[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 958
  • Last Modified:

Urgent: Mac Keeps Locking Out Account

Hi All,

We have a Mac on our network that only one of our users uses. To connect onto the domain, a script runs within a terminal session to authenticate though the Windows Domain Controller. They are then prompted to enter their current windows password - and the full connection is then established.

A few days ago, the user was prompted to change her Windows password (on her XP machine), which they did. Since then, whenever the user connects to the internet on the Mac, it locks their AD account out. I've cleared all the stored passwords within the Keychain, and we thought it fixed it cause the problem stopped - but now it's back - and we don't have a clue whats going on.

Anyone have any ideas?

Many Thanks,

Pete
0
PeterHing
Asked:
PeterHing
  • 3
  • 3
1 Solution
 
strungCommented:
Don't know the answer, but you might find it here:

http://macwindows.com/AD.html
0
 
heteronymousCommented:
You need to tell us more about this "script" - is it a script selected as a login item that includes a stored password (ie: directly within the script - insecure but certainly possible) ?
Is it a login hook ?

Tell us more about this script.

In the future, you might consider using the vendor-supplied method for binding to AD:  /Applications/Utilities/Directory Access
0
 
PeterHingAuthor Commented:
heteronymous,

Thanks for your reply.

I've been looking into your comment "you might consider using the vendor-supplied method for binding to AD:  /Applications/Utilities/Directory Access"

I've had a look at the option, and ticked the 'Active Directory' box. I typed in the details for the Domain Controller and Authenticated.
Now the machine is sitting in AD perfectly.

How can I get it so when the user logs in, it uses their login details to Authenticate against anything they request? Like network drives and internet access? Can it be done?
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
heteronymousCommented:
Yes.
Go back to the Directory Access application, and add AD under the Authentication tab. Do NOT try to remove the NetInfo listing there.
IE: Authentication tab > Search: Custom path
/NetInfo/DefaultLocalNode
/Active Directory/All Domains

and the same as above for the "Contacts" tab.

Then, in System Preferences > Accounts , authenticate (as the local admin account on the Mac - you get prompted when clicking the lock icon), and just above that lock icon, click "Login Options".
De-select "Automatically log in as:" and selet "Display login window as" : "Name and password"

Restart the Mac.
0
 
PeterHingAuthor Commented:
heteronymous,

If I could - I would give you a million points!

Just one last thing before I close the call - When a user logs onto the domain, everything loads up (including their home drive!). But when we save a shortcut (to say a server file share) - then logout and back in - the shortcut doesn't save.

It looks as if a local profile isn't being created (like it does in windows) - is there a way the mac can do this?

Again - Thank you so much!

Pete
0
 
heteronymousCommented:
It should be possible, but that merits another question, doesn't it ?  ;)

I didn't think this was "ask one question and then a bunch more"

-- me

macosxforme (at) gmail (dot) com
0
 
PeterHingAuthor Commented:
As its you - I suppose, lol - and you've made my day!

http://www.experts-exchange.com/Operating_Systems/Macintosh/Q_22045300.html
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now