Hi,
I just upgraded to Lion and now I cannot log in to my mac using my network account. I checked and the computer is still joined to our windows domain.
Any ideas? Nothing has changed on our network so I am assuming it's a Lion issue. Thank you for any help you can provide.
iMac, Mac OS X (10.7)
I would try unbinding and re-binding.
I would try unbinding and re-binding.
See below
Just for the record. I renamed my computer and rejoined it to the domain. Once I restarted, I still got the "network accounts are unableble" message. I then waited for 20 seconds(the red dot went away) and I was able to log in. Is this a NIC card issue?
Nope - I've had this issue since upgrading SL to Lion. Only way I can get around it is unbind/rebind but problem still surfaces again after a few reboots...
You are right Mike. I rebooted yesterday and this morning I have the same problem.
What is going on? Any ideas?
No sorry - I ran the developer preview, noticed this problem, but assumed that it would be fixed in the release version.
Not sure whether its related to the SL-Lion upgrade (I haven't tried a clean Lion install yet)
Guess time will tell...
Okay,
So I was having the same problem binding to an active directory domain on a Win2K3 server, and Lion.
I have only tested this on my Mac Pro, as I have not upgraded the 2 other Macs to OS 10.7 yet.
Verify the Computer name in System Preferences / Sharing (Computer Name), the name the computer is bound to the Activate directy.. System preferences / Users / Login Options , Open directory utility, (Computer ID), (And I used the FQDN, hostmame.domain.org), and the Hostname in ther terminal are the same
>hostname
> ComputerName
If the names do not match in all three places, change the sharing name (You can use ComputerName.local here), then unbind and rebind the computer to the AD using the same name you used in the sharing setup (but use the FQDN).
Next open a terminal, and either sudo, or su to root.
> scutil --Set HostName "ComputerName"
Now reboot.
The Network Accounts Not Available displays for about 30 seconds, but then goes away, and I can log in to the AD accounts now.
I had the same problem on a couple of MACs.
My problem was that if I setup a "prefered domain controller" and "allow administration by: Domain Admins / Enteprise admins" it creted two domain entries, one for the forest and one for the domain.
I then had the error "Network accounts are unavailable"
If I didnt set the two options above and followed the instructions from others re the search paths all is good.
Once I login as a domain admin I can then set the user to administer the machine in the normal way in Account settings.
Hope that makes sense and I hope it helps others.
What i found out was that i now need to login with my domain in front of my username and then it works without changing anything else
so old days i logged in like username@domain.be
and nowadays i need to login like this
domain\username
and then it works fine for me, it takes a while but it logs on to my already existing profile
Same issue for me today after getting my hands on Lion for the first time. I found success with adding an additional custom search path for authentication that mapped to /Active Directory/MyDomain, which was listed at http://forums.macrumors.com/archive/index.php/t-1188443.html, so thanks juiced2010. Hopefully Apple fixes this in a future update soon. I posted a walkthrough of the steps needed to do this at http://techierambles.blogspot.com/2011/08/network-accounts-are-unavailable-when. html if you don't know how.
adding the custom search path did the trick for me too.
When i log in i have no the message some network accounts are available :-)
but it works now
Okay, some more information from my side - I am running a W2008 R2 PDC where:
From what I learned so far, it must be the configuration which is being written. Most probably I would guess it works fine if you once have created the setup under SL?
Personally I was not able to find such issues as "sometimes it's working, sometimes not...".
This is really annoying 😟 !
Any more ideas on that???
Another update: I got the AD setup done on a fresh 10.7 installation and the login became available after the first restart. Therefore it created the user home directory and cached the login/settings... I can now login and use the managed account. Still it now shows for a while the "network accounts are unavailable" and may switch them on after a while. Adding the Search Policy "/Active Directory/DOMAIN" and push it above "/Active Directory/DOMAIN/All Domains" did not change anything for me.
However, if you are logged in and your settings will never be updated - you can do that manually running as super user once logged in:
sh-3.2# mcxrefresh -n username -a
It looks 10.7 is still better than 10.7.1 whereas ≤ 10.6.8 is best for AD authentication.
__Hopefully Apple will find the issue and fix it soon!__
Did anyone find out if it might be a DNS issue?
