4 Replies Latest reply: Nov 29, 2012 1:57 AM by Philboufr
Slimkalim Level 1 Level 1 (0 points)

I am able to authenticate Lion against active directory and LDAP.  Now when I disconnect from the network, I am unable to login to my network account and I don't even get the to the account named" Other".  I would like to be able to use my network account even if I am not connected to the network.  Just like in Windows.  Does anyone know how the fix for this?  Thamnk you!


MacBook Pro, Mac OS X (10.7.3), Windows 2003 Server
  • 1. Re: How can I login to Lion with cached credentials
    gracoat Level 3 Level 3 (660 points)

    Talk your netowrk guy into setting up a mobile account for you.

     

    >>wince<<  If he doesn't have a Mac Server set up, you might be out of luck.

     

    If he does have a mac server...

     

    In Workgroup Manager, select your username in the list of users.

    Click the Preferences button.

    Click the Mobility button.

    Turn it on using your desired settings.

     

    HTH.

    -Graham

  • 2. Re: How can I login to Lion with cached credentials
    Slimkalim Level 1 Level 1 (0 points)

    Thanks for your responce.  What do you mean by a mobile account?  We do not have a Mac Server that we use to authenticate.   We use Windows 2003 server, AD, and LDAP. 

    I am able to authenticate against AD and LDAP but would like, just like in Windows, be able to login to my account using cached account credentials when I am on the train going back home..

     

    Thanks,

  • 3. Re: How can I login to Lion with cached credentials
    gracoat Level 3 Level 3 (660 points)

    It's complicated...  In a nutshell:

    Microsoft Server 2003 - present uses a system called active directory.

    On a windows computer, you have what are called Roaming Profiles. 

    Your entire User Profile is loaded onto the computer when you log in.  This includes everything in all your personal folders on the network.  Including your password credentials.

     

    Your Mac, when it connects to Active Directory, checks the password every time you log in against the server.

    If you're not connected to the same network as your server, then the password will fail preventing you from logging in.

     

    Mac OS X Server uses a system called Open Directory.

    It's a different system that allows for the functionality of the "Roaming Profiles", called "Moble Network Accounts" on OS X Server. 

     

    Long story short, you're out of luck unless you have a mac server managing the Mobile Network Accounts for the Mac Users.

     

    Apple woulld love to offer Active Directory features on Mac, but since MS owns it (it's not open source) they won't allow licensing of that server system to other competing companies.

  • 4. Re: How can I login to Lion with cached credentials
    Philboufr Level 1 Level 1 (0 points)

    Hi

     

    Part of what you say here is correct, but not all.

     

    On a Mac running Mountain Lion (and I believe earlier), you can have the system create a 'Mobile Account' for any user account, including a Network Managed account. A Domain Account from a Windows Domain Controller can be just as easily created as a Mobile Account from the individual Mac PCs that might be connected.

     

    When binding the Mac machine to the Windows AD domain, an option is available to allow creation of Mobile accounts. This should be ticked on, preferably with the option to prompt for the creation of mobile accounts as well. Once this is set correctly, when you login to the machine with your domain account for the first time, you will be prompted to create a mobile account. If you do, the account details are cached, and you will be able to logon to the Mac remotely (and not connected) using the domain account.

     

    As your your discussion on "Roaming Profiles", not everyone in a Windows AD world using Roaming Profiles (we certainly dont as we are a relatively small company), so you cant assume everyone does this. Most small companies (at least) dont enable roaming profiles