Newsroom Update

Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Alfista_SK
Alfista_SK Author
User level: Level 1
4 points

Unable to login @ login window with Active Directory User on Lion

I have an Active directory server (win 2003) where I have stored all users. To this system I have binded mac server (Lion 10.7.4) with Open directory for mac clients, witch are stored on AD server too. I have bind the client macs to the mac OD server, to use all advanteges of this server, but when I will to login in login window on client mac I becomme only shaking. When i connect for sharing or directly on mac server all is working.


I have tested to change the the home directory from AD server to OD server over sharing but without change.

I try to augment users, without change too and Iwas unable to change the home directry.

When I bind directly client system to the AD server all is working...


Can anybody help me what should I do, that I can log from client sytem to OD server and that the OD server stores the home directoryfor the users with will connect from client macs?

Mac OS X (10.7.4)

Posted on Jul 16, 2012 6:16 AM

Reply
24 replies
User profile for user: Alfista_SK
Alfista_SK Author
User level: Level 1
4 points

Jul 16, 2012 11:53 PM in response to Thanzig

Yes (but only via system preferences/users, other wasn't working), I have bounded the servers, but have problems with it. When I use users maked on OD all is working properly, bud when I will use the AD user over OD server, there are the problems.

The mounting problem was only when I on AD server set the home folder via sharing to OD server and client log, that to mount the home folder he must give the password again but there was only shaking like on normal seted system.

I read if I use augmented user, I can change the home directory and some other parameters and all is OK, but on Lion can't I (don't know, there are not the posibilities like in a Snow Leopard) to change the parameters in augmented users. So I have only the shaking by loging on client mac.

I don't know where is the real problem, I'm new in this and I need to solve this problem. I set the system like in apples trainig videos and other manuals, I do all what was written but all was made for Snow leopard and in Lion is it others.


No I don't import users I only to try to augment it, so that they are stored on AD server and only security is managed there and all others is managed vis OD server.

Is than needed after import to have binded the servers? How can I import it and what happens if they are on both servers or what I need to do so that where later no conflicts and admin have the easest way to create and manage all servers.


Thanks guys for help.

Reply
User profile for user: Alfista_SK
Alfista_SK Author
User level: Level 1
4 points

Jul 17, 2012 3:06 AM in response to Mike Vos

Thanks, I have this tested, but i need accounts stored on server.


How can I import users and what happens if they are on both servers or what I need to do so that where later no conflicts and admin have the easest way to create and manage all servers.


The augmenting is good way, but I don't know why they won't work. I thing all is in the home foldes ...


I found that the home folders for augmented users are stored in "/var/empty" ... this is bad and can't change it ...

Reply
User profile for user: Mike Vos
Mike Vos
User level: Level 1
15 points

Jul 19, 2012 2:37 AM in response to Alfista_SK

This might be helpful for you. Found this somewhere else on this forum.


Setting up a new Lion OS X Server

  1. Change the Shared name
    1. apple >> System Preferences >> Sharing
    2. enter a name like: server-mac
  2. Give a Static Address

    apple >> System Preferences >> Network

  3. Download Lion OS X Server app from the app store (not through itunes)
  4. Download Server Admin Tools for Lion (this can be found via google)
  5. install both and run apple >> Software Update

Binding

apple >> System Preferences >> Users & Groups

  1. Unlock the padlock
  2. Click Open Login Options
  3. Click Join
  4. Click Directory Utility
    1. Double click Active Directory
    2. for domain, enter: DOMAIN.LOCAL
    3. Click the triangle next to Show Advanced Options
      1. Click User Experience
        1. User uploaded fileCreate mobile account at login
          1. Remove: require confirmation box
        2. Remove: Use UNC path box
        3. User uploaded file Default user shell: /bin/bash
      2. Click Administrative
        1. User uploaded file Prefer this domain server: ADserver.domain.local
        2. User uploaded file Allow administration by (leave defaults)
        3. Remove: Allow authentication from any domain in the forest
      3. Click ok

Create Open Directory Masteropen Server Admin

Connect to server-mac.local (or enter the static address)

