Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Question:

Question: User Login(s) / Account gone - BUG - thread overview - summary - solutions?

Hello everyone...

Time to open a new thread... Seems there is a serious bug going on since a while with 10.6 randomly, hit me saturday. After working late switched off my iMac and next morning all my user accounts were gone, not able to login with my account... instead I got a "other" account.

Took me a day to get that fixed. Thanks Apple!

Same problems here:

http://discussions.apple.com/thread.jspa?threadID=2750969&tstart=0

http://discussions.apple.com/thread.jspa?messageID=13050110&#13050110

http://discussions.apple.com/thread.jspa?threadID=2747165&tstart=0

http://discussions.apple.com/thread.jspa?messageID=12880505&#12880505

http://discussions.apple.com/thread.jspa?messageID=12932314&#12932314

http://discussions.apple.com/thread.jspa?messageID=12754295&#12754295

http://discussions.apple.com/thread.jspa?messageID=12802769&#12802769

http://discussions.apple.com/thread.jspa?messageID=12640182&#12640182

http://discussions.apple.com/thread.jspa?messageID=12836318&#12836318

http://discussions.apple.com/thread.jspa?messageID=12840608&#12840608

http://discussions.apple.com/thread.jspa?messageID=12726662&#12726662

This one has a interesting solution from user Illude

http://discussions.apple.com/thread.jspa?threadID=2644133&tstart=0

This one's from cNet:

http://forums.cnet.com/7723-6126_102-505918.html

There are quite some possible solutions (from threads) that seem to help, here are some of the popular ones:

SOLUTION 1:

1 - boot up using your SL disk.
2 - select 'change password'
3 - reset the root password
4 - restart the mac from the system drive
5 - log in as root
6 - open system preferences
7 - create an account with the SAME FULL NAME and ACCOUNT NAME as your 'lost' account
8 - you will be prompted that "a folder with said name already exists - would you like to use the existing folder?" - SELECT OK
9 - log out of root
10- log into your account

SOLUTION 2 for those without TM backup:

Material needed: Snow Leopard DVD

1. Boot from DVD: restart at log in menu you're stuck in. Otherwise hard restart. Press "C" while booting.
2. Change password: in my case only System Administrator (root) and guest appeared. Change the password on System administrator.
3. log in as "System Administrator" with your new password.
4. Check to see if the folder with your user name is still there under "User"
5. Go to System Preference>Account>add account: Set same account name. That will link the new user account with old username account folder. You can also adjust the login window option. For now I checked automatic log in.
6. Restart. You should be able to log in to your old account.

SOLUTION 3 with TERMINAL (from illude - thanks!):

... I had this exact problem. I installed the 10.6.5 update and when I finally rebooted several days later, all non-system users on my machine were deleted. Only "Other" showed up in the login screen. While the users were removed from the Directory Services, their data was still intact though, as their home directories in /Users were unchanged. This is of course a big relief...

After reading this thread and the pages mentioned here, I came up with the following solution. Please replace "username" with the short (Unix) name of your user account (i.e. the one without spaces).

1. Start the computer in Single-User Mode, by holding down Command+S as it boots up. You end up in a terminal as the root user.

2. As suggested on the screen, do the following to check and mount your filesystem:

/sbin/fsck -fy
/sbin/mount -uw /

3. Find out which accounts have been deleted (here I assume 'username' is one of them):

defaults read /Library/Preferences/com.apple.preferences.accounts

4. Convince yourself that the user data is still safe:

ls /Users/username

5. I noticed that the 10.6.5 update made backups of the Directory Services and shadow passwords in /private/var/db as the xar archives 'dslocal-backup.xar' and 'shadow-backup.xar', respectively. If you also have these files, you are in luck! Restore the settings for each deleted user, as well as all shadow passwords, as follows:

cd /private/var/db
xar -xf dslocal-backup.xar dslocal/nodes/Default/users/username.plist
xar -xf shadow-backup.xar

6. For good measure, remove the record of deleted users (not sure if this is necessary, but seemed like a good idea at the time):

rm /Library/Preferences/com.apple.preferences.accounts.plist

7. Restart the computer:

shutdown -r now

I restored the settings for all deleted users in Step 5, and everyone was back after the reboot. The great thing is that all settings are restored the way they were, including the password, user GUID (which should prevent Time Machine from redoing a full backup as mentioned in this thread) and the login picture (which was stored in the JPEGPhoto field in the plist file and would have been lost otherwise).

