Urgent: Mac Keeps Locking Out Account

Hi All,

We have a Mac on our network that only one of our users uses. To connect onto the domain, a script runs within a terminal session to authenticate though the Windows Domain Controller. They are then prompted to enter their current windows password - and the full connection is then established.

A few days ago, the user was prompted to change her Windows password (on her XP machine), which they did. Since then, whenever the user connects to the internet on the Mac, it locks their AD account out. I've cleared all the stored passwords within the Keychain, and we thought it fixed it cause the problem stopped - but now it's back - and we don't have a clue whats going on.

Anyone have any ideas?

Many Thanks,

Pete
LVL 2
PeterHingAsked:
Who is Participating?
 
heteronymousCommented:
Yes.
Go back to the Directory Access application, and add AD under the Authentication tab. Do NOT try to remove the NetInfo listing there.
IE: Authentication tab > Search: Custom path
/NetInfo/DefaultLocalNode
/Active Directory/All Domains

and the same as above for the "Contacts" tab.

Then, in System Preferences > Accounts , authenticate (as the local admin account on the Mac - you get prompted when clicking the lock icon), and just above that lock icon, click "Login Options".
De-select "Automatically log in as:" and selet "Display login window as" : "Name and password"

Restart the Mac.
0
 
strungCommented:
Don't know the answer, but you might find it here:

http://macwindows.com/AD.html
0
 
heteronymousCommented:
You need to tell us more about this "script" - is it a script selected as a login item that includes a stored password (ie: directly within the script - insecure but certainly possible) ?
Is it a login hook ?

Tell us more about this script.

In the future, you might consider using the vendor-supplied method for binding to AD:  /Applications/Utilities/Directory Access
0
Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

 
PeterHingAuthor Commented:
heteronymous,

Thanks for your reply.

I've been looking into your comment "you might consider using the vendor-supplied method for binding to AD:  /Applications/Utilities/Directory Access"

I've had a look at the option, and ticked the 'Active Directory' box. I typed in the details for the Domain Controller and Authenticated.
Now the machine is sitting in AD perfectly.

How can I get it so when the user logs in, it uses their login details to Authenticate against anything they request? Like network drives and internet access? Can it be done?
0
 
PeterHingAuthor Commented:
heteronymous,

If I could - I would give you a million points!

Just one last thing before I close the call - When a user logs onto the domain, everything loads up (including their home drive!). But when we save a shortcut (to say a server file share) - then logout and back in - the shortcut doesn't save.

It looks as if a local profile isn't being created (like it does in windows) - is there a way the mac can do this?

Again - Thank you so much!

Pete
0
 
heteronymousCommented:
It should be possible, but that merits another question, doesn't it ?  ;)

I didn't think this was "ask one question and then a bunch more"

-- me

macosxforme (at) gmail (dot) com
0
 
PeterHingAuthor Commented:
As its you - I suppose, lol - and you've made my day!

http://www.experts-exchange.com/Operating_Systems/Macintosh/Q_22045300.html
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.