  1. Highlight the local server and click Settings
  2. Click Services
    1. User uploaded fileOpen Directory
    2. Click Open Directory under server-mac.local (or static address)
    3. Click General
    4. Under Role, click Change
    5. Select Remain connected and setup as Open Directory Master
    6. Create user called: Diradmin

Changing Login Options

  1. apple >> System Preferences >> Users & Groups
  2. Click Login Options
  3. Under: Display login window as, select Name and password radio button
  4. User uploaded fileAllow network users to log in at login window
    1. Select: Options
    2. Select: Only these network users radio button
    3. Click +
    4. Under Network Users:

      select those who you want to be able to log into this server

Adjust the Date and Time

Click the time in the upper right corner

  1. Click Open Date & Time Preferences...
  2. Click Date & Time tab
  3. User uploaded file Set date and time automatically: ntpserver.domain.local


Add a Mac Client to the Open Directory


Go to System Preferences >> Users & Groups

  1. Unlock the padlock
  2. Click Login Options
  3. Click Join
    1. Type in the ip address of the mac server
    2. Press ok
    3. It will tell you "This server provides SSL certificates. Do you want to trust the certificates.... Choose Trust.
    4. Server does not provide a secure SSL connection. Do you want to continue? Choose Continue
  4. Should be done!! Woot!!

Decide who can get onto the box.2. Go to System Preferences >> Users & Groups

  1. Unlock the padlock
  2. Click Login Options / Options / Choose "Only these network users:" Then choose the individuals from the open directory that you want to allow access to.


Binding a Client Mac to Active Directory and Open Directory

apple >> System Preferences >> Users & Groups

  1. Unlock the padlock
  2. Click Login Options
  3. Click Join
    1. Enter in the Mac server name or ip address
    2. dont enter any credentials if asked (bind anonymously)
    3. Press ok
  4. Click Join
    1. Double click Active Directory
    2. for domain, enter: DOMAIN.LOCAL
    3. Click the triangle next to Show Advanced Options
      1. Click User Experience
        1. User uploaded fileCreate mobile account at login
          1. Remove: require confirmation box
        2. Remove: Use UNC path box
        3. User uploaded file Default user shell: /bin/bash
      2. Click Administrative
        1. User uploaded file Prefer this domain server: adserver.domain.local
        2. User uploaded file Allow administration by (leave defaults)
        3. Remove: Allow authentication from any domain in the forest
      3. Click ok
Reply
User profile for user: Alfista_SK
Alfista_SK Author
User level: Level 1
4 points

Jul 19, 2012 3:01 AM in response to Mike Vos

Thanks, I have done everithing is here written, without the time. I don't have time server, so i'm synchronised from apple server.

Only one thing I have others. My clien mac is bound to teh OD server and not to the AD server. When I bind to teh AD server all is working corectly but I have only local home folders. I try to bound to both sesvers and the result was the same like with binding on AD server.

I need the OD server to manage the Mac client's, so I have a question. If I bind client to both system, can I manage the clients from OD server? And how I will have the network accounts?

Reply
User profile for user: Alfista_SK
Alfista_SK Author
User level: Level 1
4 points

Jul 19, 2012 3:43 AM in response to Mike Vos

I have unchecked but I have only the the home folders localy ... :-(


On server I have it, but on client not, but when I bind AD server too I don't have the login problems, I log but only with home folder ("force local user home folders" uncheked) ...


Now it's the same like when I have only AD server bound. Is there any diferences when I have both server binded?


And it's needed to have cheked the mobile folder? I don't need it.

Reply
User profile for user: Alfista_SK
Alfista_SK Author
User level: Level 1
4 points

Jul 19, 2012 3:53 AM in response to Mike Vos

Ok so I can then managet it from OD server. I was in that so When I have binded servers, so I need to bind then only to OD server. In all material was so written...


Yes, you are right, only local home folders. After renaming the old it makes a new local home folder.


So I try to work with augmented users, but I was unable to edit the users like in the manuals and change the home folders to network (to OD server). All what I do has no effect ...

Reply

Unable to login @ login window with Active Directory User on Lion

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up