Question

Creating Mobile Account Mac OS 10.5.6 on Active Directory

Asked by: giclements

I have a brand new MacBook Pro (15") running 10.5.6 and want to connect to our AD which is running on a Win 2003 Server.

I set the Mac up with a new "admin" user, joined the domain - all worked ok

I then logged off and then log on as my domain user - and get an error message 'You are unable to log into your user account "gclements" at this time - logging into the account failed because an error occurred'.

It's definitely checking the domain controller as if I use an incorrect password the screen just wobbles, whereas once I use the correct password I repeatedly get this error message.

I've got the settings in Directory Utility set to "Create Mobile Account at Login" and "Require confirmation before creating mobile account". If I turn the "Create Mobile User" off, it does work and logs on, creating a local set of user folders on the Mac - but this is obviously not what is wanted! I want to sync with the home directory specified in the AD settings.

Does anyone know what I am doing wrong?

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2008-12-30 at 06:42:51ID24015547
Tags

Active Directory

,

Mac OS 10.5.6

,

Mobile User

Topics

Mac OS 10.5 (Leopard)

,

Active Directory

Participating Experts
3
Points
0
Comments
10

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Sync my Blackberry Storm with Google calendar and my Ma…
    I've purchased the Blackberry Storm but google does it sync with this model BB yet, I need to sync with google but also with Entourage on my Macbook
  2. mobile
    what i need to do for sync my exchange server 2003 to user mobile phone
  3. Mobile accounts in Snow Leopard
    I am trying to enable mobile accounts on my Macbook Pro running snow leopard. It is authenticating to Active Directory and is Showing my AD home folder but it is using a local mac home folder and just picking up my docs from the server and placing it in the dock. When i goto...
  4. Mobile sync ---
    Hi, This is the case going for long time, Few users facing problem when they sync mails to thier Mobile Mail for Exchange (2.07.000) Device : Noikia E51 1. Exact error message - System error, try again later  (but every time) 2, When I configure my User on the Mobil Phone...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: kguy18Posted on 2008-12-30 at 15:57:31ID: 23267284

In Directory Utility, what is listed as your search policy? Should be something like:

/Local/Default
/BSD/local
/Active Directory/All Domains

Also did you try checking the box "Create mobile account at login" and unchecking "Require confirmation before creating a mobile account" we were having the same issue with (10.5.5) and when we uncheck that it worked like a charm. I just updated our xserve and some imacs and macbook pros to 10.5.6 and I had to unbind and rebind to the domain for authentication to work.

 

by: giclementsPosted on 2008-12-31 at 01:15:03ID: 23268738

The search policy is exactly as you stated (with the first two items being greyed out).

I tried unchecking the "Require confirmation" and this made no difference. However I then also tried unchecking the "create mobile user" and this worked - creating a user in the "Users" folder. This is not however what I want, as I need sync with our AD server and now I have a user folder on the Mac that I guess I need to delete before trying to get it correctly set up again with the "Create mobile user" option.

So I'm still nowhere with this one!

 

by: kguy18Posted on 2008-12-31 at 09:25:30ID: 23271554

Ok log into your local admin on the mac. Open System Preferences > Accounts > Select the account that you were trying to login with using your AD credentials. Hit the minus. Delete the users home folder. Restart. Log back in with the local admin, unbind the computer from the domain. Then go to Macintosh HD (or whatever your hard drive name is) > Library > Preferences > scroll to the bottom and there should be a folder called "DirectoryService" Delete that folder (dont worry it will be recreated when you rebind the computer. **make sure you unbind the mac from AD BEFORE your delete the DirectoryService folder**. Now that you have unbound from the domain, deleted the users home folder, and deleted the DirectoryService folder restart the computer. Login to your local admin, rebind the computer. Make sure you have "Create mobile account at login" checked and "Require confirmation before creating a mobile account" not checked. log out. try logging in again with the AD user.

 

by: giclementsPosted on 2008-12-31 at 09:51:07ID: 23271801

I had great hopes in following your recommended solution, hoping - as you did - that the bug is in the "Require confirmation before creating a mobile account" option. However, I am afraid to report that this is not the case. I get exactly the same situation - error message appearing when  trying to log into my AD user. Only good news this time is that I have a clean local /Users directory, for whatever we try next!

