locked out of mac with a logged in AD account

Question

locked out of mac with a logged in AD account

OK after pulling hair out fixing my login to AD account after installing SL. I finally got it working, deleting all the DS files and binding again. So it worked for a week. My computer regularly goes to account lock out mode with a screen saver. The latest attempt for me to get back into my running AD account has failed. We have 185 Mac users using AD on Leopard and a small group on Tiger. What is is going on with Directory Services? I really don't want to reboot because my running locked out AD account has running apps. Any way to fix it? I've looked at unbinding and rebinding. Local admin account is a saving grace. ***

Mac OS X (10.6.1)

Posted on Oct 16, 2009 12:03 PM

Reply

Answer 1

Oct 16, 2009 12:12 PM in response to Michael Pitogo

Did an unbind now I get. It was bound the FQDN before.

An invalid Domain and Forest combination was specified. You should enter a fully qualified DNS name for the domain and forest (e.g., ads.company.com).

Reply

Answer 2

Oct 16, 2009 12:37 PM in response to Michael Pitogo

platinum:~ admin$ sudo rm -rdfv /var/db/dslocal/nodes/Default/config
/var/db/dslocal/nodes/Default/config/AD DS PlugIn.plist
/var/db/dslocal/nodes/Default/config/SharePoints.plist
/var/db/dslocal/nodes/Default/config
platinum:~ admin$ sudo rm -rdfv /Library/Preferences/DirectoryService/
/Library/Preferences/DirectoryService//.DSIsRunning
/Library/Preferences/DirectoryService//ActiveDirectory.plist
/Library/Preferences/DirectoryService//ActiveDirectoryDomainCache.plist
/Library/Preferences/DirectoryService//ActiveDirectoryDomainPolicies.plist
/Library/Preferences/DirectoryService//ActiveDirectoryDynamicData.plist
/Library/Preferences/DirectoryService//ContactsNodeConfig.plist
/Library/Preferences/DirectoryService//ContactsNodeConfigBackup.plist
/Library/Preferences/DirectoryService//DirectoryService.plist
/Library/Preferences/DirectoryService//DirectoryServiceDebug.plist
/Library/Preferences/DirectoryService//DSLDAPv3PlugInConfig.plist
/Library/Preferences/DirectoryService//DSRecordTypeRestrictions.plist
/Library/Preferences/DirectoryService//SearchNodeConfig.plist
/Library/Preferences/DirectoryService//SearchNodeConfigBackup.plist
/Library/Preferences/DirectoryService/
platinum:~ admin$ sudo killall -USR1 DirectoryService
platinum:~ admin$ dsconfigad -a platinum -u "eurorscg\mpitogo" -ou "CN=Computers,DC=EURORSCG,DC=COM" -domain eurorscg.com
admin's Password:
Network Password:
Error: An invalid Domain was specified. You should enter a fully qualified DNS name for the domain (e.g., ads.company.com).
platinum:~ admin$ nslookup eurorscg.com
Server: 10.160.2.10
Address: 10.160.2.10#53

Name: eurorscg.com
Address: 10.85.1.8
Name: eurorscg.com
Address: 10.160.10.21
Name: eurorscg.com
Address: 10.160.2.10

platinum:~ admin$

Reply

Answer 3

Feb 24, 2011 9:04 AM in response to Michael Pitogo

issue was home folder URI was checked

Reply