Solved

Urgent: Mac Keeps Locking Out Account

Posted on 2006-10-31
7
920 Views
Last Modified: 2013-11-17
Hi All,

We have a Mac on our network that only one of our users uses. To connect onto the domain, a script runs within a terminal session to authenticate though the Windows Domain Controller. They are then prompted to enter their current windows password - and the full connection is then established.

A few days ago, the user was prompted to change her Windows password (on her XP machine), which they did. Since then, whenever the user connects to the internet on the Mac, it locks their AD account out. I've cleared all the stored passwords within the Keychain, and we thought it fixed it cause the problem stopped - but now it's back - and we don't have a clue whats going on.

Anyone have any ideas?

Many Thanks,

Pete
0
Comment
Question by:PeterHing
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 53

Expert Comment

by:strung
ID: 17842597
Don't know the answer, but you might find it here:

http://macwindows.com/AD.html
0
 
LVL 9

Expert Comment

by:heteronymous
ID: 17844399
You need to tell us more about this "script" - is it a script selected as a login item that includes a stored password (ie: directly within the script - insecure but certainly possible) ?
Is it a login hook ?

Tell us more about this script.

In the future, you might consider using the vendor-supplied method for binding to AD:  /Applications/Utilities/Directory Access
0
 
LVL 2

Author Comment

by:PeterHing
ID: 17848472
heteronymous,

Thanks for your reply.

I've been looking into your comment "you might consider using the vendor-supplied method for binding to AD:  /Applications/Utilities/Directory Access"

I've had a look at the option, and ticked the 'Active Directory' box. I typed in the details for the Domain Controller and Authenticated.
Now the machine is sitting in AD perfectly.

How can I get it so when the user logs in, it uses their login details to Authenticate against anything they request? Like network drives and internet access? Can it be done?
0
How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

 
LVL 9

Accepted Solution

by:
heteronymous earned 500 total points
ID: 17848731
Yes.
Go back to the Directory Access application, and add AD under the Authentication tab. Do NOT try to remove the NetInfo listing there.
IE: Authentication tab > Search: Custom path
/NetInfo/DefaultLocalNode
/Active Directory/All Domains

and the same as above for the "Contacts" tab.

Then, in System Preferences > Accounts , authenticate (as the local admin account on the Mac - you get prompted when clicking the lock icon), and just above that lock icon, click "Login Options".
De-select "Automatically log in as:" and selet "Display login window as" : "Name and password"

Restart the Mac.
0
 
LVL 2

Author Comment

by:PeterHing
ID: 17850289
heteronymous,

If I could - I would give you a million points!

Just one last thing before I close the call - When a user logs onto the domain, everything loads up (including their home drive!). But when we save a shortcut (to say a server file share) - then logout and back in - the shortcut doesn't save.

It looks as if a local profile isn't being created (like it does in windows) - is there a way the mac can do this?

Again - Thank you so much!

Pete
0
 
LVL 9

Expert Comment

by:heteronymous
ID: 17850359
It should be possible, but that merits another question, doesn't it ?  ;)

I didn't think this was "ask one question and then a bunch more"

-- me

macosxforme (at) gmail (dot) com
0
 
LVL 2

Author Comment

by:PeterHing
ID: 17850583
As its you - I suppose, lol - and you've made my day!

http://www.experts-exchange.com/Operating_Systems/Macintosh/Q_22045300.html
0

Featured Post

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Create a default user profile for Mac OS X 10.7/10.8 Create a user account on OS X that will be a template for every other user of that computer. I usually call it “profile” and make it an administrator account for the time being. 1. Install a…
What's a UDID? If you're involved in developing, testing, or even reviewing an iOS application that's in beta, then at some point you may need to know the UDID for any iOS devices that you'll be testing on. What's the UDID? It stands for Unique Dev…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question