A thought - could it have anything to do with the fact that the AD user has previously logged into a windows system and hence the AD user directory is populated with Windows files or some permission issues that the Mac does not like when trying to create the mobile user? In checking my user properties in AD, the home folder is set to connect the U: drive to a W2003 server share called \\server\users\username.

 

by: jhyieslaPosted on 2008-12-31 at 10:25:57ID: 23272081

I have basically the same setup as you and I am not experiencing the problem you have.  The only main difference is that I am still running on a AD 2000 setup, but I'm not sure that would really make a difference.

I did find a web site where someone was talking about the same issue as you so apparently your situation isn't unique.

http://www.macwindows.com/leopard.html

I am running 10.5.6, but probably first bound AD in 10.5.2. I didn't at first create the mobile user and I can log on just fine without it.  However, as I have worked with it over the last months, I did end creating the mobile use and am able to log on just fine with that as well. I don't think that fact that the AD user has already logged into a Windows box should matter as it did not in my situation .

I am including a link about mobile user from Apple.  I don't  think that it's necessary to your successful use of an AD bound Mac. I was able to log in for months and work just fine before I ever created the mobile user.  I think the primary purpose of the Mobile User is to cache your user info so that if the Mac is off the network, you will still be able to log into the desktop.

http://docs.info.apple.com/article.html?path=ServerAdmin/10.5/en/c7od45.html

 

by: kguy18Posted on 2008-12-31 at 10:32:12ID: 23272137

jhyiesla is right, you can use it without a mobile account, but taking it off the network for prolonged periods of time causes kerberos problems when you hit the network again. Ill keep looking.

 

by: giclementsPosted on 2008-12-31 at 10:42:00ID: 23272200

I have just tried creating a new user in AD, mapping the home directory to a Windows server and logging in on the Mac. It successfully created the mobile user and worked perfectly. So the problem must relate to my existing AD user that has only to date been used on a Windows workstation and for some reason the mac will not allow it to log on and create the mobile user on the local machine.

 

by: jhyieslaPosted on 2008-12-31 at 10:59:28ID: 23272349

I suppose there could be something "odd" about the user in AD, because my AD user has been in the Windows environment for years and I was able to just bind the Mac to AD and start using my user either with or without the Mobile User active.

 

by: giclementsPosted on 2009-02-04 at 02:04:30ID: 23546370

We managed to resolve this issue in the end along with some other issues which I believe are problems at the Apple end.

The main issue was solved with a workaround; we found new users who had never logged on to a Windows machine were OK but once you logged on to Windows you were doomed. We got round it by moving/saving the users home folder on the server where it was defined and creating a new empty one. You could then create the mobile account and logon to the Mac, once the mobile account had been created all was fine and we put merged the old/new user folders.

Note the User Home Folders are defined on the Domain as Mounting to U: on a Windows 2003 Server and the Mac configs are set to mount as Use UNC path from Active Directory to derive network home location, with Network protocol set to: SMB.

Once we were OK logging on as a mobile user we put a link to the Home folder in the Doc but for some users we found it would not connect. In the end we tracked this back to the fact that the Mac SMB mount was using a local user on the server where the home folder is defined. We had a different password set for the local users on the server as we had only recently moved to a Domain and wanted to make sure people used their Domain user rather than a local one (which we are gradually removing).  The solution to this was either make the passwords the same and give the local user on the server permissions for the home folder (not ideal). The best solution is to completely remove the local users on the server, then the SMB mount will use the Domain user.

Other minor annoyances were

(1)       We had some share names on the windows server that were specified with upper case first letter but when the Mac was configured the share was specified with lower case. This is normal Unix/Windows stuff but one to watch out for.

(2)       We found if you logged in too soon after the login prompt appeared the network shares including the home folder did not get mounted. This was just a timing issue and if we waited 10 seconds all was fine.  It was because you can login before the network setup bits have completed (we believe!).

Come on Apple please dont let people log in before youve got the network and IP address working, its just asking for trouble!

Thanks for all your responses and hope this helps someone down the line.

 

by: TuliTaivasPosted on 2010-04-14 at 05:02:07ID: 30715946

If on the login window on the mac you click on the gray information below the big black OS X (normally the computer name) it will cycle through various bits of information. One of them is "Network accounts available" with either a red, yellow or green light. Wait for the light to become green. There is an option on the server to let the clients display the network information per default instead of the computer name.

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...