!-- Open Directory Service (Mac OS X) --> <key>DirectoryService</key> <dict> <key>type</key> <string>opendirectory</string>
On Jan 1, 2023, at 9:12 AM, Steven Smith <steve.t.smith@gmail.com> wrote:
I just migrated my server to Ventura, including a still-going-strong instance of ccs-calendarserver with APNS.
All went smoothly, except for the issue that ccs-calendarserver is under Ventura is rejecting authentication to local accounts.
I am confident that this is a new issue with macOS Ventura authentication and the ccs-calendarserver code base because all other authentications (a mail server with dovecot+postfix, etc.) work as previously under macOS 12.
I’d appreciate any pointers to troubleshoot or fix this issue: Code lines that handle local account authentication in https://github.com/apple/ccs-calendarserver Changes in Ventura security requirements, e.g. I may have to change to TLS settings in the nginx proxy than handles calls to ccs-calendarserver: https://github.com/macports/macports-ports/blob/master/net/calendar-contacts... Where to find the macOS-level authentication error logs
Thanks much!
I resolved this by using XML file-based authentication per https://www.calendarserver.org/QuickStart.html, and now have ccs-calendarserver running on macOS Ventura.
On Jan 1, 2023, at 12:32 PM, Steven Smith <steve.t.smith@gmail.com> wrote:
This issue is the disappearance of OpenDirectory because macOS Server is gone.
Any advice on how to reconfigure using local authentication with the local directory, hopefully using the same principals? I have exports and backups of everything.
2023-01-01T12:08:36-0500 [directoryproxy] [twext.who.opendirectory._service.DirectoryRecord#error] Digest auth for user ‘username' failed with code 5100 (Error Domain=com.apple.OpenDirectory Code=5100 "Could not verify credentials because directory server does not support the requested authentication method." UserInfo={NSLocalizedDescription=Could not verify credentials because directory server does not support the requested authentication method., NSLocalizedFailureReason=Could not verify credentials because directory server does not support the requested authentication method.});
I see that authentication in calendarserver.plist is reconfigurable:
<!-- Directory service
A directory service provides information about principals (eg. users, groups, locations and resources) to the server.
A variety of directory services are available for use. -->
<!-- Open Directory Service (Mac OS X) --> <key>DirectoryService</key> <dict> <key>type</key> <string>opendirectory</string>
On Jan 1, 2023, at 9:12 AM, Steven Smith <steve.t.smith@gmail.com> wrote:
I just migrated my server to Ventura, including a still-going-strong instance of ccs-calendarserver with APNS.
All went smoothly, except for the issue that ccs-calendarserver is under Ventura is rejecting authentication to local accounts.
I am confident that this is a new issue with macOS Ventura authentication and the ccs-calendarserver code base because all other authentications (a mail server with dovecot+postfix, etc.) work as previously under macOS 12.
I’d appreciate any pointers to troubleshoot or fix this issue: Code lines that handle local account authentication in https://github.com/apple/ccs-calendarserver Changes in Ventura security requirements, e.g. I may have to change to TLS settings in the nginx proxy than handles calls to ccs-calendarserver: https://github.com/macports/macports-ports/blob/master/net/calendar-contacts... Where to find the macOS-level authentication error logs
Thanks much!
participants (1)
-
Steven Smith