I can imagine you will have trouble to find the PDC services when asking DNS servers which may not answer properly to _service._protocol.DnsDomainName requests (see: http://support.microsoft.com/kb/247811)...
Even though I always put my PDC DNS server on top of all other DNS server, it may not be sure if the proper server will respond!
I have had this issue since I purchased two new mac minis a month or so ago. Happened on 10.7.1 and 10.7.2. Our domain contains .local so this might be complicating the issue for me. No matter what I tried, the login process either would not work at all, or it would take 10+ minutes and multiple login attempts to work. All my other macs (OS 10.5) work just fine logging in with domain accounts. I found plenty of things other people tried with success, but nothing worked for me. This article http://support.apple.com/kb/TS4041 started me in the correct direction finally, but it alone didn't work. Combined with several other articles and information, I finally got something together that appears to be working for me. I have now been able to successfully and repeatedly log in with domain accounts in under 5-10 seconds with one login attempt. I have tested it on both mac minis with numerous restarts, shutdowns, and different domain users. If you are on a domain with .local in it, this might help you. I unfortunately do not know exactly which part of the following solution worked the magic, but here is what I did:
-I enabled IPv6 on my two windows server 2003 DCs.
-I ran ipconfig on both DCs to get their IPv6 addresses. You want the IPv6 attached to your network adapter, not the IPv6 on the tunnel adapters or whatever other interfaces you might have. It will most likely be the IPv6 in the same group/adapter section as your current IPv4 address.
-I added a forward lookup AAAA record for both the w2k3 DCs into my domain.local DNS forward lookup zone (put your domain name in place of domain) with their respective IPv6 addresses.
-I ensured the new AAAA records were updated in my domain and reachable from a vista box that already had IPv6 enabled (local link addresses).
-I logged into the mac mini with local admin, then opened the /etc/hosts file for editing, you will need to sudo into your favorite editor, I used vi. e.g. at terminal prompt> sudo vi /etc/hosts
-in /etc/hosts add the following lines at the bottom of the file:
127.0.0.1 domain.local
::1 domain.local
DC1_IPv6_address fqdn_of_DC1.domain.local
DC2_IPv6_address fqdn_of_DC2.domain.local
DC1_IPv4_address fqdn_of_DC1.domain.local
DC2_IPv4_address fqdn_of_DC2.domain.local
-save your edits, restart your machine and hopefully your domain login actually works now. It does for me. You do need to already be bound to the domain of course.
*fqdn_of_DCx.domain.local = the fully qualified domain name of your domain controller(s). Replace domain with your domain name. e.g. if your DC is named DCserver and your domain is mydomain you would have DCserver.mydomain.local
*DCx_IPv6 = the IPv6 address of your domain controller(s).
*DCx_IPv4 = the IPv4 address of your domain controller(s).
Additional information:
-mac minis OS 10.7.2:
--set to use DHCP for IPv4 and Automatically for IPv6.
--do not have anything set in the network DNS search domains (have seen that suggested)
--bound to AD using the Open Directory Utility button not the + button (dont know if it makes a difference)
--have domain.local in the active directory domain box in the afore mentioned utility
--not using mobil accounts
--have IPv4 address of one DC in Prefer this domain server: (and box is checked)
--have Allow administration by: checked with default domain admins and enterprise admins in there
--do not have Allow authentication from any domain in the forest box checked
--only have /Active Directory/DOMAIN/domain.local in the authentication search policy path, so using the example domain referenced above = /Active Directory/MYDOMAIN/mydomain.local (also has /local/default)
--have Display login window as: Name and Password selected
I cant think of any other settings that I have messed with in trying to get this to work, but with all those things set, I can now log into the mac minis on my .local domain with domain accounts and do not have issues anymore. At one point I had messed with so much stuff on one of the minis that is was borked. I reformatted the drive, reinstalled 10.7.1, installed 10.7.2 patch and all other mac software updates, bound the mac to the domain, then made the changes above. The other mac was as received from the retailer with only 10.7.2 update and all other patches applied. After dealing with this broken login crap for over a month, I am tired of it and just glad it is finally working. Hopefully this might help some of you.
"network accounts are unavailable"
