Solved

Urgent: Mac Keeps Locking Out Account

Posted on 2006-10-31
7
864 Views
Last Modified: 2013-11-17
Hi All,

We have a Mac on our network that only one of our users uses. To connect onto the domain, a script runs within a terminal session to authenticate though the Windows Domain Controller. They are then prompted to enter their current windows password - and the full connection is then established.

A few days ago, the user was prompted to change her Windows password (on her XP machine), which they did. Since then, whenever the user connects to the internet on the Mac, it locks their AD account out. I've cleared all the stored passwords within the Keychain, and we thought it fixed it cause the problem stopped - but now it's back - and we don't have a clue whats going on.

Anyone have any ideas?

Many Thanks,

Pete
0
Comment
Question by:PeterHing
  • 3
  • 3
7 Comments
 
LVL 53

Expert Comment

by:strung
Comment Utility
Don't know the answer, but you might find it here:

http://macwindows.com/AD.html
0
 
LVL 9

Expert Comment

by:heteronymous
Comment Utility
You need to tell us more about this "script" - is it a script selected as a login item that includes a stored password (ie: directly within the script - insecure but certainly possible) ?
Is it a login hook ?

Tell us more about this script.

In the future, you might consider using the vendor-supplied method for binding to AD:  /Applications/Utilities/Directory Access
0
 
LVL 2

Author Comment

by:PeterHing
Comment Utility
heteronymous,

Thanks for your reply.

I've been looking into your comment "you might consider using the vendor-supplied method for binding to AD:  /Applications/Utilities/Directory Access"

I've had a look at the option, and ticked the 'Active Directory' box. I typed in the details for the Domain Controller and Authenticated.
Now the machine is sitting in AD perfectly.

How can I get it so when the user logs in, it uses their login details to Authenticate against anything they request? Like network drives and internet access? Can it be done?
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 9

Accepted Solution

by:
heteronymous earned 500 total points
Comment Utility
Yes.
Go back to the Directory Access application, and add AD under the Authentication tab. Do NOT try to remove the NetInfo listing there.
IE: Authentication tab > Search: Custom path
/NetInfo/DefaultLocalNode
/Active Directory/All Domains

and the same as above for the "Contacts" tab.

Then, in System Preferences > Accounts , authenticate (as the local admin account on the Mac - you get prompted when clicking the lock icon), and just above that lock icon, click "Login Options".
De-select "Automatically log in as:" and selet "Display login window as" : "Name and password"

Restart the Mac.
0
 
LVL 2

Author Comment

by:PeterHing
Comment Utility
heteronymous,

If I could - I would give you a million points!

Just one last thing before I close the call - When a user logs onto the domain, everything loads up (including their home drive!). But when we save a shortcut (to say a server file share) - then logout and back in - the shortcut doesn't save.

It looks as if a local profile isn't being created (like it does in windows) - is there a way the mac can do this?

Again - Thank you so much!

Pete
0
 
LVL 9

Expert Comment

by:heteronymous
Comment Utility
It should be possible, but that merits another question, doesn't it ?  ;)

I didn't think this was "ask one question and then a bunch more"

-- me

macosxforme (at) gmail (dot) com
0
 
LVL 2

Author Comment

by:PeterHing
Comment Utility
As its you - I suppose, lol - and you've made my day!

http://www.experts-exchange.com/Operating_Systems/Macintosh/Q_22045300.html
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Apple's Mac OS X has become an official member of the malware club. The Flashback Trojan has affected over half million Macs, worldwide. It is behavior that ultimately gets malware onto a person’s computer. Obsolete or out-of-date software helps…
How can this article save you time AND money?  In just a few minutes you may discover something you didn't know existed that is easy enough for you to fix yourself!
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now