Solved

Urgent: Mac Keeps Locking Out Account

Posted on 2006-10-31
7
897 Views
Last Modified: 2013-11-17
Hi All,

We have a Mac on our network that only one of our users uses. To connect onto the domain, a script runs within a terminal session to authenticate though the Windows Domain Controller. They are then prompted to enter their current windows password - and the full connection is then established.

A few days ago, the user was prompted to change her Windows password (on her XP machine), which they did. Since then, whenever the user connects to the internet on the Mac, it locks their AD account out. I've cleared all the stored passwords within the Keychain, and we thought it fixed it cause the problem stopped - but now it's back - and we don't have a clue whats going on.

Anyone have any ideas?

Many Thanks,

Pete
0
Comment
Question by:PeterHing
  • 3
  • 3
7 Comments
 
LVL 53

Expert Comment

by:strung
ID: 17842597
Don't know the answer, but you might find it here:

http://macwindows.com/AD.html
0
 
LVL 9

Expert Comment

by:heteronymous
ID: 17844399
You need to tell us more about this "script" - is it a script selected as a login item that includes a stored password (ie: directly within the script - insecure but certainly possible) ?
Is it a login hook ?

Tell us more about this script.

In the future, you might consider using the vendor-supplied method for binding to AD:  /Applications/Utilities/Directory Access
0
 
LVL 2

Author Comment

by:PeterHing
ID: 17848472
heteronymous,

Thanks for your reply.

I've been looking into your comment "you might consider using the vendor-supplied method for binding to AD:  /Applications/Utilities/Directory Access"

I've had a look at the option, and ticked the 'Active Directory' box. I typed in the details for the Domain Controller and Authenticated.
Now the machine is sitting in AD perfectly.

How can I get it so when the user logs in, it uses their login details to Authenticate against anything they request? Like network drives and internet access? Can it be done?
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 
LVL 9

Accepted Solution

by:
heteronymous earned 500 total points
ID: 17848731
Yes.
Go back to the Directory Access application, and add AD under the Authentication tab. Do NOT try to remove the NetInfo listing there.
IE: Authentication tab > Search: Custom path
/NetInfo/DefaultLocalNode
/Active Directory/All Domains

and the same as above for the "Contacts" tab.

Then, in System Preferences > Accounts , authenticate (as the local admin account on the Mac - you get prompted when clicking the lock icon), and just above that lock icon, click "Login Options".
De-select "Automatically log in as:" and selet "Display login window as" : "Name and password"

Restart the Mac.
0
 
LVL 2

Author Comment

by:PeterHing
ID: 17850289
heteronymous,

If I could - I would give you a million points!

Just one last thing before I close the call - When a user logs onto the domain, everything loads up (including their home drive!). But when we save a shortcut (to say a server file share) - then logout and back in - the shortcut doesn't save.

It looks as if a local profile isn't being created (like it does in windows) - is there a way the mac can do this?

Again - Thank you so much!

Pete
0
 
LVL 9

Expert Comment

by:heteronymous
ID: 17850359
It should be possible, but that merits another question, doesn't it ?  ;)

I didn't think this was "ask one question and then a bunch more"

-- me

macosxforme (at) gmail (dot) com
0
 
LVL 2

Author Comment

by:PeterHing
ID: 17850583
As its you - I suppose, lol - and you've made my day!

http://www.experts-exchange.com/Operating_Systems/Macintosh/Q_22045300.html
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A common question or need, when setting-up a new Mac for someone would be to make all of the applications, installed, available from the dock. Many people often do not realize an application is installed unless it is in the dock. Creating a custo…
Does your iMac really need a hardware upgrade? Will upgrading RAM speed-up your computer? If yes, then how can you proceed? Upgrading RAM in your iMac is not as simple as it may seem. This article will help you in getting and installing right RA…
In a recent question (https://www.experts-exchange.com/questions/28997919/Pagination-in-Adobe-Acrobat.html) here at Experts Exchange, a member asked how to add page numbers to a PDF file using Adobe Acrobat XI Pro. This short video Micro Tutorial sh…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question