Of course, this solution might not apply to your specific problem, so please take care when you tamper with system settings via Single-User Mode.

SOLUTION 4 using a TimeMachine Backup:

If you have a backup with time machine, reinstall with original OSX DVD.

For that type "C" when booting and hold until system boots from DVD.

Go trough necessary steps, then when asked if you want to restore from a TimeMachine Backup, do so. Will take some hours depending on how big your TM backup is and what kind of interface you use (GBit Network, USB, Firewire etc).

After that your system should be restored. However you proably have to update back again to the latest OSX update you were using with that TM backup, as OSX Mail will crash if it doesn't have that exact update environment. Example: your TM backup was done with 10.6.6., mail will crash often if you restore to 10.6.5...

ATTENTION: there may be some side effects after a restore regarding external volumes, they could be locked out as your old user settings are gone...

After restore I could not access two external drives on my system,

1) a firewire 2TB Lacie drive that was "locked". I did not have the rights to access it, and CTRL+I and setting the permissions did not work. permissions were not stored. The OSX Harddisk tool also did not work because the "owner" of that drive could not be set.

Solution: A tiny app called "BatChmod" saved the day, it allowed me "unlock" the permissions of that drive, without being a Unix superfreak knowing all the tweaks.

http://www.macchampion.com/arbysoft/BatchMod/Download.html

2) I could not access my TimeCapsule TM after restore to refresh the backup. Quite interesting because my system just had restored from that drive. The TimeMachine Volume was locked with that little "lock" symbol left of the volume symbol. CTRL+I and setting permissions did not work too... Within OSX Harddisk Tool a TimeCapsule does not show up so you can't fix permissions there either...

Solution: With Airports TimeCapsule Manual Settings there is a option to delete the volume or folders on it. deleted the sparsebundle and voila the TC could be used again.

---------

If there are any other solutions that worked out for you to recover from lost logins/accounts, please post them here, and do not forget to notify apple about that bug at

http://www.apple.com/feedback/macosx.html

so that it hopefully finally get's fixed with 10.6.7... it seems to be around since 10.5..., emerged again with 10.6 SL, and now came back with 10.6.6. so that should have been quite a long time to fix it.

Thx
Chris

Message was edited by: vertrider

Message was edited by: vertrider

MacBookPro 17", iMac 27" Dual Screen (24" CinemaLED), Mac OS X (10.6.2), 2 TimeMachines, 4GS, iOS4.0, QNAP TS-439 Pro Turbo NAS, Lacie 2Big, AirPortExpr

Posted on

Reply

Page content loaded

Apr 22, 2011 12:27 PM in response to vertrider In response to vertrider

this symptom caught me by surprise just the other day - luckily I had the root account enabled, which is not the default. With the root account enabled, and an available Time Machine backup, recovery is really simple, straightforward and quick.


For my situation, which may not be identical with those for all who may read this thread, the plist files which define for DirectoryService the users I have created, including my admin accounts, and the password hash files were deleted.


if the root account is not enabled on your system, then I suppose you will have to go through either booting in Single User mode or from a System Install disk that will let you run the Terminal application. However it is done, once you have the ability to write to the database directories, and access to a Time Machine backup, the recovery process is thus:



Step 1. Verify that the user account home directories still exist, both for peace of mind and to determine whether this recovery method is appropriate for your situation.


ls -l /Users/


This should show account directories for all the users you have created in the past. If not, then a restore of the user directories from a Time Machine backup, as well as the user DirectoryService files is indicated. And, I would propose that the cause of your particular difficulties is other than most in this thread have experienced.


also, just for fun, open the Accounts Preference Pane in the System Preferences, and see that none of your user accounts are listed. What I found interesting is that the groups that I had created were still defined, it was just the user accounts that were deleted.



