Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Sensational Badger
Sensational Badger Author
User level: Level 1
0 points

You are unable to log in to the user account "accountname" at this time

Hi,


I have a fair bit of experience with Macs but cannot find a solution to the issue logging in as above.

This only happens when student users try to log in. I have the macs (4 in question) bound to AD and i can ping the dc/file server and browse to locations on that server from the Macs. I do not have an OD server. All the other installs i have done in the past i've done with xserve/ server app so dont know if that is the reason.


If i tick the box to allow local home directory to be mounted at startup the users can log in but there network home folder is just a question mark in the dock and of no use.


After the Macs have been bound then they have been moved into the relevant OU's. I dont have roaming profiles setup and all users have a network home folder on the dc/ fileserver.


Any suggestions are welcome.


Regards


Jim

Posted on Jul 14, 2014 6:46 AM

Reply
10 replies
User profile for user: Antonio Rocco
Antonio Rocco
User level: Level 6
12,278 points

Jul 21, 2014 6:49 AM in response to Sensational Badger

It's fairly standard policy to define a GPO/ACL that gives users read/write access to their own folders but no access (not even list or traverse rights) to parent containers further upstream. This works well for Windows but it won't work for Macs. You must allow at least list and traverse rights to any container/folder that contains users home folders otherwise you may well see the behaviour you're describing.


You may know some of the following but for the benefit of others some points to remember when integrating OS X in a mature Windows network are:

1 - DNS must be have fully resolving forward and reverse pointers to active DCs and partner servers

2 - Avoid the use of .local for the TLD suffix for your internal domain

3 - Allow list/traverse rights for parent containers containing users

4 - Avoid the use of miserly home folder quotas

5 - AD GPOs can't easily be used to 'manage' Macs


The above is not an exhaustive list by any means but should help for most integration scenarios

Reply
User profile for user: Mr.Dano
Mr.Dano
User level: Level 1
0 points

Nov 17, 2014 2:13 PM in response to Sensational Badger

I ran into this issue also and had decrypted the filevault, reimaged the computer. i knew it wasn't a password issue as i could log into web mail with no issues.

I was able to resolve this issue by going to a PC and logged into AD brought up the account of the user i was trying to log in with. i went to the profile tab and changed the setting in Home Folder from connect "Drive Letter" to "share name" to local path, applied and rebooted the computer and was able to log i as the user

Reply

You are unable to log in to the user account "accountname" at this time

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up