Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > Apple Systems and Services > OS X > Mac OS X 10.7 Lion

Reply
 
Thread Tools Search this Thread Display Modes
Old Jul 15, 2011, 05:46 PM   #1
s.p.xosder
macrumors newbie
 
Join Date: Jun 2010
Active Directory and Lion -Network accounts are unavailable

Any other developers connect their machines to an Active Directory domain? Since installing 10.7, I am unable to connect to my domain. At the login screen, there is a message stating that "Network accounts are unavailable".

I can confirm that the computer is able to ping the Domain Controller and during the bind process, the machine recognizes the computer account in AD and asks if I want to join the existing account.

I have attempted both an upgrade install and a fresh install and both had the same result. Thanks in advance for help!
s.p.xosder is offline   0 Reply With Quote
Old Jul 18, 2011, 11:23 AM   #2
David the Gnome
macrumors newbie
 
Join Date: Nov 2008
We're having the same problem. None of our Lion machines will bind to the AD, not even the Xserves. I can sometimes get them to bind but they will randomly stop allowing network logins, even though the AD shows green in the directory utility. The same machine will work just fine if it's re-imaged to Snow Leopard but Lion just won't cooperate with the Active Directory. We're running Windows Server 2008 R2.
David the Gnome is offline   0 Reply With Quote
Old Jul 18, 2011, 01:28 PM   #3
s.p.xosder
Thread Starter
macrumors newbie
 
Join Date: Jun 2010
Update: not quite there yet

So, I've been messing around with this for the better part of the weekend, and I found a few things.

First, I had to turn on the mobile account creation option in the directory utility. Without that being on, I couldn't get it to work at all. If I asked it to prompt me at login and I said not to create the mobile account, it caused issues, so I am now allowing it to create the account.

Second, I'm not sure why, and I didn't want to believe it, but I seem to have better luck if the login settings are set to "List of Users" and not "Name and Password".

I've also turned off the wireless and removed my Open Directory settings. Not sure if those matter, but I wanted to rule them out.

On machines that still don't connect, I use the dscl command and browse the domain manually from within terminal. Somehow this seems to help too. It still isn't close to 100% and a restart can cause the machine to not login again even if it was working before.
s.p.xosder is offline   0 Reply With Quote
Old Jul 18, 2011, 02:34 PM   #4
Ragnar-Kon
macrumors member
 
Join Date: Jul 2011
Have had it working for 2 months or so now, and ran into absolutely zero issues. Just set it up the same way I did with Snow Leopard. I use a slight variation of the "golden triangle" setup.

Computers
Mixture of 10.5.8, 10.6.8, and 10.7.0

Active Directory
Windows Server 2003 R2

Open Directory
Mac OS X 10.6.8 Server

Bind information:
Active Directory first, then Open Directory. The users log in with their Active Directory account, therefore you MUST use mobile accounts. I could be wrong, but it is my understanding you can't use standard managed accounts unless they are logging in with an Open Directory account. Lastly, I reorganize the Search policy where it searches for the Open Directory server first, and then the Active Directory. Reboot, then done.

The result allows me to manage the Mac computers from the Open Directory server, while the users still log into their Active Directory accounts. My network is setup where I manage the Macs on a per-computer basis rather than a per-user basis. I have gotten it to work on a per-user basis before, but the permissions were patchy at best. But, since it wasn't really necessary for my network, it wasn't a huge loss.

Several of the Mac Pros are connected to an Xsan through fiber and a private vlan. That setup requires a master Xsan controller and a backup Xsan controller, both running 10.6.8 and both are physically separate servers from the Open Directory server. Permissions on the Xsan are managed on an Active Directory user basis (since all of my servers are dual-bound to Active Directory and Open Directory, just like my other Macs). I also have 4th Xserve machine that is running several 10.6.8 virtual machines that I use as web servers, development servers, etc.

