Network login and Active Directory

Discussion in 'OS X Yosemite (10.10)' started by rem25, Aug 19, 2015.

  1. rem25 macrumors newbie

    Aug 19, 2015
    We have a few Macs in our organization we want to add to our domain and enable users to login with their network credentials. On one Mac running Mavericks we successfully added it to the domain and can login with any network account. We have tried on two other Macs running Yosemite and are able to add them to the domain, but can only login with one network account. The other network accounts either don't accept the username/password (even though it worked on Mavericks' Mac) or it asks the user to immediately change their password, even though their password was recently changed per policy.

    I'm thinking this is an issue with Yosemite since Mavericks isn't giving us this issue. Is there some way to enable any network user to login to the Macs running Yosemite? We set the network login to allow anyone, so it's not being blocked that way. Any thoughts are appreciated.
  2. rem25 thread starter macrumors newbie

    Aug 19, 2015
    No one has any suggestions/solutions? I'm really at a loss here.
  3. rem25 thread starter macrumors newbie

    Aug 19, 2015
    Still looking for assistance on this if anyone has a suggestion.
  4. whymac macrumors newbie

    Nov 17, 2015
    I was having an issue where I could only login with domain admin accounts. No domain users could login. I fixed it today by following these steps:
    1. Go into system preferences/users & groups/login options/edit button for the domain.
    2. Click open directory utility
    3. Double click your domain
    4. Click the search policy tab
    5. Highlight and remove anything that has to do with the domain you want to login to the computer with
    6. Click the contacts tab at the top and do the same thing in there.
    7. Hit the plus button at the bottom and your domain should automatically be on the list. Add that.
    8. Click the search policies tab and do the same thing as you did with the contacts tab.
    9. Restart the Mac, then login with the network account..
  5. whymac macrumors newbie

    Nov 17, 2015
    And you can set the password change interval to 0 with:
    sudo dsconfigad -passinterval 0 in a terminal.
  6. rem25 thread starter macrumors newbie

    Aug 19, 2015
    This is awesome, but it seemed to only work temporarily. Not sure if this matters, but under both search policy and contacts tabs, the domain info I removed then added back in was the same in both areas.

    When I rebooted, I was able to login with my domain credentials. I then added myself as an admin then rebooted again to take effect. I cannot login to the computer now with the domain account even though it's cached on the Mac. I had someone else try to login with their credentials, and they received the change password field immediately.


Share This Page

5 August 19, 2015