Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > Apple Systems and Services > OS X > Mac OS X 10.7 Lion

Reply
 
Thread Tools Search this Thread Display Modes
Old Jul 6, 2011, 03:44 PM   #1
Sfac
macrumors newbie
 
Join Date: Jul 2011
OSX Lion and AD

Hi all, I'm trying to make Active Directory users to be able to log offline in Lion.
In SL there weren't problems, i just join the domain, check in Directory Utility "Create mobile account at login" and the home folder was created in /Users/ folder. User login credentials were saved locally and offline login was active.
In Lion i can't make it work, "create mobile account at login" option give me no home directory (i think its looking for a remote home folder, getting info from domain PDC), "force local home..." do the trick, but I'm not able to log offline, Lion keep telling me no network login available.
Anyone else having this problem?

Thanks all and sorry for my english!
Sfac is offline   0 Reply With Quote
Old Jul 22, 2011, 12:56 PM   #2
nesl247
macrumors member
 
Join Date: Jun 2008
Location: Florida
I have the exact same issue. Odd thing is that it worked during Developer Preview 2 or 3, forgot when I did a reinstall for a clean Lion Developer setup.
nesl247 is offline   0 Reply With Quote
Old Jul 26, 2011, 04:20 AM   #3
eritho
macrumors newbie
 
Join Date: Jul 2011
Location: Norway
I have a similar problem. I can join the domain an while connected to the domain network i can log on but i get the an error message saying it does not find the home folder where it is expected. I have set homefolder to be local but still it does not work and it will not create mobile users.
eritho is offline   0 Reply With Quote
Old Jul 26, 2011, 06:13 AM   #4
nesl247
macrumors member
 
Join Date: Jun 2008
Location: Florida
I was able to get this fixed. Here's how I fixed it:

Quote:
Try

cd /System/Library/CoreServices/ManagedClient.app/Contents/Resources/

and then use "./createmobileaccount" from that location with the verbose flag.

The initial symptoms can be due to:

* Enforcing a FileVault Master password in Open Directory MCX policy when no such password has been set on the client.

* A lack of a complete OD compatible schema in your LDAP directory (probably not the problem in this case...)

* The remnants of a local user record who matches *either* the GUID or username of the attempted Mobile Account, either as a plist sitting around in /var/db/dslocal/nodes/Default/users or the home directory in /Users/*username*

Try the verbose flag. It really should indicate what's gone wrong. Admittedly so should your syslog, but this is easier to parse.
http://arstechnica.com/civis/viewtop...?f=19&t=158659

Worked for me. Make sure your home directory doesn't exist when you do this. You'll need to login to another user, rm -r /Users/<username>

Log out and into the user with the issue. Go to Go -> Utilities or Finder -> Applications -> Utilities -> Terminal and then copy and paste

cd /System/Library/CoreServices/ManagedClient.app/Contents/Resources/
./createmobileaccount

Worked here with no issues. No idea what we have to do this.
nesl247 is offline   0 Reply With Quote
Old Jul 26, 2011, 08:47 AM   #5
eritho
macrumors newbie
 
Join Date: Jul 2011
Location: Norway
Almost getting there but i get an error message when running ./createmobileaccount

*** node authentication failed: 5000 (failed to connect)
How can i find out what it is actually trying to connect to?
Let me know if you need any output from any of the log files as i have no clue as to what could be helpful for you guys.
eritho is offline   0 Reply With Quote
Old Jul 26, 2011, 10:14 AM   #6
nesl247
macrumors member
 
Join Date: Jun 2008
Location: Florida
Dumb question, but you are connected to the domain either via VPN or being on the LAN that the server is located at correct?
nesl247 is offline   0 Reply With Quote
Old Jul 27, 2011, 01:03 AM   #7
eritho
macrumors newbie
 
Join Date: Jul 2011
Location: Norway
I am connected to the domain onsite.
eritho is offline   0 Reply With Quote
Old Jul 27, 2011, 05:47 AM   #8
nesl247
macrumors member
 
Join Date: Jun 2008
Location: Florida
Run the command and when you do, monitor (via the console app) system.log. There should be some output there about it, please post it here.

One thing that I've learned recently with my companies new IBM i Series, is if something fails, start from scratch. Try unbinding from the domain, restart, bind, login as the desired mobile user and then run the createmobileaccount.

