AD crednetials not passing properly after 1st login

Discussion in 'OS X Mountain Lion (10.8)' started by scissorfighter, Apr 10, 2013.

  1. scissorfighter macrumors newbie

    Apr 10, 2013
    Hello folks! Mac newbie here, a happy convert from Windows. But I'm having trouble getting my Macbook pro to correctly participate in my corporate Active Directory structure. Here's the situation.

    Mac is correctly bound to domain. If I log into the Mac for the very first time with any existing AD account, I can use the domain\username syntax in the username box, and immediately I'm prompted to create a mobile account, which I do. Once logged in, I can successfully access AD resources like shared folders without being prompted again for credentials. So far so good.

    However, as soon as I log off, I can no longer use the domain\username syntax for subsequent logins. I can only use username or username@domain formats. And once logged on, I cannot access AD resources without being prompted for credentials again. I know I'm using the same AD account and at least being authenticated to the domain, because if I change my AD account password on the Windows side, that change flows through and I have to use the new pw when logging into the Mac. But for some reason the AD credentials aren't flowing correctly when I try to access AD resources. I suspect it has something to do with not being able to login with the domain\username syntax.

    Packet inspection reveals that after some kerberos errors including KRB5KDC_ERR_S_PRINICIPAL_UNKNOWN, which is seen in both cases, resource access succeeds using NTLM authentication in the case of the initial login with username\domain, but when logged on subsequently with just username or username@domain, access fails and NTLM isn't attempted.

    Any ideas of what's going on?


Share This Page