OSX Lion and AD

Discussion in 'Mac OS X Lion (10.7)' started by Sfac, Jul 6, 2011.

  1. macrumors newbie

    Joined:
    Jul 6, 2011
    #1
    Hi all, I'm trying to make Active Directory users to be able to log offline in Lion.
    In SL there weren't problems, i just join the domain, check in Directory Utility "Create mobile account at login" and the home folder was created in /Users/ folder. User login credentials were saved locally and offline login was active.
    In Lion i can't make it work, "create mobile account at login" option give me no home directory (i think its looking for a remote home folder, getting info from domain PDC), "force local home..." do the trick, but I'm not able to log offline, Lion keep telling me no network login available.
    Anyone else having this problem?

    Thanks all and sorry for my english!
     
  2. macrumors member

    Joined:
    Jun 14, 2008
    Location:
    Florida
    #2
    I have the exact same issue. Odd thing is that it worked during Developer Preview 2 or 3, forgot when I did a reinstall for a clean Lion Developer setup.
     
  3. macrumors newbie

    Joined:
    Jul 26, 2011
    Location:
    Norway
    #3
    I have a similar problem. I can join the domain an while connected to the domain network i can log on but i get the an error message saying it does not find the home folder where it is expected. I have set homefolder to be local but still it does not work and it will not create mobile users.
     
  4. macrumors member

    Joined:
    Jun 14, 2008
    Location:
    Florida
    #4
    I was able to get this fixed. Here's how I fixed it:

    http://arstechnica.com/civis/viewtopic.php?f=19&t=158659

    Worked for me. Make sure your home directory doesn't exist when you do this. You'll need to login to another user, rm -r /Users/<username>

    Log out and into the user with the issue. Go to Go -> Utilities or Finder -> Applications -> Utilities -> Terminal and then copy and paste

    cd /System/Library/CoreServices/ManagedClient.app/Contents/Resources/
    ./createmobileaccount

    Worked here with no issues. No idea what we have to do this.
     
  5. macrumors newbie

    Joined:
    Jul 26, 2011
    Location:
    Norway
    #5
    Almost getting there but i get an error message when running ./createmobileaccount

    *** node authentication failed: 5000 (failed to connect)
    How can i find out what it is actually trying to connect to?
    Let me know if you need any output from any of the log files as i have no clue as to what could be helpful for you guys.
     
  6. macrumors member

    Joined:
    Jun 14, 2008
    Location:
    Florida
    #6
    Dumb question, but you are connected to the domain either via VPN or being on the LAN that the server is located at correct?
     
  7. macrumors newbie

    Joined:
    Jul 26, 2011
    Location:
    Norway
    #7
    I am connected to the domain onsite.
     
  8. macrumors member

    Joined:
    Jun 14, 2008
    Location:
    Florida
    #8
    Run the command and when you do, monitor (via the console app) system.log. There should be some output there about it, please post it here.

    One thing that I've learned recently with my companies new IBM i Series, is if something fails, start from scratch. Try unbinding from the domain, restart, bind, login as the desired mobile user and then run the createmobileaccount.

    And just because I've learned to not assume anything, make sure that the user you are logging in as is considered a domain admin or whatever group you specified in the directory setup to be considered an admin. If you didn't do this, go to System Preferences -> Accounts -> Login Options -> Edit the Network Account Server -> Directory Utility -> Edit Active Directory -> Make sure Allow Administration By is checked under Administrative under Advanced Options.

    I'm not sure if the command when run via the console is required to have be an administrator or not. But it's less of a hassle to try with an admin first than without.
     
  9. macrumors newbie

    Joined:
    Jul 26, 2011
    Location:
    Norway
    #9
    Tried on a cleanly installed Lion now. Same error message. Under Users & Groups the network account server light is green. But still i get the *** node authentication failed: 5000 (failed to connect).

    The console just showes an entry for the command beeing run (./createmobileaccount) but it does not return any error messages.

    Just to be clear. The machine is only joined in a active directory domain so far.
     
  10. macrumors newbie

    Joined:
    Jul 29, 2011
    #10
    noticing the same issue. manually creating my home account doesn't work.
     
  11. macrumors member

    Joined:
    Jun 14, 2008
    Location:
    Florida
    #11
    Open a terminal window and do a tail -f /var/log/system.log and in another window run the createmobileaccount command. It should definitely be outputting something to system.log.

    Sounds like it might be a DNS issue if it can't connect. Have you changed /etc/hosts at all, is your client pointed to the AD's DNS server?
     
  12. macrumors newbie

    Joined:
    Sep 15, 2010
    #12
    I suspect that many of the people having problems are on a .local network. It's been common (recommended, even) practice in Microsoft-land to make your internal domain <mycompany>.local for some time now, and ever since Apple introduced Bonjour they've had lackluster compatibility with AD as a result.

    I can't even get Lion machines to create mobile accounts. I'm running a 2003/2008 mixed domain (2003 Native Functional Level) and Snow Leopard works ok if I turn up the mdns timeout from 2 to 5. Lion, however, takes literally 3-5 minutes to decide it will accept AD logins, and when it does I can't make the mobile account so it's UTTERLY useless for the Macbooks in our environment.

    Sadly, this is pretty much par for the course with Apple. I don't expect it to be fixed any time soon, either, as I've been waiting for this integration to be fixed since Leopard. It's been a long few years.

    - G
     
  13. WFM
    macrumors newbie

    Joined:
    Dec 13, 2011
    #13
    I've encountered a similar problem. Here's the weird thing..

    - If my AD user has a home folder assigned, a mobile account is not created locally on my mac.

    - If my AD user does not have a home folder assigned, a mobile account is created locally on my mac.

    So I thought that I could remove the home folder on my AD user, log onto the mac (to create the local mobile account), and then reinstate the home folder on AD. BUT, for some reason, it doesn't appear to create the mobile account once the user has logged onto the mac!

    Has anyone found a way around this please?
     
  14. WFM
    macrumors newbie

    Joined:
    Dec 13, 2011
    #14
    Just to let you know that running through the ./createmobileaccount from the earlier post from nesl247 fixed the problem for me - many thanks.
     

Share This Page