And just because I've learned to not assume anything, make sure that the user you are logging in as is considered a domain admin or whatever group you specified in the directory setup to be considered an admin. If you didn't do this, go to System Preferences -> Accounts -> Login Options -> Edit the Network Account Server -> Directory Utility -> Edit Active Directory -> Make sure Allow Administration By is checked under Administrative under Advanced Options.

I'm not sure if the command when run via the console is required to have be an administrator or not. But it's less of a hassle to try with an admin first than without.
nesl247 is offline   0 Reply With Quote
Old Jul 27, 2011, 08:55 AM   #9
eritho
macrumors newbie
 
Join Date: Jul 2011
Location: Norway
Tried on a cleanly installed Lion now. Same error message. Under Users & Groups the network account server light is green. But still i get the *** node authentication failed: 5000 (failed to connect).

The console just showes an entry for the command beeing run (./createmobileaccount) but it does not return any error messages.

Just to be clear. The machine is only joined in a active directory domain so far.
eritho is offline   0 Reply With Quote
Old Jul 29, 2011, 07:06 PM   #10
myfootsmells
macrumors newbie
 
Join Date: Jul 2011
noticing the same issue. manually creating my home account doesn't work.
myfootsmells is offline   0 Reply With Quote
Old Aug 1, 2011, 11:17 AM   #11
nesl247
macrumors member
 
Join Date: Jun 2008
Location: Florida
Open a terminal window and do a tail -f /var/log/system.log and in another window run the createmobileaccount command. It should definitely be outputting something to system.log.

Sounds like it might be a DNS issue if it can't connect. Have you changed /etc/hosts at all, is your client pointed to the AD's DNS server?
nesl247 is offline   0 Reply With Quote
Old Aug 16, 2011, 02:42 PM   #12
gurm42
macrumors newbie
 
Join Date: Sep 2010
I suspect that many of the people having problems are on a .local network. It's been common (recommended, even) practice in Microsoft-land to make your internal domain <mycompany>.local for some time now, and ever since Apple introduced Bonjour they've had lackluster compatibility with AD as a result.

I can't even get Lion machines to create mobile accounts. I'm running a 2003/2008 mixed domain (2003 Native Functional Level) and Snow Leopard works ok if I turn up the mdns timeout from 2 to 5. Lion, however, takes literally 3-5 minutes to decide it will accept AD logins, and when it does I can't make the mobile account so it's UTTERLY useless for the Macbooks in our environment.

Sadly, this is pretty much par for the course with Apple. I don't expect it to be fixed any time soon, either, as I've been waiting for this integration to be fixed since Leopard. It's been a long few years.

- G
gurm42 is offline   0 Reply With Quote
Old Dec 13, 2011, 07:39 AM   #13
WFM
macrumors newbie
 
Join Date: Dec 2011
I've encountered a similar problem. Here's the weird thing..

- If my AD user has a home folder assigned, a mobile account is not created locally on my mac.

- If my AD user does not have a home folder assigned, a mobile account is created locally on my mac.

So I thought that I could remove the home folder on my AD user, log onto the mac (to create the local mobile account), and then reinstate the home folder on AD. BUT, for some reason, it doesn't appear to create the mobile account once the user has logged onto the mac!

Has anyone found a way around this please?
WFM is offline   0 Reply With Quote
Old Dec 13, 2011, 10:49 AM   #14
WFM
macrumors newbie
 
Join Date: Dec 2011
Just to let you know that running through the ./createmobileaccount from the earlier post from nesl247 fixed the problem for me - many thanks.
WFM is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Systems and Services > OS X > Mac OS X 10.7 Lion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Reinstall Lion over existing Lion OSX nutcaseguy Mac OS X 10.7 Lion 3 Apr 18, 2013 02:46 PM
how to osx usb to downgrade from mtn lion, or upgrage to lion from sl. aPple nErd Mac Basics and Help 1 Apr 2, 2013 08:14 PM
How can I get rid of Lion Osx after mountain lion works ? ramram55 OS X 10.8 Mountain Lion 1 Sep 18, 2012 11:32 AM
help with installing OSX lion streetsofrage Mac Applications and Mac App Store 1 Aug 28, 2012 08:50 PM
Recover OSX Lion lawrencecraig OS X 3 Jun 22, 2012 04:05 PM

Forum Jump

All times are GMT -5. The time now is 09:53 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC