Home Forums OS X Server and Client Discussion Active Directory 10.4 – 10.4.2 Problem with large UIDs

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • September 19, 2005 at 6:40 pm #363303
    dcrew
    Participant

    I’ve been working on our 10.4 Build/Image to bring our Mac’s into the next OS realm. However our testing with 10.4 is resulting in a couple of problems. If we use the mobile account, that allows user caching, the system won’t log on. A check of the System.log file reports that

    the user “user_name” NOT recorded in /var/log/last log because UID ( xxxxxx ) is greater than 100000.

    If you turn mobile users off then the user is able to log in but you can’t cache their info so if they go off network they can not log in again and they also still get the same error about the UID being set to high.

    I’ve been able to recreate this issue using a clean install of OS X 10.4 and again after updating to 10.4.2. I’ve also seen the issue with Upgrading boxes from 10.3 too 10.4. I tried speaking to Apple who claimed that a limit has been placed on how large a UID can be in OS X client but I would need to purchase a $699.00 single issue Active Directory Integration Specialist Support offering to troubleshoot it. I turned them down and am hoping some others had encountered similar issues.

    Unfortunately our setup is Mac Clients binding straight to Windows 2003 Domains. I realize that the ideal is to have a Mac in-between but given the small size of the environment getting our sys admin to put one in the back-end isn’t going to happen anytime soon.

    So has anyone run across this issue or knows of a solution other then changing all my existing users UIDs in Active Directory?

    September 20, 2005 at 1:13 am #363309
    dcrew
    Participant

    I beg to disagree with that. That error never arises on our 10.3 systems and I managed, unknowingly how, to get one system to work on this network with 10.4. Yet the UID error does not occur. Unfortunately this system is not something I can build an image from but even if I could I’d want to know what was different.

    However if what you are suggesting is right then I’m in a bit of a bind. There doesn’t seem to be anything else in the log relevant to the problem. I’m able to communicate with the Active Directory domain controller via command line and poll for users and even log in via command line as network users. I’m able to bind successfully to the domain as well. This occurs with new test user accounts as well as existing accounts. Is there anything else I should be looking into as to why the mobile mounts won’t work then?

    November 8, 2005 at 9:12 pm #364010
    lancepr
    Participant

    Just checking to see if you ever resolved this problem. I am having a similar one.
    all accounts created before a specific time, I am not sure when, work great. Then all other accounts will log in, but will not mount the shares.
    I am going to pay the $695 on Friday to see if Apple can help. They do not want to help in a mixed environement (AD/OD) even though I have support contratcs, very frustrating.

    Here is an example of a working account
    Nov 8 14:40:09 brook-forests-imac-g5-2 loginwindow[874]: Login Window Started Security Agent
    Nov 8 14:40:24 brook-forests-imac-g5-2 loginwindow[874]: Login of user “2009018” NOT recorded in /var/log/lastlog because UID (1270718509) is greater than 100000
    Nov 8 14:40:24 brook-forests-imac-g5-2 kernel[0]: AFP_VFS afpfs_mount: /Volumes/Students, pid 874
    Nov 8 14:40:52 brook-forests-imac-g5-2 /System/Library/CoreServices/CCacheServer.app/Contents/MacOS/CCacheServer: Exiting: (os/kern) successful (0)

    Here is a broken example
    Nov 8 14:40:53 brook-forests-imac-g5-2 loginwindow[986]: Login Window Started Security Agent
    Nov 8 14:41:04 brook-forests-imac-g5-2 loginwindow[986]: Login of user “2010010” NOT recorded in /var/log/lastlog because UID (57132023) is greater than 100000
    Nov 8 14:41:04 brook-forests-imac-g5-2 loginwindow[986]: lwMountWithArrayOfPaths: Skipping mount, final urlString was NULL

    November 14, 2005 at 8:05 pm #364071
    dcrew
    Participant

    I’ve actually got another post on this subject. I’m not sure the UID error is actually a real problem. The consensus is that it’s a common error. It seem to be related to the mount call for the users Home Directory from a Windows server. In our case a Win2003 server with a cluster sharing up the users home directories.

    I found a temp solution but it doesn’t seem to be 100%. Giving Guest read access to the users home dir seems to allow the mount to happen. Atleast this is the case most of the time. However I am running into an issue now where our new build Image won’t work and is providing me with two errors. I have another post in this forum you may want to look at that I will be updating today.

    November 29, 2005 at 2:23 pm #364229
    lancepr
    Participant

    My problem was caused by AD when it was switched to native mode, some accounts lost their pre windows 2000 compatibility mode. I had to run this command on my domain controller.

    NET LOCALGROUP “Pre-Windows 2000 Compatible Access” Everyone /ADD

    Hope this helps someone in the future.

  • Author
    Posts
Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.