The only thing I haven't tested yet is 10.7.0 Server. The only reason why is I haven't is because I have not heard anything regarding virtual machines and 10.7.0. Obviously you have to install regular Mac OS X Lion before you can install server software, and previously it was against Apple's terms to install a regular copy of Mac OS X on a virtual machine. So I'm afraid that means I can't run 10.7.0 Server through virtual machines since it requires the installation of Mac OS X first.
On top of this, I typically wait for the first few patches before I upgrade any servers, so as of right now the plan is to wait until December vacation before I upgrade any of my servers.

Having said that, I'm running into all kinds of stupid issues with Lion that are non-network related that will probably force me to wait until December vacation to upgrade any of my machines. (I work at a University, so the prime time to upgrade computers is during the summer and winter break.)

Hopefully that was well-explained enough to help. If not, let me know.
Ragnar-Kon is offline   0 Reply With Quote
Old Jul 18, 2011, 04:48 PM   #5
Ragnar-Kon
macrumors member
 
Join Date: Jul 2011
For kicks and giggles I installed Lion Server on a Mac Pro just to see what issues I would run into.

Long story short, Lion Server is gonna need a lot of work if Apple hopes to have it work within a Active Directory environment. Right now the only purpose it has is to suck electricity out of the wall and dazzle me with its single blinking LED. Worthless. Completely worthless.
Ragnar-Kon is offline   0 Reply With Quote
Old Jul 21, 2011, 10:00 AM   #6
collegetech
macrumors newbie
 
Join Date: Dec 2004
We had the same problem here and found the fix today. After binding to the domain, when you go back to the directory utility you will notice the Apply button is greyed out. You need to click on the lock to lock the settings. Quit directory utility, and click on the lock for Users and Groups.

We did not check the mobile account setting
collegetech is offline   0 Reply With Quote
Old Jul 22, 2011, 03:25 PM   #7
jonritter
macrumors newbie
 
Join Date: Jul 2011
- Install Lion
- Log into your local admin account
- Set the machine name to "XXX" and remember this name
- Open Directory Utility
- Open Active Directory
- Set the Comuter ID to "XXX"
- (Optional) Show Advanced Options, check "Create mobile account...", uncheck "Require confirmation..."
- Click BInd
- Enter in your admin domain credentials
- Hit OK
- Log the directory utility by clicking the lock in the lower right corner
- Log out of the local admin profile
- Log in as any domain user
jonritter is offline   -1 Reply With Quote
Old Jul 25, 2011, 11:23 AM   #8
stikkman
macrumors newbie
 
Join Date: Jul 2011
Re: Active Directory and Lion -Network accounts are unavailable Reply to Thread

So what's the trick to logging into Lion w/ your domain account? The local admin and user accounts I've created and bound to my AD service just prompt me for a password - no domain affiliation. Logging in as Guest gives me the option to include my Windows domain login but won't accept my Windows password. This was all working fine via Snow Leopard - seems related to my recent Lion update. Did run a permissions check/repair as advised but have no way of logging in per my AD account. Seem to recall w/ Snow Leopard as separate account related to AD in the login screen?

Thanks!

Scott
stikkman is offline   0 Reply With Quote
Old Jul 25, 2011, 09:05 PM   #9
Mack Daddy
macrumors newbie
 
Join Date: Jul 2011
Hey guys

Fixed this by booting to recovery (command+r) and running a repair on file permissions

(as per a suggestion in this thread: http://forums.macrumors.com/showthread.php?t=1191494)
Mack Daddy is offline   0 Reply With Quote
Old Jul 27, 2011, 09:05 AM   #10
Corex
macrumors newbie
 
Join Date: Jul 2011
I've folloed both jonritters and Mack Daddy's suggestions but doesn't work.

