Solved

Macbok Pro OSx version 10.8.5 - Network accounts unavailable error message

Posted on 2016-11-03
4
22 Views
Last Modified: 2016-11-04
Hi Experts,

I have an Apple Macbok Pro running OSx version 10.8.5 connected to an Active directory domain and now when the user powers on the mac at the login promt screen an error message says: "Network accounts unavailable" are a red dot is next to the username. Its only possible to login with a local account.

Any ideas what may have caused this and how to fix?
0
Comment
Question by:sherlock1
  • 2
  • 2
4 Comments
 
LVL 27

Expert Comment

by:serialband
ID: 41873200
If you set the AD account as a mobile account, you can log in with the cached account credentials.  Until you get a network connection, new AD accounts can not log in.

To enable, or force AD accounts to be Mobile Accounts,
   Open Directory Utility
   Unlock the interface, by clicking on the padlock.
   Select Active Directory, then Click on the pen/pencil icon to edit
   Expand the interface by clicking on the triangle near the bottom left.
   Check the box "Create mobile account at login"

You will always need to be connected to the network for a new AD account to log in.  The simplest thing to do is to plug in an ethernet cable.

Another way is to log in to an admin account that has Wifi enabled, then use manually create an entry for the mobile account first.
    Open Terminal.app
    /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n new_mobile_account_name

Once the account is created, you can switch users while logged into an account with Wifi enabled.  (You may have to log out and log back in for it to show up.)  The first time you switch users, you need the WiFi network, so that you can authenticate.  Once authenticated, the mobile account will be created and the credentials will be cached.  You will be able to log in again even when you have the red dot.
0
 

Author Comment

by:sherlock1
ID: 41873808
Thanks for your suggestions - I have checked the "Create mobile account at login" in Directory utility for AD and this setting is already ticked/enabled.

I have tried to login to the Mac with a AD user account that has never logged in before and this does work either.
An ethernet cable is plugged into the mac and I have verified the network connection is working by plugging the same network patch cable into a few other computers and they have network access

not to sure what you mean by login to an admin account that has Wifi enabled,
Maybe the mac is not correctly seen in AD - Any other suggestions?
0
 
LVL 27

Accepted Solution

by:
serialband earned 500 total points
ID: 41874137
Try rejoining the AD.  I find that laptops are taken home will eventually need to rejoin to fix some authentication issues.  Half the users I have have to rejoin to change passwords from their Macs.
0
 

Author Closing Comment

by:sherlock1
ID: 41874470
Thanks for your further help - unbind and rebind (rejoin to AD as suggested) resolved this. I had to do a force unbind.

The user can now log back in. Sounds like this issue will crop up again at some point in the future in that case.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now