Unable to Login to Network Accounts

Question

Level 1

8 points

Unable to Login to Network Accounts

This issue has been frequently happening since 10.6.4.

Our issue consists of not being able to login to our network accounts through active directory. The machines we are generally using are iMac's with 10.6.5 and 10.6.6. Their is no rhyme or reason to why this happens. The computer will show that network accounts are available, and yet still not allow our users to login to the computer. We have attempted to unbind and rebind the machines to the domain. So far no luck as to a resolution. Currently our fix is to re-image the machine. Unfortunately this fix is a time constraint for it puts a user out of a machine for 30-45 minutes and causes us to have to shuffle data around. Their is no errors in the logs.

When attempting to re-bind the machine it says invalid username combination. Have tried removing the computer from the AD's computer listing, then attempting to re-bind with no results. Have also tried simple restarts after unbinding.

Some background to our environment is, we have windows server 2008 R2 which our users authenticate to. We also have an ODM that controls the Macs with what they can and cant do.

Please, if you have any information on any fixes to this issue, please respond ASAP.

Any questions about the situation please ask.

Message was edited by: SuperMaxSly

iMac, Mac OS X (10.6.6), Active Directory Environment

Posted on Feb 1, 2011 10:11 AM

Reply

Answer 1

Top-ranking reply

ForestKev

Level 1

4 points

May 4, 2011 10:41 AM in response to SuperMaxSly

I'm having sort of the same issue. The difference is if I log into one of our macbooks as the local admin, then log out without doing anything, I can log in as the AD users until the macbook is restarted. After restarting, the login screen will just shake at me. I am not using mobile accounts, and unchecked the force local home option because I was hoping to have their home folders on the server. The macbooks bind successfully, the macbook is put into the default "computers" OU, so I'm not sure what Kungfumonkey is talking about having to add them. He mentions gpedit.msc, well, the macs won't be bothered with Group Policy without tweaking the AD schema or using third party solution. I can use the id command in terminal with the AD username and see the correct information as to what groups the user is in. I'm open to ideas if anyone has them. Thanks!

Reply

Answer 2

Feb 1, 2011 6:46 PM in response to SuperMaxSly

Check under the mac's System Preferences > Accounts > Login Options and make sure it's on the right domain. Check the server (ask the system admin) and make sure those macs are added properly. It's the server's problem, not the macs. I had to do this at a previous job so your system admin should know how to add a user. All the mac does is authenticate via the Login Options under System Preferences > Accounts.

Reply

Answer 3

Feb 3, 2011 5:19 PM in response to SuperMaxSly

I'm just saying, because this problem is not with the Apple computers, even though re-imaging it makes it temporarily add to the domain... you should ask your System Administrator to read up on Active Directory... get the Active Directory Cookbook, it's a pretty good resource. I was a temp Sys Admin and I remember doing this before. I specifically remember this problem too. It is because your SysAdmin has not set up your Domain Controller properly. You need to add these computers just like any other PC to the forest. I can't remember how to do it any more I did this in 2003. On the Domain Controller: gpedit or some other .msc should point you in the right direction.

Reply

Answer 4

SuperMaxSly Author

Level 1

8 points

Feb 3, 2011 4:43 PM in response to kungfumonkey

The 750 iMacs we have on our domain are joined to the correct domain. They are added properly. The issue arises when 2-5 macs in a week will randomly stop communicating with the domain. Shows that the network accounts are available with the green dot. I login locally as an admin and it shows the domain is connected. When i attempt to login to the domain account it immediately shakes at me. The accounts password is not wrong nor is the account name. I can fix this issue by re-imaging the machine from our xServ basically wiping the machine. But its not a good resolution.

Reply

Answer 5

SuperMaxSly Author

Level 1

8 points

Feb 3, 2011 4:47 PM in response to SuperMaxSly

Previously our fix was to unbind and rebind the machine to the domain. This used to work. When we attempt to perform this task after 10.5 and 10.6 it just tells us our user name or password is incorrect for joining the machine to the domain. Which I can guarantee it isn't that.

Reply

Answer 6

SuperMaxSly Author

Level 1

8 points

Feb 4, 2011 8:09 AM in response to kungfumonkey

K Thanks for the information, I will investigate it some more. If you find any more specific information please let me know. I will repost if I solve the issue.

Reply

Answer 7

Mar 29, 2011 4:18 PM in response to SuperMaxSly

Hey guys, where you able to find any fix for this as of yet?

Reply

Answer 8

Apr 6, 2011 11:49 AM in response to support@aseit.net

Just a quick little thought. Are your Apple systems using the same network time server as the AD machine? When the time times between the server and the client get out of sync, strange things can happen. (I presume you have the Apples to set time automatically.)

Reply

Answer 9

Apr 29, 2011 4:35 AM in response to Joe Pyrdek

I have the exact same problem.

Only on one MBP with Osx 10.6.7 I cant login with network user to windows domain.

The account is mobile and if i disconnect network the user is able to login.

I have done this:

unchecked mobile user

disconnected computer from domain and joined again.

tried with manual ip settings.

done a new installation of os over the old installation.

Nothing works.

Please help me out

/Thomas

thomasevertsson@gmail.com

Reply