Repair permissions, changing the search path's order to get the apply button activated and locking the settings doesn't work. It's flawless with SL, but Lion's driving me nuts. Any other suggestions? Still having problems here =-(
Corex is offline   0 Reply With Quote
Old Jul 27, 2011, 09:02 PM   #11
derbothaus
macrumors 601
 
derbothaus's Avatar
 
Join Date: Jul 2010
Same here. Just started widespread testing. Stopped after bind. No accounts available. Just not working with exact same and/or slightly modified AD settings.
Is it me or is Directory utility acting a little weird? It will unlock and change settings back at differing intervals. I had to fight to bind and not have my settings changed. Win 2008 vanilla. 10.6 implementations are flawless. I tried all the above fixes to no avail.
__________________
Mac Pro W3680, GTX 680, 12GB DDR3, SSD; MBP, 2.6GHz Core i7, 16GB DDR3, SSD; Eizo fs2333
derbothaus is offline   0 Reply With Quote
Old Jul 28, 2011, 02:15 AM   #12
Corex
macrumors newbie
 
Join Date: Jul 2011
I've setup a working SL machine to try to see what's wrong, The SL machine get for example the search paths /Active Directory/All Domains and the Lion machine get the /Active Directory/DOMAIN/All Domains, but the directory utility still doesn't give an error message (if i change the searchpath DU gives the error cannot connect to auth database).. On the SL machine i have an option "allow network users to login to this computer" but not on the Lion machine i'll reinstall Lion since i've done too many settings to track hehe.
Corex is offline   0 Reply With Quote
Old Jul 28, 2011, 05:32 AM   #13
eritho
macrumors newbie
 
Join Date: Jul 2011
Location: Norway
Quote:
Originally Posted by Corex View Post
I've setup a working SL machine to try to see what's wrong, The SL machine get for example the search paths /Active Directory/All Domains and the Lion machine get the /Active Directory/DOMAIN/All Domains, but the directory utility still doesn't give an error message (if i change the searchpath DU gives the error cannot connect to auth database).. On the SL machine i have an option "allow network users to login to this computer" but not on the Lion machine i'll reinstall Lion since i've done too many settings to track hehe.
I'm experiencing the exact same thing. In another forum post here somone suggested to me that i try running /System/Library/Coreservices/ManagedClient.app/Contents/Resources/createmobileaccount after joining the domain but it does not work.

My users who upgraded their all ready domain-joined Snow Leopard to Lion cannot log in. They are asked to change their password when trying to log on.
eritho is offline   0 Reply With Quote
Old Jul 28, 2011, 06:40 AM   #14
Corex
macrumors newbie
 
Join Date: Jul 2011
Well i reinstalled and the windows are the same so it's problably meant to be missing that option. Still haven't found a way to login with AD accounts.
Corex is offline   0 Reply With Quote
Old Jul 28, 2011, 06:57 AM   #15
eritho
macrumors newbie
 
Join Date: Jul 2011
Location: Norway
Here is the link to the other forum thread regarding this topic. OSX Lion and AD
eritho is offline   0 Reply With Quote
Old Jul 28, 2011, 07:08 AM   #16
Corex
macrumors newbie
 
Join Date: Jul 2011
Quote:
Originally Posted by eritho View Post
Here is the link to the other forum thread regarding this topic. OSX Lion and AD
That issue regards no home folder gets created and not beeing able to login OFFLINE, we're online and can't even login with an AD account.
Corex is offline   0 Reply With Quote
Old Jul 28, 2011, 07:14 AM   #17
eritho
macrumors newbie
 
Join Date: Jul 2011
Location: Norway
Quote:
Originally Posted by Corex View Post
That issue regards no home folder gets created and not beeing able to login OFFLINE, we're online and can't even login with an AD account.
Yeah, sorry guess your right.
eritho is offline   0 Reply With Quote
Old Jul 28, 2011, 07:27 AM   #18
Corex
macrumors newbie
 
Join Date: Jul 2011
Quote:
Originally Posted by eritho View Post
Yeah, sorry guess your right.
Please keep anything coming, other stuff can point one in the right direction Really stuck hehe
Corex is offline   0 Reply With Quote
Old Jul 28, 2011, 07:35 AM   #19
eritho
macrumors newbie
 
Join Date: Jul 2011
Location: Norway
I some how thing the two issues are related.

