Skip navigation
This discussion is archived

Unable to login @ login window with Active Directory User

59195 Views 36 Replies Latest reply: Feb 25, 2010 12:56 AM by LMHKI RSS
  • Jason_Scott Level 1 Level 1 (5 points)
    That mostly worked with one change to createhomedir command.

    d /System/Library/CoreServices/ManagedClient.app/Contents/Resources/

    then do:

    sudo ./createmobileaccount -n username

    then

    sudo createhomedir -c -u username

    I'm going to try and log in now. Thanks!
    Numerous, Mac OS X (10.5), Mac sys admin
  • _JB_ Level 1 Level 1 (0 points)
    Worked a treat ben_6073, thanks.
    Mac Pro, Mac OS X (10.6)
  • Node927 Level 1 Level 1 (5 points)
    Hello Everyone:

    I just wanted to clarify to everyone that is having issues with AD and login in. I currently Login into AD under a single domain with multiple forests. I have no issue what so ever using Tiger, Leopard, Snow Leopard.
    <---Note: Setup a new network profile---><---Call it HOME, WORK, SCHOOL, etc.----->
    <---Note2: Do not rely on Automatic for all your directory auth. needs---->
    <---Note2b: If your current network config is on automatic with no entries, you'll never auth. against the directory server. and the status of your domain will be marked "red" or the multiple settings will be marked "red"

    *Imperative to have: Make sure your DNS address in your network configuration is pointing to your DC, and the other DNS address for your internet.

    *You should be good from here.*

    There is no need to mod any core services!!!!!!

    <----you you read this and if you need help, I'll be more than happy to help---->

    APPL I see you have no problem, caused your pointed to your DC using the correct DNS settings.
    MBA, MACMINI, IMAC,Xserve,, Mac OS X (10.6), AD, OD, LDAP, EXCHANGE, VMWARE, XP, VISTA, 7
  • A A P L Level 7 Level 7 (21,730 points)
    I would have to agree, Node927.
    No issues whatsoever here.

    Scott
     MBP  Mac Pro  Touch  3G iPhone , Mac OS X (10.6),  AAA™ 
  • trite1 Calculating status...
    The command lines used above are exactly what I am using to get around this. Unfortunately we won't be able to deploy Snow Leopard until this mobile account problem is fixed, although there should be a fix by the time we've finished ironing out exactly what else we need to do to manage machines with 10.6 installed.

    Just wanted to add one more thing. I love that Snow Leopard will warn you that your Active Directory password will soon expire, but this feature doesn't seem to work when using mobile accounts. I'm hoping that when the login problem is fixed that this will also be fixed, but please retain this functionality with mobile accounts as well.
    Mac OS X (10.6)
  • lundejd Level 1 Level 1 (0 points)
    We seem to be experiencing slightly different results. Existing local users cannot log into AD. (get the shake as if password is wrong) Newly created AD accounts can log into AD.

    (both with the mobile account creation turned off)

    The userid in AD is the same as the local mac userid. Is this creating some new kind of conflict perhaps?
    Macbook, Mac OS X (10.6)
  • mrbofus Level 1 Level 1 (5 points)
    When I try the first command, it says, "command not found", but if I make it executable after browsing to the directory, it works.

    However, I have a question; if I wanted to keep the home directory local to the computer, do I need to run the second "createhomedir" command for things to function properly? Just running the first command to create the mobile account has allowed me to log in with an AD account and the local home directory is there.
    Mac OS X (10.6)
  • aliasdp Calculating status...
    I had the same issue of not being able to login to a mobile AD account

    I was able to though if I did one of the below.
    1. Set AD account to have a blank local path for the home folder.
    2. Snow Leopard > directory utilty > AD > Advanced options > tick UNC path from AF to derive network home location. Also change Network protocol to smb.
    3. Or do the command line mobile user creation as previously stated in post.
    Mac, Mac OS X (10.6.1), Mac
  • Peter-Erik Calculating status...
    Question to All.

    Ends your Active Directory Domain name on .local? (example company-name.local)
    Mac OS X (10.5.7)
  • Martin van Diemen Level 1 Level 1 (5 points)
    Hi,

    On September 21, 2009 Apple has added this document to their knowledge base:
    http://support.apple.com/kb/TS3019

    "Resolution
    As a workaround:

    Remove the Home folder path specified in Active Directory for the user.
    Log in to the Mac OS X v10.6 client.
    Create the mobile account when prompted.
    Specify the home folder path in Active Directory for the user.
    The user should now be able to log in to the Mac OS X v10.6 client."

    This is ridicules! This worked in 10.3, 10.4 and 10.5 so why won't this work for 10.6.
  • angelamozart Calculating status...
    This workaround is definitely helpful, but it is only taking me part of the way there because the mobileaccount that gets created seems to be only half-baked in that the GID doesn't stick. This triggers hash mismatch errors which I can only cure by resetting the GID which allows me to get in once but the user environment never works properly. The mobibleaccount user cannot even re-set the background image even though I have given that person and the groups the person is in administrative access to the computer.

    Any suggestions? I sure wish that Apple would fix this. I tried all the other workarounds, but yours is the only one that at least started to allow me to progress.

    Thanks so much,

    Angela
    Macbook Pro, Mac OS X (10.6.1)
  • Andrew Cousins Calculating status...
    Anyone happen to see this issue even with "Create mobile account at login" and "Force local home directory on startup disk" unchecked? I have been able to create mobile accounts manually as noted by ben6073 and successfully login, but with the sheer amount of users that will be logging into to the 3 machines that I have this issues with, its very inefficient to do for every user. Also worth noting, I also get the errors stating that "Could not get the user record for 'user' from Directory Services". Finally, removing the home directory path in the AD profile didn't work for me here. I'm also going to post a new topic as well. Thoughts?
    15" MacBook Pro, Mac OS X (10.6.1), 2.4 Ghz Intel Core 2 Duo, 2GB DDR3 1033 RAM
  • re-Barr Calculating status...
    My experience was that I could originally bind to the AD. Then I could immediately logoff and logon as the AD user. But I could do nothing. And on reboot I could not logon anymore as that user. And I would no longer have connection to the domain. I would have to unbind and then rebind to logon again but still no network access.

    I did get it to work eventually by binding, logging on as the AD user then logging off and logging on as the local admin. Then run the below in terminal and I was able to correctly logon to the domain and access network resources.

    cd /System/Library/CoreServices/ManagedClient.app/Contents/Resources/
    then do:
    sudo ./createmobileaccount -n username
    then
    sudo createhomedir -c -u username

    For the curious, yes our domain ends in .local. I didn't set it up this way I just maintain it. And the mobile accounts were turned off in the directory utility.

    I will look deeper at node927's suggestion if I ever decide to upgrade our other mac to 10.6.
    Mac OS X (10.6.1)
  • angelamozart Level 1 Level 1 (0 points)
    Good morning,

    I finally had a chance to try your workaround, and the commands you provided do the trick.

    Is there anything that can be done to get Apple to incorporate a fix into 10.6.2 or 10.6.3? Why is it necessary to resort to a workaround? It seems to me that Snow Leopard is a tremendous improvement as far as binding is concerned and that they are very, very close to getting AD login to work correctly if mobileaccount creation were to be fixed.

    Thank you very much!

    Angela
    Macbook Pro, Mac OS X (10.6.1)

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.