Step 2. now, for the meat of the recovery. I recommend opening a pair of Terminal windows, one in which to look at the database directories, the other to look at the Time machine directories.


in the "database" window, change directory to the user accounts area. This is read-write-execute for root only, so if you are not able to cd to this directory, you'll need to wrap the commands in sudo.


cd /var/db/dslocal/nodes/Default/users/

ls -l


[non-root version of commands: cd /var/db/dslocal/nodes/; sudo ls -l Default/users/ ]


the result should show a number of plist files, with many system users starting with an underscore, and only a few others: daemon.plist, nobody.plist, root.plist



Step 3. in the "TimeMachine" window, change directory to the user accounts area from a recent backup, such as this one for my computer "Odin", backed up to TimeMachineDrive (this is a long path, not a two line entry):


cd /Volumes/TimeMachineDrive/Backups.backupdb/Odin/2011-04-20-002126/Odin/var/db/d slocal/nodes/Default/users/


then perform a directory listing:

ls -l


[non-root version of command is similar to that in Step 2, only need to get to the dslocal/nodes/ directory on the TimeMachine volume]


you should see all the same plist files as in Step 2, along with the additional user accounts definitions for those accounts you originally created.


to restore the definitions to your system, copy the missing plist files to the database directory used in Step 2. For a missing account file "test.plist", this would be:


cp -X test.plist /var/db/dslocal/nodes/Default/users/


[non-root version of command: sudo cp -X Default/users/test.plist /var/db/dslocal/nodes/Default/users/ ]


the command option "-X" keeps the extended attributes from being copied along with the file


do the same for each missing plist file.



Step 4. this step restarts DirectoryService, so it becomes aware of newly restored account definitions.


killall HUP DirectoryService


[non-root version: sudo killall HUP DirectoryService ]


note: DirectoryService will recognize the new accounts after a reboot, even without the killall command being issued. I just like to avoid unnecessary rebooting....


now comes the fun part - open up the Accounts Preference Pane in the System Preferences, or close and reopen if already open, and voila, the missing accounts should all be shown again! If you perform a listing of the /Users directory, you'll see the account names instead of UID numbers shown as owner of the account directories once again.


ls -l /Users/


Great! ready to go, right? Almost, but we have to fix the ability to log in for these accounts first, by restoring the shadow password hash files.


Step 5. to restore the hash files, we need to know which ones belong to which account, and which directories to restore from and to. So, in the 'database' window


cd /var/db/shadow/hash/

ls -l


[non-root version: cd /var/db/; sudo ls -l shadow/hash/ ]


in the "TimeMachine" window, assuming you are still in the var/db/dslocal/nodes/Default/users/ directory:


cd ../../../shadow/hash/

ls -l


[non-root version, assumes you are in the var/db/ directory: sudo ls -l shadow/hash/ ]


you should see a bunch of files with filenames consisting of uppercase letters, numbers, and dashes. To determine which file(s) belongs to which account, here is an example for the account "test":


dscl . -read /Users/test GeneratedUID


[non-root version: same as root version of command ]


result should look like:


GeneratedUID: E7FBADC6-CFCB-4B31-88F9-BB6BD1FAEB52


this long string identifies which hash file(s) belongs with the account "test"


from the "TimeMachine" window, copy the hash file back to the system location:


cp -X E7FBADC6-CFCB-4B31-88F9-BB6BD1FAEB52* /var/db/shadow/hash/


[non-root version, all on one line: sudo cp -X shadow/hash/E7FBADC6-CFCB-4B31-88F9-BB6BD1FAEB52* /var/db/shadow/hash/ ]


once this is completed for all the missing accounts, your system should be restored to exactly the condition it was in prior to the user accounts disappearing.


in Solution 3 above, from illude, the file /Library/Preferences/com.apple.preferences.accounts.plist is mentioned. I believe this is a file that was generated in Mac OS X 10.4, and maybe 10.5. I'm pretty sure that a clean fresh install of Mac OS X 10.6, on a new partition for example, will *not* have this file. Therefore, it a) may not be present, and b) if present, may have contents that don't represent any accounts created since the installation of Snow Leopard on that machine.


be that all as it may - I wish I'd found this thread topic when this first occurred for me. But since I managed a solution, I thought I'd share, in case anyone finds these methods useful.


cheers,

Roy

Apr 22, 2011 12:27 PM

Reply Helpful
User profile for user: vertrider

Question: User Login(s) / Account gone - BUG - thread overview - summary - solutions?