• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 967
  • Last Modified:

Ad users cannot log in to mac

we have MAC os X labs and windows 2008 active directory. we bind the mac to active directory then users can login by using their AD credintials but after some time like couple of days the users are not able to login in. we again have to unbind and bind the mac to the Domain.

Any assiatance is appericiated.
0
shahzebasif
Asked:
shahzebasif
1 Solution
 
yjchong514Commented:
Are you using Wifi to connect?

To set the time click on the time in the top right corner and click open date and time. Click on Date and time and then tick Set date and time automatically. Select the text in the box to the right and type in the IP address of the NTP server you would like to use. Hit the return key to set it. The time should change.

Have you waited long enough at the login screen?

If you are in a "Magic Triangle" set up (AD Server -> OD Server -> OS X Client) then if you click on the name of the machine on the login window it cycles through some options. One of these options is network accounts available. It should go through red to yellow to green. If yellow something maybe wrong with one of the servers (OD or AD). It usually takes around a minute to fully connect to all servers and thats on a wired network.

Just a little bit to go on.

Also check the AD plugin options. Select all Domains in forest and choose a preferred DC.
0
 
njxbeanCommented:
Make sure the Domain controller and workstations all have the same time or sync to the same place.  the workstations losing time could explain for this occurring.  
0
 
shahzebasifAuthor Commented:
@yjchong514
no we are not using wifi connect. and i can see "others" on the login screen but when i try to login the screen shakes and when i see in console it gives preauthentication failed error

@njxbean: time is same at both places
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
gmbaxterCommented:
In directory utility, what search order do you have your directories? If OD above AD, swap them round and see how you get on.
0
 
shahzebasifAuthor Commented:
AD is on the top. the only solution i get is to unbind and bind again with AD but the problem will aprear again in few days.
0
 
jhyieslaCommented:
I assume that when you login to unbind AD that you are logging on with a local Mac account?  When you go to unbind AD, is the light green next to your domain name in the Account Preferences?

Check the Network System Preferences. Does you domain name show up in the Advanced settings for the NIC under DNS and are you showing the right DNS servers?

What version of OS X are you running?
0
 
shahzebasifAuthor Commented:
yes i have to login with local mac account. i can see the green light beside domain name.
ip addresses are by DHCP server and all the settings is fine

we are have OS X 10.6
0
 
jhyieslaCommented:
What happens, or doesn't happen, when they fail to be able to log in?

When there is a time when they fail to log in make sure they have a valid IP.  On the login screen below the MAC  OS X label is a gray text area that should have the name of the computer. If you click on it, it will change what is displayed there. Click several times and the third or fourth thing is the IP address.
0
 
jhyieslaCommented:
Continuing to click will also show you if network accounts are available.
0
 
shahzebasifAuthor Commented:
Its not working I tried so many times
0
 
jhyieslaCommented:
You might try a third party AD authenticator. Some times these work better with AD/kerberos than the built-in Mac one does.  The three that come to mind are ADmitMac, Centrify and LIkewise.

Please read carefully before you attempt to use any of them.  Most of them will create the own directory structure on the Mac for string your home folder.  And your AD set up as far as home folders, etc may be different than mine.

I've found that for the locally store home folder if yo uhave a mobile account set and if you do NOT delete the mobile account, LIkewise does the best at keeping things intact. The only one I had trouble with getting it to do what I wanted was ADmitMac, but that could just be me.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Tackle projects and never again get stuck behind a technical roadblock.
Join Now