Go Back   MacRumors Forums > Apple Systems and Services > OS X > Mac OS X 10.7 Lion

Reply
 
Thread Tools Search this Thread Display Modes
Old Aug 29, 2011, 01:59 PM   #51
selgart
macrumors newbie
 
Join Date: Aug 2011
Quote:
Originally Posted by MacN00bie View Post
Here's what worked for me... please leave me feedbacks. I'm assuming that you already joined the domain and login as local admin account.

1. go to "System Preferences", "User & Groups", and unlock the padlock
2. select "Login Options"
3. click on "Edit" button next to Network Account Server: xxx
4. now "Open Directory Utility" go to "Search Policy" tab
5. click "+" and Add "/Active Directory/xxx"
6. now move "/Active Directory/xxx" line up above "/Active Directory/xxx/All Domains" line so it reads first.
7. Apply and Reboot.

Good Luck
This worked for me. I was getting the "no domains available" error with the red light. The first time after I did this I got the yellow light that said "some domains available," and then on subsequent logins it just worked.

Thanks!
selgart is offline   0 Reply With Quote
Old Aug 31, 2011, 03:30 PM   #52
arkaine23
macrumors newbie
 
Join Date: Aug 2011
How I got it working

I got this to work. There were two things I had to adjust. I bind this via a script. The first thing is that the syntax of dsconfigad has changed. Without making this change I was unable to bind. The second thing is that the search path needs to be rearranged. Without this change I was bound, but got the wonderful "Network accounts are unavailable" message on the login window.

Changed the syntax of dsconfigad from:

sudo dsconfigad -f -a $computerid -domain mydomain.com -u $user -p $password
sudo dsconfigad -groups "comma,delimited,list,of,domain,groups"
sudo dsconfigad -mobile enable -mobileconfirm disable -useuncpath disable

to:

sudo dsconfigad -add mydomain.com -username $user -password $password -computer $computerid
sleep 5
sudo dsconfigad -groups "comma,delimited,list,of,domain,groups"
sudo dsconfigad -mobile enable -mobileconfirm disable -useuncpath enable


And change the search path from:

sudo dscl /Search -create / SearchPolicy CSPSearchPath
sudo dscl /Search -append / CSPSearchPath "/Active Directory/All Domains"

to:


sudo dscl /Search -create / SearchPolicy CSPSearchPath
sudo dscl /Search -delete / CSPSearchPath "/Active Directory/MYDOMAIN/All Domains"
sudo dscl /Search -append / CSPSearchPath "/Active Directory/MYDOMAIN"
sudo dscl /Search -append / CSPSearchPath "/Active Directory/MYDOMAIN/All Domains"
arkaine23 is offline   0 Reply With Quote
Old Sep 1, 2011, 01:26 AM   #53
Mack Daddy
macrumors newbie
 
Join Date: Jul 2011
ok seriously..

did the 10.7.1 update fix Lion + Active Directory?

I updated around 2 weeks ago and ever since then my test machine is still on the domain, I've logged in with a few different accounts and tried to break it a few times but its still joined and still works???
Mack Daddy is offline   0 Reply With Quote
Old Sep 13, 2011, 04:19 PM   #54
MattRK
macrumors newbie
 
Join Date: Sep 2011
10.7.1 didn't seem to fix anything for me.

What i will say is that the two things that helped me were the following:

1) DNS
Make sure your DNS servers are configured correctly. Several times throughout my testing i would reboot and then find a random 127.0.0.1 entry under my DNS servers. This was causing me a huge headache. Still not sure what was doing that. (My NIC was setup for a manual IP address, not DHCP)

2) Hostname
I am able to bind and get most things working as long as my hostname is set correctly. By default the machine's hostname is computername.local. Make sure you change this to match your AD domain. (sudo hostname computer.ADDomain.sufx) As soon as i changed this, rebooted, the "Network Accounts Not available" warning went away.

Also, when the machine first boots up you will see the "network accounts unavailable" warning for a bit until the machine establishes communications with the directory server. (Though i suppose maybe that's obvious.) Just wanted to mention that for anyone, who like me, isn't very patient with buggy/broken technology. Lol.

I'm still having trouble getting all of my AD security groups to show up when i go to set permissions on a specific file or folder. (Get Info > Sharing & Permissions > + sign > Network Groups) For some reason only about 20 or so groups show up. (We have bout 75) Still working on this one. I think it may have something to do search paths but i'm not sure.
MattRK is offline   0 Reply With Quote
Old Sep 14, 2011, 04:51 AM   #55
Corex
macrumors newbie
 
Join Date: Jul 2011
Quote:
Originally Posted by MattRK View Post
2) Hostname
I am able to bind and get most things working as long as my hostname is set correctly. By default the machine's hostname is computername.local. Make sure you change this to match your AD domain. (sudo hostname computer.ADDomain.sufx) As soon as i changed this, rebooted, the "Network Accounts Not available" warning went away.
Code:
sudo hostname computer.domain.suffix
This only changes the hostname of the computer for the current session, it'll revert back to the old one after reboot.
To permanently stick it, use this instead:

Code:
sudo scutil --set HostName computer.domain.suffix
Corex is offline   0 Reply With Quote
Old Sep 14, 2011, 10:20 AM   #56
MattRK
macrumors newbie
 
Join Date: Sep 2011
Quote:
Originally Posted by Corex View Post
Code:
sudo hostname computer.domain.suffix
This only changes the hostname of the computer for the current session, it'll revert back to the old one after reboot.
To permanently stick it, use this instead:

Code:
sudo scutil --set HostName computer.domain.suffix

Good to know. Thanks for the info.
MattRK is offline   0 Reply With Quote
Old Sep 14, 2011, 06:32 PM   #57
Mack Daddy
macrumors newbie
 
Join Date: Jul 2011
just another update

10.7.1

"Preferred Domain Server" is populated

IPv6 switched off

machine has been on the domain for over a week! it gets used every day too..
Mack Daddy is offline   0 Reply With Quote
Old Sep 15, 2011, 04:04 PM   #58
MattRK
macrumors newbie
 
Join Date: Sep 2011
I did a fresh install of 10.7.1 on a spare mac pro i had this afternoon and then put 10.7.2 on it. I was able to bind it to AD and it is reliably working. (I've rebooted 3 or 4 times so far and it comes works every time. Here is what i did:

1) Gave the machine a manual IP. (Made sure to set the search domain to our AD domain name)

2) I set the computer name via Sharing and then rebooted.

3) I then set the hostname to include the computer & our ad domain. (sudo scutil --set HostName computername.domain.suffix) Rebooted.

4) Verified i could ping our domain and the DNS was responding reliably

5) Under Users & Groups > Login Options i selected Name & Password from the display login window as selection.

6) Clicked on Join and typed in our AD domain name. I made sure the computer name matched what i had set the hostname to and entered my credentials.

7) After the computer bound to the domain i opened Directory Utility and opened the Active Directory options.

8) Under the Advanced options section > User Experience tab, i checked "Create mobile account at login" and unchecked "Require confirmation."

9) On the Administrative tab i checked the "Allow administration by:" box and made sure domain admins and enterprise admins were listed.

That's it. It seems to be working. I had one slight problem after the reboot where i logged in as the local admin account and it logged me into some weird blank profile i didn't have permissions to. (Couldn't open anything) A reboot fixed that. Haven't run into that issue again.

I haven't had time to try out anything more advanced than simply logging in with domain credentials. I'll try and do some more testing later. I did test and verify that displaying all security groups under the "Network Groups" section of Get Info > Sharing & Permission tab is still broken. I outlined the problem in this thread on Apple's website forums.

Last edited by MattRK; Sep 15, 2011 at 05:37 PM.
MattRK is offline   0 Reply With Quote
Old Sep 16, 2011, 07:50 AM   #59
satcomer
macrumors 601
 
satcomer's Avatar
 
Join Date: Feb 2008
Location: Upstate NYS
Also make sure you are using the same time server that the Domain is using to avoid any Kerberos issues.
__________________
Mac Pro Dual 2.8 Quad(Rev B.), 16 G RAM, OS X 10.9, 23'' LCD
Mac Book Pro Core 2 Duo 2.16Ghz, SuperDrive, 2G RAM, OS X 10.7.5
iPad 3, 32 black
satcomer is offline   0 Reply With Quote
Old Oct 6, 2011, 02:04 PM   #60
chaseerry
macrumors member
 
Join Date: Jul 2006
Location: Oklahoma
After pointing both my Lion machine and the 2008 R2 Server to the same NTP server I was able to bind using the Join button. After that, I logged out, saw there was an option to login to a network account. Put in some credentials and got the red light and the no network accounts available message popped up. Since then I don't even get the option to try a network account at the login screen.

They have to fix this in the next update.
chaseerry is offline   0 Reply With Quote
Old Oct 14, 2011, 12:35 PM   #61
sickofit
macrumors newbie
 
Join Date: Oct 2011
Location: Austin, TX


I have 128 MacBooks and am having 2 issues with Network Accounts on random units on random days. Running Mac OS X, Version 10.6.7. or .8
Basically the issue is same, cannot log on with a shared network account. (all lower school students use same user name and password.)

Here's where the real problem is: With the GREEN light on for Network Accounts Available I cannot log on with the shared network account. I've checked the Open and Active Directories and have tried changing the order in which they are listed. I have verified that the Computer ID (in System/Accounts/Network Accounts Server/Edit/Open Directory Utility) matches the Computer Name in "Sharing".

