Skip navigation
This discussion is archived

Unable to login @ login window with Active Directory User

59156 Views 36 Replies Latest reply: Feb 25, 2010 12:56 AM by LMHKI RSS
1 2 3 Previous Next
Ken_Edgar Calculating status...
Currently Being Moderated
Aug 28, 2009 1:16 PM
I successfully bound my test machine to Active Directory and can search using dscl and id. I can also su to my active directory user account an authenticate perfectly. All search bases are correct and everything else looks fine.

When I attempt to login from the login window as an AD user, the window shakes. Clicking under Mac OS X shows that "Network Accounts Available". Looks like the CLI tool "dirt" is now gone as well, although insecure it would possibly show something here.

Anyone else having issues after binding to AD? I bound using the Directory Utility gui... I have not tried using my leopard bind script yet.

Thanks,
Ken
Mixed environment, Mac OS X (10.6)
  • MSL-ITmanager Calculating status...
    I am having the exact same problem. Have you found a solution?
    iMac, Mac OS X (10.6)
  • Martin van Diemen Calculating status...
    I've got the exact same problem.

    When I try to login with my AD account I get the error message "No home directory:".

    If you're at the login screen type in as username >console and hit enter (twice). Try to login with your AD account. You can also do this by opening a Terminal window.
  • _JB_ Calculating status...
    I have pretty well the same problem. The machine was already bound to AD prior to upgrade. After could not login on with my account (jball). Can log on with other accounts from the same domain (we only have one AD domain). Can also su to jball in a terminal session. Can't access network resources with jball when I try to connect to a windows server through the finder, instantly comes up with bad username or password, doesn't even think about it.

    I have removed any copies of the home folder under either /Users or /Domain as I have had problems with that before. Have repaired permissions and unbind and bind the machine to AD. Have been at this all day now and no closer. Get these error messages in console:

    31/08/09 4:49:27 PM SecurityAgent[666] Could not get the user record for 'jball@domainname' from Directory Services

    31/08/09 4:49:27 PM SecurityAgent[666] User info context values set for jball@domainname

    31/08/09 4:49:27 PM SecurityAgent[666] unknown-user (jball@domainname) login attempt PASSED for auditing
    Mac Pro, Mac OS X (10.6)
  • ben6073 Calculating status...
    I am also having this same issue.

    The Mac binds fine. The computer account is created fine in AD. I can see users and groups in the new "Allow Network Users to log in..." screen. But no matter what I can't authenticate. The log in screen just shakes it off.

    Has anyone been able to successfully log into AD?
    15" MacBook Pro, Mac OS X (10.6)
  • ben6073 Level 1 Level 1 (5 points)
    Update:

    I was able to get logged in using my AD credentials. I found this:

    http://groups.google.com/group/macenterprise/browse_thread/thread/2c2502b08bb84c 7a?pli=1

    And followed these instructions specifically:

    by running the following commands-

    sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/
    createmobileaccount -n username
    sudo createhomedir -c -u username

    So it seems for me the issue was not that is wouldn't take my credentials, but that it didn't want to create the home directory.

    Anyways, I think it is a bug, but this is a decent work around.

    -Ben
    15" MacBook Pro, Mac OS X (10.6)
  • Joe Swenson Calculating status...
    Are mobile accounts enabled?
    I can log in with AD accounts as long as mobile accounts aren't enabled. After that, forget it.
  • A A P L Level 7 Level 7 (21,730 points)
    Using (have been using for months) with AD and no issues at all.
    One thing I have seen twice is a lack of a Kerberos ticket after login, which seems impossible - so I have a bug report with Apple that I'm working on.
    Functionally, it's been solid.
    Do any of you also use an OD Master (Apple Xserve/XSAN)?
    Were your Mac bindings new, or carry-overs from a Leopard install?
    If a carry-over, did you try removing the objects from Active Roles before binding again?

    Scott
     MBP  Mac Pro  Touch  3G iPhone , Mac OS X (10.6),  AAA™ 
  • Jason_Scott Calculating status...
    When I try the terminal commands I get a failure message that says "command not found" any thoughts?
    Numerous, Mac OS X (10.6), Mac sys admin
  • Greg Plassmeyer1 Calculating status...
    Thanks ben6073 for posting your solution. It worked for me as well.

    I did a clean install of SL, joined the machine to the domain using Directory Utility. Restarted and when the other user option finally came up in the login screen it would just shake after entering my credentials. As if I was using the wrong password. I then logged in with the local admin account and using the Directory Utility disabled the mobile account option. I then restarted and was able to log in using my credentials.

    MOBILE ACCOUNTS ARE BROKEN!!! At least for Active directory.

    Thanks ben6073 for the link to a fix.

    G

    Message was edited by: Greg Plassmeyer1
    MacBook Pro, Mac OS X (10.6), raw install not an upgrade
  • ben6073 Level 1 Level 1 (5 points)
    I think your issue may be that you need to make them executable. Try doing this:

    cd /System/Library/CoreServices/ManagedClient.app/Contents/Resources/

    then do:

    sudo ./createmobileaccount -n username

    then

    sudo ./sudo createhomedir -c -u username

    the ./ makes the script executable.
    15" MacBook Pro, Mac OS X (10.6)
1 2 3 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.