Have you tried doing:
Code:
sudo dsconfigad -add yourdomain.com -mobile enable -localhome enable -computer computername -username "domainadmin" -password "SomePassword" -ou "CN=Computers,DC=yourdomain,DC=com"
You can off course remove the -mobile and -localhom attributes if you don't use them. Do
Code:
dsconfigad -help
for the complete command options.
eritho is offline   0 Reply With Quote
Old Jul 28, 2011, 08:05 AM   #20
Corex
macrumors newbie
 
Join Date: Jul 2011
Quote:
Originally Posted by eritho View Post
I some how thing the two issues are related.

Have you tried doing:
Code:
sudo dsconfigad -add yourdomain.com -mobile enable -localhome enable -computer computername -username "domainadmin" -password "SomePassword" -ou "CN=Computers,DC=yourdomain,DC=com"
You can off course remove the -mobile and -localhom attributes if you don't use them. Do
Code:
dsconfigad -help
for the complete command options.
dsconfigad: The daemon encountered an error processing request. (10002), also trying without mobile and localhome, but same error =(

Where's the logfile for dsconfigad? system.log doesn't show anything when i execute the command
Corex is offline   0 Reply With Quote
Old Jul 28, 2011, 08:34 AM   #21
eritho
macrumors newbie
 
Join Date: Jul 2011
Location: Norway
Had you done an unbind before you ran dsconfigad?

I have not been able to locate any logfile for dsconfigad.
eritho is offline   0 Reply With Quote
Old Jul 29, 2011, 01:12 AM   #22
Corex
macrumors newbie
 
Join Date: Jul 2011
Quote:
Originally Posted by eritho View Post
Had you done an unbind before you ran dsconfigad?

I have not been able to locate any logfile for dsconfigad.
Yup, unbound before, but after a restart today it worked. Ran the command both with localhom/mobile and without and restarts, waiting at the login window for about 3mins and the dot is still red, network accounts unavailable.
Corex is offline   0 Reply With Quote
Old Aug 1, 2011, 10:55 AM   #23
PUG
macrumors newbie
 
Join Date: Aug 2011
My Domain Admins installed some automatic updates over the weekend on the Domain Controller servers. This morning I rebound the Lion machine and it seems to be working now.

Last edited by PUG; Aug 1, 2011 at 12:07 PM.
PUG is offline   0 Reply With Quote
Old Aug 1, 2011, 10:55 AM   #24
PUG
macrumors newbie
 
Join Date: Aug 2011
deleted

Last edited by PUG; Aug 1, 2011 at 12:07 PM.
PUG is offline   0 Reply With Quote
Old Aug 1, 2011, 07:06 PM   #25
derbothaus
macrumors 601
 
derbothaus's Avatar
 
Join Date: Jul 2010
Quote:
Originally Posted by PUG View Post
My Domain Admins installed some automatic updates over the weekend on the Domain Controller servers. This morning I rebound the Lion machine and it seems to be working now.
Could you possibly get any info on the patch and/or final version you are running that fixed it for you?
__________________
Mac Pro W3680, GTX 680, 12GB DDR3, SSD; MBP, 2.6GHz Core i7, 16GB DDR3, SSD; Eizo fs2333
derbothaus is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Systems and Services > OS X > Mac OS X 10.7 Lion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
OS X network and local homes for Active Directory users JohnPembsColl Mac OS X Server, Xserve, and Networking 9 Dec 17, 2013 05:58 PM
Network accounts unavailable HerrFledermaus Mac OS X Server, Xserve, and Networking 7 May 29, 2013 03:07 PM
Network Accounts are unavailable AND I cannot log in via local admin account laserfox Mac OS X 10.7 Lion 0 Apr 30, 2013 10:12 AM
Network Accounts Unavailable? - login screen siritalks iMac 0 Jan 4, 2013 05:04 AM
Network accounts are unavailable mrteyssere OS X 2 Sep 22, 2012 03:18 AM

Forum Jump

All times are GMT -5. The time now is 05:18 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC