Previous 1 2 Next 20 Replies Latest reply: Apr 2, 2012 9:27 AM by rslygh
alejflor Level 1 (0 points)


I just upgraded to Lion and now I cannot log in to my mac using my network account.  I checked and the computer is still joined to our windows domain.

Any ideas?  Nothing has changed on our network so I am assuming it's a Lion issue. Thank you for any help you can provide.

iMac, Mac OS X (10.7)
  • William Lloyd Level 7 (21,030 points)

    I would try unbinding and re-binding.

  • alejflor Level 1 (0 points)

    See below

  • alejflor Level 1 (0 points)

    Just for the record.  I renamed my computer and rejoined it to the domain.  Once I restarted, I still got the "network accounts are unableble" message.  I then waited for 20 seconds(the red dot went away) and I was able to log in. Is this a NIC card issue? 

  • MikeLJ Level 1 (10 points)

    Nope - I've had this issue since upgrading SL to Lion. Only way I can get around it is unbind/rebind but problem still surfaces again after a few reboots...

  • alejflor Level 1 (0 points)

    You are right Mike.  I rebooted yesterday and this morning I have the same problem.

    What is going on?  Any ideas?

  • MikeLJ Level 1 (10 points)

    No sorry - I ran the developer preview, noticed this problem, but assumed that it would be fixed in the release version.

    Not sure whether its related to the SL-Lion upgrade (I haven't tried a clean Lion install yet)

    Guess time will tell...

  • bphendri Level 1 (115 points)



    So I was having the same problem binding to an active directory domain on a Win2K3 server, and Lion.


    I have only tested this on my Mac Pro, as I have not upgraded the 2 other Macs to OS 10.7 yet.


    Verify the Computer name in System Preferences / Sharing (Computer Name),  the name the computer is bound to the Activate directy.. System preferences / Users / Login Options , Open directory utility, (Computer ID), (And I used the FQDN,, and the Hostname in ther terminal are the same



    > ComputerName


    If the names do not match in all three places, change the sharing name (You can use ComputerName.local here), then unbind and rebind the computer to the AD using the same name you used in the sharing setup (but use the FQDN).


    Next open a terminal, and either sudo, or su to root.

    > scutil --Set HostName "ComputerName"


    Now reboot.


    The Network Accounts Not Available displays for about 30 seconds, but then goes away, and I can log in to the AD accounts now.

  • Arnie68 Level 1 (0 points)

    I had the same problem on a couple of MACs.


    My problem was that if I setup a "prefered domain controller" and "allow administration by: Domain Admins  / Enteprise admins" it creted two domain entries, one for the forest and one for the domain.


    I then had the error "Network accounts are unavailable"


    If I didnt set the two options above and followed the instructions from others re the search paths all is good.


    Once I login as a domain admin I can then set the user to administer the machine in the normal way in Account settings.


    Hope that makes sense and I hope it helps others.

  • Dellie Level 1 (0 points)

    What i found out was that i now need to login with my domain in front of my username and then it works without changing anything else


    so old days i logged in like


    and nowadays i need to login like this



    and then it works fine for me, it takes a while but it logs on to my already existing profile

  • rslygh Level 1 (0 points)

    Same issue for me today after getting my hands on Lion for the first time. I found success with adding an additional custom search path for authentication that mapped to /Active Directory/MyDomain, which was listed at, so thanks juiced2010. Hopefully Apple fixes this in a future update soon. I posted a walkthrough of the steps needed to do this at html if you don't know how.

  • Dellie Level 1 (0 points)

    adding the custom search path did the trick for me too.

    When i log in i have no the message some network accounts are available :-)

    but it works now

  • dalimsoftware Level 1 (0 points)

    Okay, some more information from my side - I am running a W2008 R2 PDC where:


    1. I am able to bind any 10.6 based machine and use the network login
    2. It was the same for a 10.7 machine which was upgraded from 10.6 (AD was already configured on 10.6)
    3. Having my first machine installed from scratch with 10.7.1, I am not anymore able to get the network login working. I read several articles describing this issue offering different solutions - without luck!

      Here is what I tried:


    1. Configure AD with standard Mac OS X tools:
      - Joining the domain works without any issue
      - Network Account Server in System Preferences shows green
      - Login after restart displays 'network accounts are unavailable'
    2. Did try to add custom Search path, static IP address, verified DNS settings and search domains, reboot after each step, un-/rebind to domain several times w/o 'create home directory' and 'allow administration'
    3. Also downloaded CentrifyDC Express for Mac: it also did join well to the domain but as well as the standard Mac OS X procedure it does not let me login (ADCheck verifying the global parameters if the conditions are fine to be able to find the DC in the DNS etc. reports no issues)


    From what I learned so far, it must be the configuration which is being written. Most probably I would guess it works fine if you once have created the setup under SL?


    Personally I was not able to find such issues as "sometimes it's working, sometimes not...".

    This is really annoying !


    Any more ideas on that???

  • dalimsoftware Level 1 (0 points)

    Another update: I got the AD setup done on a fresh 10.7 installation and the login became available after the first restart. Therefore it created the user home directory and cached the login/settings... I can now login and use the managed account. Still it now shows for a while the "network accounts are unavailable" and may switch them on after a while. Adding the Search Policy "/Active Directory/DOMAIN" and push it above "/Active Directory/DOMAIN/All Domains" did not change anything for me.


    However, if you are logged in and your settings will never be updated - you can do that manually running as super user once logged in:

    sh-3.2# mcxrefresh -n username -a


    It looks 10.7 is still better than 10.7.1 whereas ≤ 10.6.8 is best for AD authentication.


    __Hopefully Apple will find the issue and fix it soon!__

  • dalimsoftware Level 1 (0 points)

    Did anyone find out if it might be a DNS issue?


    I can imagine you will have trouble to find the PDC services when asking DNS servers which may not answer properly to _service._protocol.DnsDomainName requests (see:


    Even though I always put my PDC DNS server on top of all other DNS server, it may not be sure if the proper server will respond!

Previous 1 2 Next