Hi,
I just upgraded to Lion and now I cannot log in to my mac using my network account. I checked and the computer is still joined to our windows domain.
Any ideas? Nothing has changed on our network so I am assuming it's a Lion issue. Thank you for any help you can provide.
iMac, Mac OS X (10.7)
I would try unbinding and re-binding.
Hello,
I have followed the steps and confirmed that we are getting login time around 40 seconds to the desktop including the dock loaded. Login times were 3mins prior to the changes. Removed the host file entries to test and makes the login times about 1 min 30 secs.
Thanks for post very helpful!
A combination of statically assigning the hosts in the host file and the fixes reccomended in the "centrify" document has sucessfully worked around the issue for me. My domain log in time is now 10 seconds from the login prompt!
The problem is .local domain names, which we all know. Please see this post as well which got me going in the end :https://discussions.apple.com/thread/3198558?start=60&tstart=0
I will reproduce the instrcuctions that i wrote below. Please note that in addition to this, i have also done the following:
Port 119 fix on the windows DHCP server as detailed here: http://www.mattzuba.com/2011/03/windows-2008-rc2-dhcp-server-option-119/
LOCAL dns zone in the forest (no entries, it just needs to be created and athoritative)
--- instructions follow (HOPEFULLY IT DOESNT GET TOO MESSED UP) --
to get lion which is buggy onto a .local domain
1.) install OSX
2.) go into directory utility and go to join the computer.
3.) make sure that the domain server is DOMAINCONTROLLER.domain.local . Turn off "search all domain controllers"
4.) join to domain. After join, open the console and run the following command:
sudo dscl /Search -append / CSPSearchPath "/Active Directory/DOMAIN/domain.local"
this will add the main domain.
5.) in the search list, make sure that "/Active Directory/DOMAIN/All Domains" is at the top (just below local/local or whatever, the default)
6.) perform the following steps to manually get it talking reliably to the domain:
Workaround
The following steps require root or sudo privileges. Important: Save a backup of the original files in another location, to provide a means of recovering from any mistakes made in editing.
Mac 10.7 always does both an IPv4 and IPv6 query. We can configure IPv6 to be disabled and that will improve performance.
Unfortunately, you cannot disable IPv6 from System Preferences, and so you need to
7.) manually edit the /Library/Preferences/SystemConfiguration/preferences.plist on the Mac.
Find the network adapter (Ethernet or Airport) under NetworkServices key, and then edit the IPv6 setting, changing the config method to __INACTIVE__:
--------------------------------------
<plist version="1.0">
<dict>
<key>CurrentSet</key>
<string>/Sets/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX</string>
... ...
<key>NetworkServices</key>
<dict>
<key>XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX</key>
<dict>
... ...
<key>IPv6</key>
<dict>
<key>ConfigMethod</key>
<string>__INACTIVE__</string>
</dict>
--------------------------------------------------
8.) There's no way to change the DNS lookup order, but you can reduce the multicast DNS timeout by editing mdns_timeout, located here:
/System/Library/SystemConfiguration/IPMonitor.bundle/Contents/Info.plist
The default setting is 5. Set mdns_timeout to 0 as shown below.
-------------------------------------------
<key>mdns_timeout</key>
<integer>0</integer>
-------------------------------------------
9.) If you set mdns_timeout to 0, then you won't be able to ping any ".local" host/domain, but other apps such as Finder and Apple's Active Directory plugin work well (it can resolve a .local hostname). You can login as a network home user very quickly.
If you try to mount a SMB share in the Finder, you can ignore the prompt that says there's a problem connecting to the server. If you wait for several seconds and retry, it will eventually connect. This prompt can be removed by adding the machine that hosts the DNS server and Windows share into /etc/hosts file on the Mac:
10.0.0.14 DOMAINCONTROLLER.domain.local
10.0.0.19 ANYOTHERHOSTYOUNEEDACCESSTO.domain.local
Note: Because you cannot ping domain.local, adclient will stay in disconnected mode for up to 60 seconds after start (which means you need to wait for more than 1 minute after reboot). Adding domain.local into /etc/hosts solves the disconnect issue.
10.)
Reboot the Mac after performing steps 1) through 4).
11.)
Login to the Mac
After all that it should work. I also had to add a local zone to DNS as well as adding a DHCP option 119 on the dhcp server.
This issue appears to be fixed in the 10.7.3 update.
Wrong thread.
How so? This issue appears to be fixed. The "network accounts unavailable" message still appears, but it's only showing when it's supposed to be when the machine initially boots and also when it's offline. If you have mobile accounts setup the system allows you to login regardless of that message, assuming you've logged in with the account at least once before. I haven't seen that behavior in either of the previous updates, at least not without some workarounds.
I know I am way late replying to this post. But the issue resurfaced on OSX 10.11.2. Since I have had the issue many times before and I get it fixed without a problem.
If you are using a Domain account to logon to your Mac and either (1) You have recently re-imaged your Mac reinstalling the OS (2) Clean installed (3) Upgraded to newer OSX and you are having this issue. A DNS record may exist on your server. Delete it and if that doesn't work .. its OK
The Solution is this procedure unbind your computer from the current domain and restart ...
Then....(logon with an admin account)
1. Go to System Preferences > Sharing > J-SMITH1 (sample name) *** Important** It is possible that if you dint delete the DNS A record or don't have access to do that, you want to pick different computer name from the previous.
2. Go to Terminal and type: sudo scutil --set HostName J-SMITH1 (admin pw required)
3. Restart
4. Go to System Preferences > Users & Groups > (Login Options) > Join (domain) Bind it and type J-SMITH1
5. Logout the admin account or restart, and try to login using Domain account.
Thanks! (If it doesnt work sorry, but it has worked for me 100% of the times).
HM
"network accounts are unavailable"
