This discussion is archived
59193 Views 36 Replies Latest reply: Feb 25, 2010 12:56 AM by LMHKI
Currently Being ModeratedAug 28, 2009 1:59 PM (in response to Ken_Edgar)I am having the exact same problem. Have you found a solution?iMac, Mac OS X (10.6)
Currently Being ModeratedAug 28, 2009 2:06 PM (in response to MSL-ITmanager)No solution yet... I'm hoping someone from Apple reads this and has a solution. I wouldn't think they would deploy SL without first testing the AD plug-in functionality. However I know I'm not doing anything wrong as I've been binding machines to the same AD directory for a long time now.
I also checked my ntp settings to make sure everything was within sync... and I had a dash in my hostname which I think I remember reading one time that that's bad. I unbound, removed the dash, and rebound with the same results.
I find it interesting that I can su to my ad account just fine, and if I type "id someusername" I get account info returned to me. Using DSCL I'm able to get information back perfectly. Something with loginwindow that doesn't want to work with the AD plug-in I'm assuming.
Message was edited by: Ken_EdgarMixed environment
Currently Being ModeratedAug 29, 2009 9:26 AM (in response to Ken_Edgar)Is anyone else out there trying to bind to Active directory... I'm interested to hear if it is working or not for you. On Monday I'll have to see if I can get a Kerb TGT or not.
Currently Being ModeratedAug 30, 2009 11:29 PM (in response to Ken_Edgar)I've got the exact same problem.
When I try to login with my AD account I get the error message "No home directory:".
If you're at the login screen type in as username >console and hit enter (twice). Try to login with your AD account. You can also do this by opening a Terminal window.
Currently Being ModeratedAug 31, 2009 12:07 AM (in response to Ken_Edgar)I have pretty well the same problem. The machine was already bound to AD prior to upgrade. After could not login on with my account (jball). Can log on with other accounts from the same domain (we only have one AD domain). Can also su to jball in a terminal session. Can't access network resources with jball when I try to connect to a windows server through the finder, instantly comes up with bad username or password, doesn't even think about it.
I have removed any copies of the home folder under either /Users or /Domain as I have had problems with that before. Have repaired permissions and unbind and bind the machine to AD. Have been at this all day now and no closer. Get these error messages in console:
31/08/09 4:49:27 PM SecurityAgent Could not get the user record for 'jball@domainname' from Directory Services
31/08/09 4:49:27 PM SecurityAgent User info context values set for jball@domainname
31/08/09 4:49:27 PM SecurityAgent unknown-user (jball@domainname) login attempt PASSED for auditingMac Pro, Mac OS X (10.6)
Currently Being ModeratedAug 31, 2009 6:39 AM (in response to _JB_)I have found that I can get a kerberos tgt if I first login as a local user, su to an active directory account, then use kinit. I will try logging in as a network user this morning again and look at the logs to see if the same types of entries JB wrote about show up.Mixed environment
Currently Being ModeratedAug 31, 2009 8:14 AM (in response to Ken_Edgar)I am also having this same issue.
The Mac binds fine. The computer account is created fine in AD. I can see users and groups in the new "Allow Network Users to log in..." screen. But no matter what I can't authenticate. The log in screen just shakes it off.
Has anyone been able to successfully log into AD?15" MacBook Pro, Mac OS X (10.6)
Currently Being ModeratedAug 31, 2009 11:45 AM (in response to ben6073)Update:
I was able to get logged in using my AD credentials. I found this:
And followed these instructions specifically:
by running the following commands-
createmobileaccount -n username
sudo createhomedir -c -u username
So it seems for me the issue was not that is wouldn't take my credentials, but that it didn't want to create the home directory.
Anyways, I think it is a bug, but this is a decent work around.
-Ben15" MacBook Pro, Mac OS X (10.6)
Currently Being ModeratedAug 31, 2009 11:47 AM (in response to Ken_Edgar)Are mobile accounts enabled?
I can log in with AD accounts as long as mobile accounts aren't enabled. After that, forget it.
Currently Being ModeratedAug 31, 2009 11:55 AM (in response to ben6073)This works! So we have figured out the why... I wonder when Apple will fix this.
Thanks Ben!Mixed environment
Currently Being ModeratedAug 31, 2009 12:00 PM (in response to Ken_Edgar)Using (have been using for months) with AD and no issues at all.
One thing I have seen twice is a lack of a Kerberos ticket after login, which seems impossible - so I have a bug report with Apple that I'm working on.
Functionally, it's been solid.
Do any of you also use an OD Master (Apple Xserve/XSAN)?
Were your Mac bindings new, or carry-overs from a Leopard install?
If a carry-over, did you try removing the objects from Active Roles before binding again?
Scott MBP Mac Pro Touch 3G iPhone , Mac OS X (10.6), AAA™
Currently Being ModeratedAug 31, 2009 12:37 PM (in response to ben6073)When I try the terminal commands I get a failure message that says "command not found" any thoughts?Numerous, Mac OS X (10.6), Mac sys admin
Currently Being ModeratedAug 31, 2009 12:47 PM (in response to ben6073)Thanks ben6073 for posting your solution. It worked for me as well.
I did a clean install of SL, joined the machine to the domain using Directory Utility. Restarted and when the other user option finally came up in the login screen it would just shake after entering my credentials. As if I was using the wrong password. I then logged in with the local admin account and using the Directory Utility disabled the mobile account option. I then restarted and was able to log in using my credentials.
MOBILE ACCOUNTS ARE BROKEN!!! At least for Active directory.
Thanks ben6073 for the link to a fix.
Message was edited by: Greg Plassmeyer1MacBook Pro, Mac OS X (10.6), raw install not an upgrade
Currently Being ModeratedAug 31, 2009 12:50 PM (in response to Jason_Scott)I think your issue may be that you need to make them executable. Try doing this:
sudo ./createmobileaccount -n username
sudo ./sudo createhomedir -c -u username
the ./ makes the script executable.15" MacBook Pro, Mac OS X (10.6)