Home Forums OS X Server and Client Discussion Active Directory AD anthentication problem

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • December 9, 2005 at 4:56 pm #364375
    allanm
    Participant

    It seems I have bind my ibook (Tiger 10.4.3)to AD using AD plugin because I can see this computer’ name in AD, but I can’t login this machine using AD user account. What’s wrong?
    Thanks for your help.

    December 9, 2005 at 5:00 pm #364376
    chrisjasper
    Participant

    It could be any number of things Allan, the most likely is that you have the local authentication database first in the list in the AD plugin so the iBook is going to its local database rather than AD.
    Without a little more info on symptoms it could be anything from a locked out account to DNS issues.

    December 9, 2005 at 5:29 pm #364378
    allanm
    Participant

    Thanks for your posting. In the Directory Domains pane, first one is /NetInfo/DefaultLocalNode, second one is /Active Directory/All Domains, but first one is grey out, I can’t change the order.

    December 9, 2005 at 6:07 pm #364381
    chrisjasper
    Participant

    As long as you are authenticated as a local admin you delete the local one then add it back in, it will automatically place it after the AD entry.

    Make sure you have a backup of your files before testing of course, you dont want to find out that because your AD and local usernames are the same that you get all your files overwritten by an empty network home folder.

    December 9, 2005 at 7:47 pm #364383
    allanm
    Participant

    the local one is disabled, can’t delete it.

    December 9, 2005 at 10:40 pm #364384
    chrisjasper
    Participant

    Apologies, I was looking at my setup which uses an LDAP OD connection as well as the AD one.
    The local one stays there.
    It looks like you are not connecting to AD correctly, the machine may not be correctly bound to the domain.
    Remove the account from AD, re-bind, reboot, login locally and make sure you can ping a domain controller.

    When setting the domain names at the top of the dialog window, its generally best to only enter the domain and let the machine find the forest names itself.
    Its also worth specifying a domain controller, either by IP address or fully qualified domain name.
    Open the advanced options for the AD plugin and click the administrative button.

    December 14, 2005 at 7:34 am #364414
    fherbert
    Participant

    You probably want to check your time as well. Make sure you are using your domain controller as your ntp-server, it will save you lots of trouble.

    Also have a look at your log files, use the console utility found the /Applications/Utilities folder and check your system.log for any errors with directory access or active directory. It might help if you post some of your log files (only the part with the error messages).

    I wouldn’t recommend moving the order of your local netinfo authentication, but remember if you have a local user with the same short name as a network user short name, it will login as the local user not the network user.

  • Author
    Posts
Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.