Now for the really wicked part: Someone posted be patient and wait for the Green light. I wasn't. I ran the RED light and I was able to log in with the shared network account. WHY? Or HOW?
Thanks for reading this super long posting.
sickofit is offline   0 Reply With Quote
Old Oct 21, 2011, 08:58 AM   #62
oxleyk
macrumors newbie
 
Join Date: Feb 2009
I upgraded from 10.6.8 to 10.7.2 on a test iMac and could not bind to our domain no matter what I tried. This was a big problem since I'm planning on upgrading all of our iMacs. Yesterday I booted from my Lion DVD, erased the drive and did a fresh install of Lion. I was then able to bind and rebind several times with no trouble. Binding works in both the Login Options in Users and Groups AND the Directory Services utility. Apparently there was something in the old settings that Lion does not like and was causing this problem. The only odd thing is that it shows the yellow dot in the login screen with the message, "Some network accounts are available."

Kent
oxleyk is offline   0 Reply With Quote
Old Oct 21, 2011, 11:14 AM   #63
oxleyk
macrumors newbie
 
Join Date: Feb 2009
After rebooting my test iMac I am now getting the red light message "Network accounts are unavailable."

Kent
oxleyk is offline   0 Reply With Quote
Old Oct 25, 2011, 04:16 PM   #64
banawalt
macrumors newbie
 
Join Date: Oct 2011
solution for .local domain login issues

Hello,

I have spent the better part of a month trying to get some new mac minis with 10.7.1 originally and now 10.7.2 to work properly when logging into the domain. I found lots of information on many sites, including this one, but nothing solved the issues I was having with the inability to log into the domain without having to wait 10+ minutes and try multiple times. I am happy to say that I believe I have finally gotten the login issue resolved for my new macs with 10.7.2. I posted what I did over at https://discussions.apple.com/thread...rt=15&tstart=0 If you are on a domain with .local, maybe it will help you.
banawalt is offline   0 Reply With Quote
Old Dec 21, 2011, 09:47 PM   #65
msniner
macrumors newbie
 
Join Date: Jan 2009
DNS search path

Hmm...I got this solved.

My company uses pre-configured Lion images from our US headquarters to be cloned onto MacBook Air laptops. We have a forest with many domains and subdomains. I was in the Asia subdomain.

In a nutshell it was a network oversight on our part. What happened was:

I used the Accounts pane to bind a MacBook Air to a subdomain, which happens to be a DC nearest my office and something that makes sense geographically to my company.
Binding went through without a hitch, and i get a green light at the Accounts pane stating that I'm connected to the (let's name this...) asia.company.com domain.

When I logged out and proceeded to login as the new user (thereby to create his new mobile account on the MacBook), I couldn't login. There was a red light - "Network accounts are not available"

I tried unbinding, and rebinding using Directory Utility instead: No dice. Same issue.

Deleting and recreating the computer account on AD, and making sure on the Mac, the computername is correct: No go.

It was then I figured out that maybe the MacBook Air couldn't find the domain for authentication. I went into Network Settings, and in its DNS settings, the Search Domains were "company.com" in gray font, but I was in the asia.company.com domain.

So I added another entry to the Search Domains with "asia.company.com", and also added "company.com".

Upon logging out, the username field turned yellow, and then green.

My take: The DNS/DHCP administrator did not include the asia domain name in one of its Search Domains parameter when he configured his DHCP server to begin handing out addresses to computers in the network. My MacBook Air didn't know where to find my asia subdomain and thus a DC where I'm at.

So there, another potential rollout issue solved. I can now churn more MacBook Airs to my folks without worry
msniner is offline   0 Reply With Quote
Old Sep 22, 2012, 03:14 AM   #66
gillrakesh
macrumors newbie
 
Join Date: Sep 2012
Smile Re: Active accounts are unavailable

Hey Guys,

I had the same problem. It was very much annoying and I visited MacRumors Forum (as usual) for an easy solution. But I could not find any thing helpful there. Then I started thinking myself and found a very simple solution. If you see on your screen top extreme right next to spotlight you can find a user name, actually it as you guys know it is the admin name.Now let me tell you guys how I fixed the problem:
Click on it and open Users and Groups Preference.
Now in that window Highlight the admin and Click the login options
Now in Automatic Login select Show sleep, Start and Shutdown buttons
Don't forget to select the the Automatic login user.
Now close that window and next time when you will restart you will see that your problem is fixed.
gillrakesh is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Systems and Services > OS X > Mac OS X 10.7 Lion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
OS X network and local homes for Active Directory users JohnPembsColl Mac OS X Server, Xserve, and Networking 9 Dec 17, 2013 05:58 PM
Network accounts unavailable HerrFledermaus Mac OS X Server, Xserve, and Networking 7 May 29, 2013 03:07 PM
Network Accounts are unavailable AND I cannot log in via local admin account laserfox Mac OS X 10.7 Lion 0 Apr 30, 2013 10:12 AM
Network Accounts Unavailable? - login screen siritalks iMac 0 Jan 4, 2013 05:04 AM
Network accounts are unavailable mrteyssere OS X 2 Sep 22, 2012 03:18 AM

Forum Jump

All times are GMT -5. The time now is 01:15 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC