Solved

Mac OSX (10.9) bound to AD but cannot login using domain credentials for the first time using wireless

Posted on 2013-12-05
1
25,822 Views
Last Modified: 2013-12-10
I successfully connected my Macbook to my AD domain but I'm not able to login to it using domain credentials.  The Mac doesn't have a hard wired connection, only wireless.  I've seen this on the Windows side too for tablets and other pc's that don't have wired network connections.  For the PCs, I have to connect to the wireless under the local admin account (join the domain) and then switch user (not log off) so that the wireless is still connected to the network and I can log in for the first time to create the profile and cached pwd.  I do see the Mac computer account in AD so I think it is bound correctly.  If I had a network connection, I think it would work but since it's wireless only (and I don't have a wireless connection at the login screen), it can't see the domain.
0
Comment
Question by:vianceadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 30

Accepted Solution

by:
serialband earned 500 total points
ID: 39707511
It's a little more involved on the Mac.  You'll either need connect to a wired network with a Thunderbolt to Ethernet adapter or you'll have to prepare the account first.  Wireless connections on a Macbook are disabled until a user logs in.

Here's what I did to prepare a few Macs for Remote AD account access without knowing the users password.  I tested it first with some test accounts that I had the passwords to.

Log in as a local admin on the computer.  You'll need to be an admin to run sudo.

Make sure you set the Login Options under Users & Groups in the System Preferences enable the fast user switching menu

Start the Terminal (/Applications/Utilities/Terminal.app)

Add the account, USERNAME, as a mobile account to the computer so that you can use fast user switching.  You can't switch to the account if it doesn't exist in the menu.  It needs to be a mobile account or it will disappear from the account list when you're not on the network.  Use the following command in Terminal:
sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n USERNAME

Open in new window

Log out of the local admin account, then log back in for the account name to appear in the fast user switching menu.

At this point, make sure you're connected to the wireless network.  It may be necessary to enable your VPN, if you're connecting from a remote external site.  I tested this from home through a VPN too.

Select the AD user from the fast user switching menu in the upper right.  You will be prompted for the account password.  Enter the password to switch users and the credentials will be cached.  You are now logged in with 2 accounts, the local admin account and the domain account.  You will be able to log in with the AD account without a network connection, once you've cached the password credentials.  This will remain in effect until you are forced to change passwords by the domain controller.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question