Sudsybrew1
asked on
Mac user cannot logon to domain
We have a Mac user who successfully logs onto Windows domain at office in City1, but when he moves to City2, he can no longer logon (password field shakes). He has a windows laptop that successfully logs on no matter which office he works in (and is able to access all shares, etc). I am a Windows AD expert, but the only thing I know about Mac is how to spell it.
Any Mac administrators out there who can help with this one? I'm sure it is simple, but I am just not seeing it.
Thanks!
Any Mac administrators out there who can help with this one? I'm sure it is simple, but I am just not seeing it.
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
One more question sorry...which version of OS X? (Click the apple > about this mac)
The support for AD varies greatly with new to old.
Is the Mac using the same DNS servers as the Windows clients?
Can it ping the DC in City1 while at City2? (If you cant login at all I understand you cannot answer this question.)
is this solvable with the mobile profile (i.e., will he still be able to access shares, servers, etc)?
Perhaps, but technically speaking the mobile profile would allow him to login, not access shares. So for example, if he were on a plane with no internet access, he could still login. Without that type of profile the credentials are not cached, and it will allow local logins only. Given the ability to login, if he could then access shares across the site to site VPN is a separate networking issue.
I am not sure if "allow auth from any domain in the forest" was checked, but would that matter if they are on the same domain?
It should not matter if it is one domain with a site to site tunnel. I'd guess he can't login with the mac using the domain credentials outside of the office due to the type of profile that was created.
Do you have a local admin profile available to use? If so you should be able to edit the domain profile settings using System Preferences.
The support for AD varies greatly with new to old.
Is the Mac using the same DNS servers as the Windows clients?
Can it ping the DC in City1 while at City2? (If you cant login at all I understand you cannot answer this question.)
is this solvable with the mobile profile (i.e., will he still be able to access shares, servers, etc)?
Perhaps, but technically speaking the mobile profile would allow him to login, not access shares. So for example, if he were on a plane with no internet access, he could still login. Without that type of profile the credentials are not cached, and it will allow local logins only. Given the ability to login, if he could then access shares across the site to site VPN is a separate networking issue.
I am not sure if "allow auth from any domain in the forest" was checked, but would that matter if they are on the same domain?
It should not matter if it is one domain with a site to site tunnel. I'd guess he can't login with the mac using the domain credentials outside of the office due to the type of profile that was created.
Do you have a local admin profile available to use? If so you should be able to edit the domain profile settings using System Preferences.
ASKER
There were two problems creating this issue - the main problem was that we had not created the Mobile Account. The other was that we were attempting to connect to an access point utilizing WPA2-Enterprise, so until we created the mobile profile, he could not authenticate with the access point - we had to purchase an external ethernet port for the initial logon.
ASKER
I am not sure if "allow auth from any domain in the forest" was checked, but would that matter if they are on the same domain? Just trying to learn a little about Mac networking.
Thank you!