So I was having the same problem binding to an active directory domain on a Win2K3 server, and Lion.
I have only tested this on my Mac Pro, as I have not upgraded the 2 other Macs to OS 10.7 yet.
Verify the Computer name in System Preferences / Sharing (Computer Name), the name the computer is bound to the Activate directy.. System preferences / Users / Login Options , Open directory utility, (Computer ID), (And I used the FQDN, hostmame.domain.org), and the Hostname in ther terminal are the same
If the names do not match in all three places, change the sharing name (You can use ComputerName.local here), then unbind and rebind the computer to the AD using the same name you used in the sharing setup (but use the FQDN).
Next open a terminal, and either sudo, or su to root.
> scutil --Set HostName "ComputerName"
The Network Accounts Not Available displays for about 30 seconds, but then goes away, and I can log in to the AD accounts now.
I had the same problem on a couple of MACs.
My problem was that if I setup a "prefered domain controller" and "allow administration by: Domain Admins / Enteprise admins" it creted two domain entries, one for the forest and one for the domain.
I then had the error "Network accounts are unavailable"
If I didnt set the two options above and followed the instructions from others re the search paths all is good.
Once I login as a domain admin I can then set the user to administer the machine in the normal way in Account settings.
Hope that makes sense and I hope it helps others.
What i found out was that i now need to login with my domain in front of my username and then it works without changing anything else
so old days i logged in like firstname.lastname@example.org
and nowadays i need to login like this
and then it works fine for me, it takes a while but it logs on to my already existing profile
Same issue for me today after getting my hands on Lion for the first time. I found success with adding an additional custom search path for authentication that mapped to /Active Directory/MyDomain, which was listed at http://forums.macrumors.com/archive/index.php/t-1188443.html, so thanks juiced2010. Hopefully Apple fixes this in a future update soon. I posted a walkthrough of the steps needed to do this at http://techierambles.blogspot.com/2011/08/network-accounts-are-unavailable-when. html if you don't know how.
Okay, some more information from my side - I am running a W2008 R2 PDC where:
- I am able to bind any 10.6 based machine and use the network login
- It was the same for a 10.7 machine which was upgraded from 10.6 (AD was already configured on 10.6)
- Having my first machine installed from scratch with 10.7.1, I am not anymore able to get the network login working. I read several articles describing this issue offering different solutions - without luck!
Here is what I tried:
- Configure AD with standard Mac OS X tools:
- Joining the domain works without any issue
- Network Account Server in System Preferences shows green
- Login after restart displays 'network accounts are unavailable'
- Did try to add custom Search path, static IP address, verified DNS settings and search domains, reboot after each step, un-/rebind to domain several times w/o 'create home directory' and 'allow administration'
- Also downloaded CentrifyDC Express for Mac: it also did join well to the domain but as well as the standard Mac OS X procedure it does not let me login (ADCheck verifying the global parameters if the conditions are fine to be able to find the DC in the DNS etc. reports no issues)
From what I learned so far, it must be the configuration which is being written. Most probably I would guess it works fine if you once have created the setup under SL?
Personally I was not able to find such issues as "sometimes it's working, sometimes not...".
This is really annoying !
Any more ideas on that???
Another update: I got the AD setup done on a fresh 10.7 installation and the login became available after the first restart. Therefore it created the user home directory and cached the login/settings... I can now login and use the managed account. Still it now shows for a while the "network accounts are unavailable" and may switch them on after a while. Adding the Search Policy "/Active Directory/DOMAIN" and push it above "/Active Directory/DOMAIN/All Domains" did not change anything for me.
However, if you are logged in and your settings will never be updated - you can do that manually running as super user once logged in:
sh-3.2# mcxrefresh -n username -a
It looks 10.7 is still better than 10.7.1 whereas ≤ 10.6.8 is best for AD authentication.
__Hopefully Apple will find the issue and fix it soon!__
Did anyone find out if it might be a DNS issue?
I can imagine you will have trouble to find the PDC services when asking DNS servers which may not answer properly to _service._protocol.DnsDomainName requests (see: http://support.microsoft.com/kb/247811)...
Even though I always put my PDC DNS server on top of all other DNS server, it may not be sure if the proper server will respond!