My Snow Lepoard MacBook Pro was joined to my Active Directory domain, with a mobile account. After upgrading to Lion this afternoon, I cannot login to my account. I also cannot login to the domain.
MacBook Pro, Mac OS X (10.7)
Have you verified your computer is still bound to the domain, and have you tried rebinding it?
It is no longer bound to the domain. After the first restart, network accounts have been broken. By logging into a local account, I was able to unbind and attempted to bind to the domain. This fails with an "unable to store password" error. I've tried creating a new mobile account when binding, and I've tried just simply binding.
I'm getting that same error.
It probaly has somethiing to do with the authentication search path in the Directy Utility app. Click the + button to see if any additional AD search paths are available. That's what I had to do when I first intalled Lion.
The domain I log into is a subdomain of a forest, and I had to manually add the AD domain I wanted ABOVE the domain Lion had auto-added in my directory config.
Lion had this:
/Active Directory/MYDOMAIN/All Domains
I clicked the + button (as Templeton Peck suggested) and chose:
/Active Directory/MYDOMAIN
from the list and moved it above the All Domains option.
What if there are no domains listed? Is this a setting the domain manager needs to turn on so that the Mac sees it?
Julian Daniel wrote:
The domain I log into is a subdomain of a forest, and I had to manually add the AD domain I wanted ABOVE the domain Lion had auto-added in my directory config.
Lion had this:
/Active Directory/MYDOMAIN/All Domains
I clicked the + button (as Templeton Peck suggested) and chose:
/Active Directory/MYDOMAIN
from the list and moved it above the All Domains option.
That is exactly what I had to do. add the subdomain and move it above All Domains.
Yesterday I spoke to a Directory Services engineer our Apple enterprise team put me in touch with, and he said it's a known issue that didn't make the cut for the final release of Lion but will be addressed soon.
TheFishyFew wrote:
What if there are no domains listed? Is this a setting the domain manager needs to turn on so that the Mac sees it?
If no domains are listed, then it sounds like you're not bound to AD.
Open the Terminal app and run this command: dsconfigad -show
Post the results here
Well, i was going to do as you suggested and they appeared. Not sure why the delay.
Different user but same problem.
What I found was that I got the canot save password and dsconfigad -show listed no ad info at all. I had tried once before binding with a new computer name but there was no luck there. Trying it again after doing the dsconfigad -show bit DID allow the computer to bind and it took a bit longer than normal while it displayed a message about updating search paths.
This was an upgrade install of Lion where I did NOT unbind prior to the install. I will be trying another Lion install but this time I will unbind before leaving Snow Leopard. I will report back with how that goes.
One other little interesting thing I noted was that the Lion install appearently wiped out the Root password. When I tried enabling Root in the Directory Services window, it requested a password for the Root account. There was a password, and it functioned correctly, in the Snow Leopard install that was upgraded to Lion.
Passed the time limit to edit my previous posting so a new post.
I thought I was OK once the computer did bind to AD (as shown in dsconfigad -show) but then after a restart to try to log in as as an AD user account, I still could not log in. It keeps telling me that network accounts are not available. When I try to log in all I get is the spinning wheel for a while and then back to the login window.
HELP!
What I have found is that after I do a permissions repair USING THE RESTORE PARTITION of the hard drive, then I can bind to the Active Directory and login in as a managed user. BUT this permissions repair HAS TO BE DONE from the Restore partition. It does not work if you try doing it from the currently in use partition.
That sounds fine EXCEPT THAT WHEN YOU RESTART THE COMPUTER IT GOES THROUGH THE ENTIRE DISK CHECK (much as if you had a hard crash and then restarted) AND IT WILL "REPAIR" THE PERMISSIONS BACK TO THE NONE WORKING PERMISSIONS THAT BLOCK ACTIVE DIRECTORY! Naturally doing this requires that you have to log in as an admin on the Restore partition to again bind the AD.
Has anyone found a definitve answer to this problem? My 10.7 machine says "Network accounts are unavailable" after every reboot after I rebind to AD.
Any ideas?
Use the custom search path suggestion from Julian Daniel above. Worked for me and I've seen it appear as a successful answer in quite a few posts I've been looking at.
WORKAROUND for "Error: The home folder for user "ActiveDirectoryUser" isn't located in the usual place or can't be accessed. The home or Users folder may have been moved or deleted. If the home...."
I was able to "Fix" the Mobile Account issue above in Lion -for now. (Valid as of 8/18/11 on Lion 10.7.1)
- In Directory Utility -> Active Directory -> Advanced Options, I unchecked "Create mobile account at login" and left "Force local home directory on startup disk" checked
- Log out then back in as a networked user, -A local home directory will be created under /Users but will not be accessible if network is offline (non-mobile)
- Open Terminal
--- Type: cd /System/Library/CoreServices/ManagedClient.app/Contents/Resources/
--- Type: ./createmobileaccount -n username
The username you specify with the createmobileaccount command will turn it from a standard account into a mobile account.
This fixes Active Directory mobile accounts for the time being so now its on to Open Directory which refuses to stay bound after a reboot.
How do I login to my active directory domain account after upgrading to Lion
